Jump to content

ComboFix log - am I safe now


sapwiz

Recommended Posts

Hi there,

I followed your instructions on some other posts on using the ComboFix but now I'm not sure if I'm good to go or not...

=============================================================================================================================================================================

ComboFix 12-12-04.01 - sapwiz 05/12/12 21:58:47.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2038.1451 [GMT 2:00]

Running from: c:\documents and settings\user\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\user\WINDOWS

c:\windows\msmqinst.log

c:\windows\system32\MUI\040D\tourstart.exe

c:\windows\system32\SET108.tmp

c:\windows\system32\zip32.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_FAD

.

.

((((((((((((((((((((((((( Files Created from 2012-11-05 to 2012-12-05 )))))))))))))))))))))))))))))))

.

.

2012-12-03 04:28 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-12-03 04:28 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-12-03 04:28 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-12-03 04:28 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-12-03 04:28 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-12-03 04:28 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-12-03 04:28 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-12-03 04:28 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-12-03 04:28 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2012-12-03 04:28 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-12-03 04:27 . 2012-12-03 04:27 -------- d-----w- c:\program files\AVAST Software

2012-12-03 04:27 . 2012-12-03 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-12-02 19:21 . 2012-12-02 19:22 -------- d-----w- c:\documents and settings\Administrator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-12 21:27 . 2012-04-01 17:47 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-12 21:27 . 2011-05-25 16:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-08 18:11 . 2010-07-19 19:47 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2012-11-08 18:11 . 2010-07-19 19:47 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-11-08 18:11 . 2010-07-19 19:47 31144 ----a-w- c:\windows\system32\LMIport.dll

2012-11-08 18:11 . 2010-07-19 19:47 92072 ----a-w- c:\windows\system32\LMIinit.dll

2012-10-22 08:37 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-24 13:32 . 2012-06-15 15:58 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-24 13:32 . 2010-09-11 09:52 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-24 11:51 . 2012-06-15 15:58 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-05-12 13:42 . 2012-10-26 21:44 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2010-05-12 14:22 . 2012-10-26 21:44 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2010-05-12 13:43 . 2012-10-26 21:44 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2010-05-12 13:42 . 2012-10-26 21:44 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2010-05-12 13:42 . 2012-10-26 21:44 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2010-05-12 13:41 . 2012-10-26 21:44 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2010-05-12 13:42 . 2012-10-26 21:44 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2010-05-12 13:42 . 2012-10-26 21:44 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2010-04-14 10:55 . 2012-10-26 21:44 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2010-05-12 13:43 . 2012-10-26 21:44 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-10-26 21:44 . 2012-10-26 21:44 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDProtect Monitor"="c:\program files\Athena\IDProtect Client\Utils\IDProtect Monitor.exe" [2010-01-17 323664]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 137752]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]

"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]

"Daemon for Mouse Suite"="c:\program files\Lenovo\Lenovo Mouse Suite\ICO.EXE" [2010-07-27 69632]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]

"Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2011-01-11 1051264]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2012-11-08 18:11 92072 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\eMule\\eMule.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Soluto\\SolutoCleanup.exe"=

"c:\\Program Files\\Soluto\\Soluto.exe"=

"c:\\Program Files\\Soluto\\SolutoService.exe"=

"c:\\Program Files\\Soluto\\SolutoConsole.exe"=

"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"59000:TCP"= 59000:TCP:emule tcp

"59500:UDP"= 59500:UDP:empule upd

.

R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [04/03/11 11:39 AM 51144]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [03/12/12 6:28 AM 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/12/12 6:28 AM 361032]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [16/04/10 3:22 PM 65584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/12/12 6:28 AM 21256]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [07/02/12 4:47 PM 374704]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [27/01/10 11:22 AM 12856]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [02/08/11 8:08 PM 11520]

S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [06/09/12 10:48 AM 604688]

S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [23/10/12 12:19 AM 77624]

S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [23/10/10 9:01 PM 87424]

S3 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [11/01/11 5:25 PM 362624]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [11/06/11 1:08 PM 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/10 6:01 PM 21248]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]

S3 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [15/09/11 12:06 PM 88576]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [23/10/12 12:19 AM 181432]

S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [15/06/10 11:52 AM 19024]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:27]

.

2012-12-05 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-03 22:50]

.

2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-04 09:45]

.

2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-04 09:45]

.

2012-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-573735546-1177238915-1003Core.job

- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-16 17:06]

.

2012-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-573735546-1177238915-1003UA.job

- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-16 17:06]

.

2012-11-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]

.

2012-12-05 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]

.

.

------- Supplementary Scan -------

.

uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: mof.gov.il\wa

TCP: DhcpNameServer = 192.168.2.1

DPF: {87FA0696-C219-429B-AF1D-EE0A7FF3E18B} - hxxps://hb2.bankleumi.co.il/las163bfeb7d306c40a845d1a835072d1b6128e0934/las0/HomeBank/Operations/Masav.CAB

DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://192.168.2.222/WebClient.cab

DPF: {BC4CF6B5-8DE7-4F51-A369-364629A6C2B7} - hxxps://hb2.bankleumi.co.il/eas/activex/BankDOKOp.cab

FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\6cz35eb1.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.globes.co.il/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - ExtSQL: 2012-10-19 16:08; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: 2012-12-03 06:28; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: !HIDDEN! 2010-07-24 23:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

.

------- File Associations -------

.

.scr=Icad.load.scr

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-ZortamMp3MediaStudio - c:\program files\Zortam Mp3 Media Studio\zmmspro.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-05 22:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(708)

c:\windows\system32\LMIinit.dll

.

- - - - - - - > 'explorer.exe'(3716)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-12-05 22:17:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-05 20:17

.

Pre-Run: 40,225,918,976 bytes free

Post-Run: 41,662,914,560 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 1BAAF038255B7713D2727CEF01F92FD1

========================================================================================================================================================================

Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.