Jump to content

COMBO FIX RESULTS


Recommended Posts

I am not sure if my system is infected but can someone assist, thanks a ton - Prasad

 

ComboFix 14-08-02.02 - User2 08/03/2014   9:24.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1034 [GMT 4:00]
Running from: i:\my documents\Downloads\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {81952107-C77D-4FC1-B14E-D09210910D52}
FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
 * Created a new restore point
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User2\WINDOWS
c:\program files\RegGenie
c:\program files\RegGenie\Backups\41808.5926359954
c:\program files\RegGenie\RegGenie.ini
c:\windows\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
C:\WindowsXP-KB890196-x86-ENU.exe
C:\WindowsXP-KB890196-x86-Symbols-ENU.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-03 to 2014-08-03  )))))))))))))))))))))))))))))))
.
.
2014-07-27 05:35 . 2014-07-27 05:35    --------    d-----w-    c:\program files\Common Files\Citrix
2014-07-27 04:51 . 2014-07-27 04:51    --------    d-----w-    c:\documents and settings\User2\Local Settings\Application Data\Mozilla
2014-07-27 04:51 . 2014-07-27 04:51    --------    d-----w-    c:\program files\Mozilla Maintenance Service
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-21 08:01 . 2014-04-20 05:18    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2014-07-21 08:01 . 2014-04-20 05:18    53064    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2014-07-21 08:01 . 2014-04-20 05:18    31560    ----a-w-    c:\windows\system32\LMIport.dll
2014-07-21 08:01 . 2014-04-20 05:18    85832    ----a-w-    c:\windows\system32\LMIinit.dll
2014-06-06 10:01 . 2014-04-20 05:18    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-06-06 10:01 . 2014-04-20 05:18    85832    ----a-w-    c:\windows\system32\LMIinit.dll.000.bak
2014-05-07 11:02 . 2014-06-19 06:45    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-05-07 10:42 . 2012-06-20 08:10    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-05-01 06:25 . 2014-05-01 06:25    10395072    ----a-w-    c:\program files\Common Files\wruninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSystemDetect"="c:\documents and settings\User2\Local Settings\Apps\2.0\MJ1DQQ94.RO9\401VGT7E.LZN\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe" [2014-04-25 254976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-12-08 718120]
"StatusAlerts"="c:\program files\HP\StatusAlerts\bin\HPStatusAlerts.exe" [2012-07-18 313248]
"Trend Micro Browser Guard"="c:\program files\Trend Micro\Browser Guard\BGUI.EXE" [2011-02-25 787984]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2013-12-11 63048]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
"Redirector"="c:\program files\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe -x -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2014-5-1 10395072]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe -x -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2014-5-1 10395072]
.
c:\documents and settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe -x -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2014-5-1 10395072]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2014-07-21 08:01    85832    ----a-w-    c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Online plug-in.lnk]
backup=c:\windows\pss\Online plug-in.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User2^Start Menu^Programs^Startup^PC App Store Uninstall 3.15.8.4011.lnk]
backup=c:\windows\pss\PC App Store Uninstall 3.15.8.4011.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User2^Start Menu^Programs^Startup^VPN Client.lnk]
backup=c:\windows\pss\VPN Client.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2014-01-16 10:26    3289088    ----a-w-    c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 00:25    6595928    ----a-w-    c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-20 12:00    282624    ----a-w-    c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-05-07 10:44    256896    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2014-01-13 05:36    295512    ----a-w-    c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\User2\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\User2\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"i:\\My Documents\\Skype\\Phone\\skype.exe"=
"c:\\Program Files\\HP\\setup\\HPZnet01.exe"=
"c:\\hp_CLJ_2820-2840_Full_Solution\\setup\\HPZnet01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Documents and Settings\\User2\\Desktop\\skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\User2\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [1/13/2014 9:04 AM 47456]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/24/2013 7:10 AM 70440]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [5/2/2012 9:02 PM 164864]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [4/7/2014 10:21 AM 342336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [4/16/2014 10:10 PM 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [12/11/2013 6:11 PM 13624]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [4/8/2013 6:44 PM 1320496]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/9/2013 10:58 AM 3275136]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [9/17/2007 6:40 PM 262416]
R2 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [4/5/2007 2:35 AM 488768]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [9/17/2007 6:40 PM 36624]
R2 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [4/28/2007 12:35 AM 652552]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [1/9/2008 1:35 AM 335888]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S2 HitmanProScheduler;HitmanPro Scheduler; [x]
S2 LiveUpdateSvc;LiveUpdate; [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [4/8/2013 6:43 PM 799280]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; [x]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys --> c:\windows\system32\drivers\anvsnddrv.sys [?]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE [1/25/2012 3:23 PM 240408]
S3 BprotectEx;Baidu ProtectEx;\??\c:\windows\System32\drivers\BprotectEx.sys --> c:\windows\System32\drivers\BprotectEx.sys [?]

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
    
 
    
Before we start please read and note the following:
    
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.
icon_arrow.gif Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.
icon_arrow.gif Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
icon_arrow.gif If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    
icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
 
P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

First of all, who told you to run ComboFix? 

 
WARNING!!! ComboFix is complex and very powerfull tool, that is able to destroy your system completely if run in wrong hands. It is not intended for everyday use. It should be run only when asked and under guidance by trained malware removal expert. Don't run ComboFix on your own!!!
 
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.