Jump to content

Recommended Posts

I got some problem with firefox that keep redirect me if i open new tab or new link in google.

Here are the log:

ComboFix 11-03-23.04 - moron 24/03/2011 12:19:57.1.8 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.60.1033.18.3575.2102 [GMT 8:00]

Running from: c:\users\moron\Downloads\Programs\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

ADS - system32: deleted 12 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\ntuser.dat

c:\windows\system32\pathname.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))

.

.

2011-03-23 07:37 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-03-23 07:37 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-03-23 07:37 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-03-23 07:37 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-03-23 07:37 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-03-23 07:37 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-03-23 07:37 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-03-23 07:37 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-03-10 23:20 . 2011-03-10 23:20 -------- d-----w- C:\_OTL

2011-03-10 16:21 . 2011-03-10 22:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-03-10 16:21 . 2011-03-10 16:22 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-03-07 21:05 . 2011-03-07 21:05 -------- d-----w- c:\users\moron\AppData\Local\GlobalSCAPE

2011-03-07 21:05 . 2011-03-07 21:05 -------- d-----w- c:\programdata\GlobalSCAPE

2011-03-07 21:05 . 2011-03-07 21:05 -------- d-----w- c:\users\moron\AppData\Roaming\GlobalSCAPE

2011-03-07 21:05 . 2011-03-07 21:05 -------- d-----w- c:\program files\GlobalSCAPE

2011-03-07 21:04 . 2002-07-25 08:07 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-03-07 21:04 . 2001-09-04 20:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-03-07 21:04 . 2001-09-04 20:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll

2011-03-07 21:04 . 2001-09-04 20:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-03-07 21:04 . 2001-09-04 20:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-03-07 20:08 . 2011-03-07 20:08 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-03-06 06:45 . 2011-03-06 06:45 -------- d-----w- c:\users\moron\AppData\Local\Welltek_Software

2011-03-05 23:07 . 2011-03-05 23:10 -------- d-----w- c:\users\moron\AppData\Roaming\Pamela

2011-03-05 23:07 . 2011-03-05 23:07 154624 ----a-w- c:\windows\system32\RemoteControl.dll

2011-03-05 23:07 . 2011-03-05 23:08 -------- d-----w- c:\program files\Pamela

2011-03-03 23:50 . 2011-03-03 23:50 -------- d-----w- c:\windows\Sun

2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\system32\xfcodec.dll

2011-02-25 04:17 . 2011-02-02 13:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-02-25 04:17 . 2011-02-02 13:40 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-25 04:16 . 2011-02-25 04:16 -------- d-----w- c:\programdata\McAfee

2011-02-22 12:43 . 2011-03-04 00:46 -------- d-----w- c:\program files\Garena

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-24 04:18 . 2010-12-19 04:23 17488 ----a-w- c:\windows\gdrv.sys

2011-03-06 14:26 . 2010-12-19 16:31 138416 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-03-06 14:26 . 2010-12-19 16:31 270904 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-03-06 14:26 . 2010-12-19 16:31 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-03-05 15:54 . 2010-12-19 16:31 270904 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-02-21 09:57 . 2011-02-21 09:57 98304 ----a-r- c:\users\moron\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe

2011-02-13 17:00 . 2011-02-13 17:00 138056 ----a-w- c:\users\moron\AppData\Roaming\PnkBstrK.sys

2011-02-13 16:55 . 2011-02-13 16:55 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe

2011-02-07 21:19 . 2011-01-17 11:57 2118848 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-02-06 19:31 . 2011-02-06 19:31 446258 ----a-w- c:\windows\AutoKMS.exe

2011-01-17 15:10 . 2011-01-17 15:10 180224 ----a-w- c:\windows\system32\WinVd32.sys

2011-01-17 15:10 . 2011-01-17 15:10 7680 ----a-w- c:\windows\system32\WinFLsrv.exe

2011-01-12 16:58 . 2010-12-18 13:56 17488 ----a-w- c:\windows\etdrv.sys

2011-01-12 16:58 . 2010-12-18 12:42 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys

2011-01-08 03:27 . 2011-01-25 07:39 941160 ----a-w- c:\windows\system32\nvdispco322090.dll

2011-01-08 03:27 . 2011-01-25 07:39 837736 ----a-w- c:\windows\system32\nvgenco322040.dll

2011-01-08 03:27 . 2010-12-24 23:07 57960 ----a-w- c:\windows\system32\OpenCL.dll

2011-01-08 03:27 . 2010-12-24 23:07 4941928 ----a-w- c:\windows\system32\nvcuda.dll

2011-01-08 03:27 . 2010-12-24 23:07 2895976 ----a-w- c:\windows\system32\nvcuvid.dll

2011-01-08 03:27 . 2010-12-24 23:07 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-01-08 03:27 . 2010-12-24 23:07 15047272 ----a-w- c:\windows\system32\nvoglv32.dll

2011-01-08 03:27 . 2010-12-24 23:07 13011560 ----a-w- c:\windows\system32\nvcompiler.dll

2011-01-08 03:27 . 2010-12-24 23:07 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2011-01-08 03:27 . 2010-12-24 23:07 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-01-08 03:27 . 2010-12-24 23:07 10078312 ----a-w- c:\windows\system32\nvd3dum.dll

2011-01-08 03:27 . 2010-12-18 11:43 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-01-08 03:27 . 2010-12-18 11:43 1965672 ----a-w- c:\windows\system32\nvapi.dll

2011-01-07 13:06 . 2011-01-07 13:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2011-01-07 13:06 . 2011-01-07 13:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll

2011-01-07 13:06 . 2011-01-07 13:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll

2011-01-07 13:06 . 2011-01-07 13:06 66664 ----a-w- c:\windows\system32\nvshext.dll

2011-01-07 13:06 . 2011-01-07 13:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe

2011-01-07 13:06 . 2011-01-07 13:06 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-01-06 00:42 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-01-06 00:42 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll

2011-01-06 00:42 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll

2011-03-18 17:53 . 2011-03-23 07:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

.

[-] 2011-01-06 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c20391ee-b6fd-4a35-9f1b-2892dda5b107}]

2009-11-25 04:47 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{a011d643-4a67-4934-a775-46139847d7f2}"= "mscoree.dll" [2009-11-25 297808]

.

[HKEY_CLASSES_ROOT\clsid\{a011d643-4a67-4934-a775-46139847d7f2}]

[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2010-12-23 19:09 67168 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-01-11 3301376]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"GarenaMessenger"="c:\program files\Garena Messenger\GarenaMessenger.exe" [2011-03-17 3950936]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]

"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Razer Naga Driver"="c:\program files\Razer\Naga\NagaTray.exe" [2010-05-11 810880]

"FILE NAME"="c:\program files\Razer\Nostromo\t2Hid.exe" [2010-12-07 261632]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-24 1750528]

"SDBOK"="c:\program files\GIGABYTE\SMART6\dbios\run.exe" [2009-07-06 207400]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer8"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 15:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-16 23:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-02-16 23:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 07:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-06-01 02:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2010-12-21 03:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2010-12-08 20:42 74752 ----a-w- c:\program files\Winamp\winampa.exe

.

R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2009-04-21 135168]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 CEDRIVER60;CEDRIVER60;c:\program files\Cheat Engine 6\dbk32.sys [2010-12-15 62336]

R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2008-10-31 103424]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-01-12 17488]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Messenger\Room\safedrv.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 MSI_DVD_010507;MSI_DVD_010507;c:\program files\MSI\Live Update 5\DVDSYS32_100507.sys [x]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [x]

R3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\program files\MSI\Live Update 5\VGASYS32_100507.sys [x]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]

R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-11 3641832]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-09-03 279656]

R3 SQLAgent$PROVIDUSSTD;SQLAgent$PROVIDUSSTD;c:\program files\Microsoft SQL Server\MSSQL$PROVIDUSSTD\Binn\sqlagent.EXE [2002-12-17 311872]

R3 T2Fltr;Razer Nostromo;c:\windows\system32\Drivers\T2Fltr.sys [2010-10-07 16384]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-06 1343400]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-19 691696]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-23 84720]

S2 MSSQL$PROVIDUSSTD;MSSQL$PROVIDUSSTD;c:\program files\Microsoft SQL Server\MSSQL$PROVIDUSSTD\Binn\sqlservr.exe [2002-12-17 7520337]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]

S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]

S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-09-21 41088]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 60800]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 140672]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 RzSynapse;Razer Naga Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2010-04-21 60032]

S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athw.sys [2010-07-31 02:31 1628872]

S3 vHidDev;Razer Gaming Device;c:\windows\system32\DRIVERS\vHidDev.sys [2009-12-21 5760]

S3 VJoystick;Virtual JoyStick KMDF HID Minidriver;c:\windows\system32\DRIVERS\VJoystick.sys [2010-09-30 10240]

.

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\moron\AppData\Roaming\Mozilla\Firefox\Profiles\x4xgtakt.default\

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-JP595IR86O - c:\users\moron\AppData\Local\Temp\Afc.exe

MSConfigStartUp-Live Update 5 - c:\program files\MSI\Live Update 5\LU5.exe

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

AddRemove-FolderLock6 - c:\program files\Folder Lock\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4171440346-905252656-3007884514-1001_Classes\CLSID\{0f6eb98b-50b9-4659-a7b5-ed4875166a62}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-4171440346-905252656-3007884514-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):bc,0d,47,fc,7f,55,cc,3a,62,7e,86,ed,9c,be,dd,19,94,71,ac,0e,c3,

65,0b,c6,a3,09,48,cd,2b,9c,ca,94,ec,f6,aa,9f,dc,88,d2,99,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-03-24 12:24:36

ComboFix-quarantined-files.txt 2011-03-24 04:24

.

Pre-Run: 75,541,147,648 bytes free

Post-Run: 75,487,457,280 bytes free

.

- - End Of File - - 68E331E38D6A0912601E3902B3367221

Link to post
Share on other sites

:welcome:

Open notepad and copy/paste the text in the codebox below into it:

@echo off
for %%g in (
c:\windows\System32\mscoree.dll
) do zip Files_for_submission %%g
del %0

Save this as grab.bat

Choose to "Save type as - All Files"

Save it on your desktop.

It should look like this: bat_icon.gif

Double click on grab.bat & allow it to run

A file, Files_for_submission.zip will be created on your desktop.

Please upload that file here --> http://www.bleepingcomputer.com/submit-malware.php?channel=70

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.