Jump to content

java Infected ?


Recommended Posts

A while back I had posted a thing in the Fase positive section but got redirected here. Every couple of days I would do a quick-scan and malwarebytes would pickup Trojan.Fakealerts and Trojan.Agent viruses in my Appdata/local and my sun/java/deployment cache. After deleting the files I check back in a couple days to find them bac again. Here are the files..... and my malwarebytes logs

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7305

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

7/28/2011 7:52:28 AM
mbam-log-2011-07-28 (07-52-28).txt

Scan type: Quick scan
Objects scanned: 127
Time elapsed: 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Brian\AppData\LocalLow\Sun\Java\deployment\cache\6.0\26\2592d15a-26a25622 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Brian\AppData\LocalLow\Sun\Java\deployment\cache\6.0\36\38aace64-3b202c4f (Trojan.Agent) -> Quarantined and deleted successfully.

2592d15a-26a25622.zip

38aace64-3b202c4f.zip

Link to post
Share on other sites

My friend told me that to get rid of the virus's I had I needed to uninstall Java and reinstall it with java's latest version. So far, its been a couple of days and nothing has popped up. Will the DDS logs help you guys identify whether or not the virus REALLY is gone?

Link to post
Share on other sites

Nevermind Here they are

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
Run by Brian at 10:34:55 on 2011-08-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2042 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EFC2CF7A-648E-4D93-9A2D-B52E827B2E64} : DhcpNameServer = 192.168.1.254
AppInit_DLLs: c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\3mx889wz.default\
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-3 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-3 309848]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 36568]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-3 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-3 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-3 42184]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-27 2218600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]
.
=============== Created Last 30 ================
.
2011-08-10 23:01:31 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1ab8f2e9-0f90-4b36-aa42-9514843a3289}\mpengine.dll
2011-08-05 01:01:45 0 ----a-w- c:\windows\system32\RENA622.tmp
2011-08-05 01:01:45 0 ----a-w- c:\windows\system32\RENA621.tmp
2011-08-05 01:01:45 0 ----a-w- c:\windows\system32\RENA610.tmp
2011-07-26 17:17:50 -------- d-----w- c:\program files\CCleaner
2011-07-22 23:50:26 -------- d-----w- c:\users\brian\appdata\local\PMB Files
2011-07-22 23:50:19 -------- d-----w- c:\programdata\PMB Files
2011-07-22 23:49:12 -------- d-----w- c:\program files\Pando Networks
2011-07-20 00:04:44 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-20 00:04:44 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-13 20:55:45 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 20:55:42 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 20:55:42 375808 ----a-w- c:\windows\system32\winsrv.dll
.
==================== Find3M ====================
.
2011-08-05 01:35:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 13:56:44 285256 ----a-w- c:\windows\system32\guard32.dll
2011-07-06 13:56:41 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-07-06 13:56:40 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-07-06 13:56:40 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-04 01:26:19 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-04 01:26:11 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-05-31 23:09:01 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-05-31 23:05:04 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2011-05-30 14:43:45 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-05-30 14:43:17 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-05-30 14:43:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-05-30 14:43:17 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-05-30 14:43:15 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-05-30 14:43:14 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-05-30 14:43:14 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-05-29 19:01:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 15:16:47 23552 ----a-w- c:\windows\system32\lpk.dll
2011-05-29 15:16:47 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-05-29 15:14:28 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-29 15:14:25 72704 ----a-w- c:\windows\system32\admparse.dll
2011-05-29 15:14:19 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-29 15:12:28 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-05-29 15:12:28 272896 ----a-w- c:\windows\system32\polstore.dll
2011-05-29 15:09:03 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-05-29 15:09:03 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-05-29 15:09:03 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-05-29 15:09:03 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-05-29 15:09:02 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-05-29 15:09:02 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-05-29 15:09:02 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-05-29 15:09:02 10240 ----a-w- c:\windows\system32\finger.exe
2011-05-29 15:06:39 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-05-29 15:06:38 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-05-29 15:06:38 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-05-29 15:06:38 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-05-29 15:06:38 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-05-29 15:06:38 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-05-29 15:06:35 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-05-29 15:05:20 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-05-29 15:05:19 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-05-29 15:05:19 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-05-29 15:04:03 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-29 15:00:43 98816 ----a-w- c:\windows\system32\mfps.dll
2011-05-29 15:00:43 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-05-29 15:00:43 2868224 ----a-w- c:\windows\system32\mf.dll
2011-05-29 15:00:43 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-05-29 15:00:43 2048 ----a-w- c:\windows\system32\mferror.dll
2011-05-29 14:55:21 71680 ----a-w- c:\windows\system32\atl.dll
2011-05-29 14:50:43 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-05-29 14:49:36 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-05-29 14:49:35 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-05-29 14:37:28 623616 ----a-w- c:\windows\system32\localspl.dll
2011-05-29 14:33:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-05-29 14:33:23 9728 ----a-w- c:\windows\system32\lsass.exe
2011-05-29 14:33:23 72704 ----a-w- c:\windows\system32\secur32.dll
2011-05-29 14:33:23 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-05-29 14:33:23 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-05-29 14:33:23 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-05-29 14:25:04 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-05-29 14:21:26 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-05-29 14:21:26 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-05-29 14:18:21 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-05-29 14:18:21 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-05-29 14:18:20 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-05-29 14:18:20 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-05-29 14:11:57 37888 ----a-w- c:\windows\system32\printcom.dll
2011-05-29 13:21:22 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-05-29 13:20:53 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-05-29 13:20:11 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-05-29 13:19:16 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-05-29 13:19:16 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-05-29 13:19:16 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-05-29 13:16:59 243712 ----a-w- c:\windows\system32\rastls.dll
2011-05-29 13:16:34 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-05-29 13:15:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-05-29 13:15:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-05-29 13:15:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-05-29 13:15:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-05-29 13:15:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-05-29 13:15:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-05-29 13:15:27 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-05-29 13:15:27 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-05-29 13:15:27 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-05-29 13:15:27 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-05-29 13:13:51 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-05-28 00:32:21 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-05-28 00:32:03 98304 ----a-w- c:\windows\system32\cabview.dll
2011-05-28 00:25:36 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-05-28 00:24:38 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-05-28 00:24:03 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-05-28 00:24:03 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 10:37:05.62 ===============

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Here is the new DDS logs

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
Run by Brian at 18:07:51 on 2011-08-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1830 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EFC2CF7A-648E-4D93-9A2D-B52E827B2E64} : DhcpNameServer = 192.168.1.254
AppInit_DLLs: c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\3mx889wz.default\
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-3 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-3 309848]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 36568]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-3 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-3 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-3 42184]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-27 2218600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]
.
=============== Created Last 30 ================
.
2011-08-14 01:59:32 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{84862cc0-d8ea-47fd-9ded-21657857dc3f}\mpengine.dll
2011-08-10 23:07:06 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 23:07:04 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-05 16:06:47 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-08-05 01:01:45 0 ----a-w- c:\windows\system32\RENA622.tmp
2011-08-05 01:01:45 0 ----a-w- c:\windows\system32\RENA621.tmp
2011-08-05 01:01:45 0 ----a-w- c:\windows\system32\RENA610.tmp
2011-07-26 17:17:50 -------- d-----w- c:\program files\CCleaner
2011-07-22 23:50:26 -------- d-----w- c:\users\brian\appdata\local\PMB Files
2011-07-22 23:50:19 -------- d-----w- c:\programdata\PMB Files
2011-07-22 23:49:12 -------- d-----w- c:\program files\Pando Networks
2011-07-20 00:04:44 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-20 00:04:44 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
.
==================== Find3M ====================
.
2011-08-05 01:35:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-22 13:54:40 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 13:56:44 285256 ----a-w- c:\windows\system32\guard32.dll
2011-07-06 13:56:41 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-07-06 13:56:40 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-07-06 13:56:40 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-21 15:49:52 834048 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 14:13:51 389632 ----a-w- c:\windows\system32\html.iec
2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13:55 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-04 01:26:19 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-04 01:26:11 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-31 23:09:01 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-05-31 23:05:04 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2011-05-30 14:43:45 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-05-30 14:43:17 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-05-30 14:43:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-05-30 14:43:17 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-05-30 14:43:15 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-05-30 14:43:14 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-05-30 14:43:14 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-05-29 19:01:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 15:16:47 23552 ----a-w- c:\windows\system32\lpk.dll
2011-05-29 15:16:47 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-05-29 15:14:25 72704 ----a-w- c:\windows\system32\admparse.dll
2011-05-29 15:14:19 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-29 15:12:28 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-05-29 15:12:28 272896 ----a-w- c:\windows\system32\polstore.dll
2011-05-29 15:09:03 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-05-29 15:09:03 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-05-29 15:09:03 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-05-29 15:09:03 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-05-29 15:09:02 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-05-29 15:09:02 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-05-29 15:09:02 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-05-29 15:09:02 10240 ----a-w- c:\windows\system32\finger.exe
2011-05-29 15:06:39 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-05-29 15:06:38 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-05-29 15:06:38 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-05-29 15:06:38 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-05-29 15:06:38 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-05-29 15:06:38 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-05-29 15:06:35 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-05-29 15:05:20 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-05-29 15:05:19 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-05-29 15:05:19 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-05-29 15:04:03 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-29 15:00:43 98816 ----a-w- c:\windows\system32\mfps.dll
2011-05-29 15:00:43 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-05-29 15:00:43 2868224 ----a-w- c:\windows\system32\mf.dll
2011-05-29 15:00:43 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-05-29 15:00:43 2048 ----a-w- c:\windows\system32\mferror.dll
2011-05-29 14:55:21 71680 ----a-w- c:\windows\system32\atl.dll
2011-05-29 14:50:43 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-05-29 14:49:36 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-05-29 14:49:35 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-05-29 14:37:28 623616 ----a-w- c:\windows\system32\localspl.dll
2011-05-29 14:33:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-05-29 14:33:23 9728 ----a-w- c:\windows\system32\lsass.exe
2011-05-29 14:33:23 72704 ----a-w- c:\windows\system32\secur32.dll
2011-05-29 14:33:23 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-05-29 14:33:23 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-05-29 14:33:23 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-05-29 14:25:04 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-05-29 14:21:26 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-05-29 14:21:26 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-05-29 14:18:21 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-05-29 14:18:21 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-05-29 14:18:20 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-05-29 14:18:20 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-05-29 14:11:57 37888 ----a-w- c:\windows\system32\printcom.dll
2011-05-29 13:21:22 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-05-29 13:20:53 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-05-29 13:20:11 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-05-29 13:19:16 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-05-29 13:19:16 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-05-29 13:19:16 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-05-29 13:16:59 243712 ----a-w- c:\windows\system32\rastls.dll
2011-05-29 13:16:34 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-05-29 13:15:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-05-29 13:15:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-05-29 13:15:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-05-29 13:15:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-05-29 13:15:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-05-29 13:15:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-05-29 13:15:27 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-05-29 13:15:27 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-05-29 13:15:27 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-05-29 13:15:27 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-05-29 13:13:51 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-05-28 00:32:21 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-05-28 00:32:03 98304 ----a-w- c:\windows\system32\cabview.dll
2011-05-28 00:25:36 2421760 ----a-w- c:\windows\system32\wucltux.dll
.
============= FINISH: 18:10:08.02 ===============

Link to post
Share on other sites

Im sorry but I accidentally exited the combofix log. Where can I find it? And as a added note, I have steam installed on my computer and I guess Combofix deleted the steam.vtf file making steam unable to run. I reinstalled steam and everything appears to be normal, but is it common for combofix to mess up steam like that?

Link to post
Share on other sites

Nevermind. Rooted around and found it

ComboFix 11-08-15.08 - Brian 08/15/2011  18:29:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1643 [GMT -7:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Steam\Steam.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-16 01:37 . 2011-08-16 01:38 -------- d-----w- c:\users\Brian\AppData\Local\temp
2011-08-14 01:59 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84862CC0-D8EA-47FD-9DED-21657857DC3F}\mpengine.dll
2011-08-10 23:07 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 23:07 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-05 16:06 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-08-05 01:37 . 2011-08-05 01:37 -------- d-----w- c:\program files\Common Files\Java
2011-08-05 01:35 . 2011-08-05 01:35 -------- d-----w- c:\program files\Java
2011-08-05 01:01 . 2011-08-05 01:01 0 ----a-w- c:\windows\system32\RENA622.tmp
2011-08-05 01:01 . 2011-08-05 01:01 0 ----a-w- c:\windows\system32\RENA621.tmp
2011-08-05 01:01 . 2011-08-05 01:01 0 ----a-w- c:\windows\system32\RENA610.tmp
2011-07-26 17:17 . 2011-07-26 17:17 -------- d-----w- c:\program files\CCleaner
2011-07-22 23:50 . 2011-08-16 01:18 -------- d-----w- c:\users\Brian\AppData\Local\PMB Files
2011-07-22 23:50 . 2011-07-22 23:50 -------- d-----w- c:\programdata\PMB Files
2011-07-22 23:49 . 2011-07-22 23:49 -------- d-----w- c:\program files\Pando Networks
2011-07-20 00:04 . 2011-07-20 00:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-20 00:04 . 2011-07-20 00:04 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-05 01:35 . 2011-05-28 16:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-07 02:52 . 2011-06-24 01:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-06-24 01:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 13:56 . 2011-05-03 03:36 285256 ----a-w- c:\windows\system32\guard32.dll
2011-07-06 13:56 . 2011-05-07 23:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-07-06 13:56 . 2011-05-03 03:36 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-07-06 13:56 . 2011-05-03 03:36 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-07-06 13:56 . 2011-05-03 03:36 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-07-04 11:43 . 2011-06-04 02:37 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-06-04 02:37 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-06-04 02:38 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-06-04 02:38 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-06-04 02:38 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2011-06-04 02:38 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-06-04 02:38 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2011-06-04 02:38 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-04 01:26 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-04 01:26 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-02 13:34 . 2011-07-13 20:55 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-31 23:09 . 2011-05-31 23:09 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-05-31 23:05 . 2011-05-31 23:05 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-05-30 14:43 . 2011-05-30 14:43 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-05-30 14:43 . 2011-05-30 14:43 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-05-30 14:43 . 2011-05-30 14:43 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-05-30 14:43 . 2011-05-30 14:43 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-05-30 14:43 . 2011-05-30 14:43 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-05-30 14:43 . 2011-05-30 14:43 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-05-30 14:43 . 2011-05-30 14:43 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-05-29 19:01 . 2011-05-29 19:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 15:16 . 2011-05-29 15:16 23552 ----a-w- c:\windows\system32\lpk.dll
2011-05-29 15:16 . 2011-05-29 15:16 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-05-29 15:14 . 2011-05-29 15:14 72704 ----a-w- c:\windows\system32\admparse.dll
2011-05-29 15:14 . 2011-05-29 15:14 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-29 15:12 . 2011-05-29 15:12 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-05-29 15:12 . 2011-05-29 15:12 272896 ----a-w- c:\windows\system32\polstore.dll
2011-05-29 15:09 . 2011-05-29 15:09 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-05-29 15:09 . 2011-05-29 15:09 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-05-29 15:09 . 2011-05-29 15:09 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-05-29 15:09 . 2011-05-29 15:09 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-05-29 15:09 . 2011-05-29 15:09 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-05-29 15:09 . 2011-05-29 15:09 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-05-29 15:09 . 2011-05-29 15:09 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-05-29 15:09 . 2011-05-29 15:09 10240 ----a-w- c:\windows\system32\finger.exe
2011-05-29 15:06 . 2011-05-29 15:06 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-05-29 15:06 . 2011-05-29 15:06 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-05-29 15:06 . 2011-05-29 15:06 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-05-29 15:06 . 2011-05-29 15:06 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-05-29 15:06 . 2011-05-29 15:06 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-05-29 15:06 . 2011-05-29 15:06 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-05-29 15:06 . 2011-05-29 15:06 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-05-29 15:05 . 2011-05-29 15:05 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-05-29 15:05 . 2011-05-29 15:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-05-29 15:05 . 2011-05-29 15:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-05-29 15:04 . 2011-05-29 15:04 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-29 15:00 . 2011-05-29 15:00 98816 ----a-w- c:\windows\system32\mfps.dll
2011-05-29 15:00 . 2011-05-29 15:00 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-05-29 15:00 . 2011-05-29 15:00 2868224 ----a-w- c:\windows\system32\mf.dll
2011-05-29 15:00 . 2011-05-29 15:00 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-05-29 15:00 . 2011-05-29 15:00 2048 ----a-w- c:\windows\system32\mferror.dll
2011-05-29 14:55 . 2011-05-29 14:55 71680 ----a-w- c:\windows\system32\atl.dll
2011-05-29 14:50 . 2011-05-29 14:50 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-05-29 14:49 . 2011-05-29 14:49 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-05-29 14:49 . 2011-05-29 14:49 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-05-29 14:37 . 2011-05-29 14:37 623616 ----a-w- c:\windows\system32\localspl.dll
2011-05-29 14:33 . 2011-05-29 14:33 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-05-29 14:33 . 2011-05-29 14:33 9728 ----a-w- c:\windows\system32\lsass.exe
2011-05-29 14:33 . 2011-05-29 14:33 72704 ----a-w- c:\windows\system32\secur32.dll
2011-05-29 14:33 . 2011-05-29 14:33 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-05-29 14:33 . 2011-05-29 14:33 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-05-29 14:33 . 2011-05-29 14:33 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-05-29 14:29 . 2011-05-29 14:29 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2011-05-29 14:29 . 2011-05-29 14:29 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2011-05-29 14:29 . 2011-05-29 14:29 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2011-05-29 14:29 . 2011-05-29 14:29 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2011-05-29 14:29 . 2011-05-29 14:29 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2011-05-29 14:29 . 2011-05-29 14:29 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2011-05-29 14:29 . 2011-05-29 14:29 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2011-05-29 14:29 . 2011-05-29 14:29 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2011-05-29 14:29 . 2011-05-29 14:29 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2011-05-29 14:29 . 2011-05-29 14:29 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2011-05-29 14:29 . 2011-05-29 14:29 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2011-05-29 14:29 . 2011-05-29 14:29 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2011-05-29 14:29 . 2011-05-29 14:29 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2011-05-29 14:29 . 2011-05-29 14:29 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2011-05-29 14:29 . 2011-05-29 14:29 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2011-05-29 14:29 . 2011-05-29 14:29 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2011-05-29 14:29 . 2011-05-29 14:29 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2011-05-29 14:29 . 2011-05-29 14:29 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2011-05-29 14:29 . 2011-05-29 14:29 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2011-05-29 14:29 . 2011-05-29 14:29 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2011-05-29 14:29 . 2011-05-29 14:29 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2011-05-29 14:29 . 2011-05-29 14:29 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2011-05-29 14:29 . 2011-05-29 14:29 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2011-05-29 14:29 . 2011-05-29 14:29 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2011-05-29 14:29 . 2011-05-29 14:29 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2011-05-29 14:29 . 2011-05-29 14:29 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2011-05-29 14:29 . 2011-05-29 14:29 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2011-05-29 14:29 . 2011-05-29 14:29 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2011-05-29 14:29 . 2011-05-29 14:29 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2011-05-29 14:29 . 2011-05-29 14:29 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2011-07-20 00:04 . 2011-05-28 01:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-22 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-07-06 2554696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-07-06 238960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-07-06 36568]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 03:26]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 03:26]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3mx889wz.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Steam - c:\program files\Steam\steam.exe
AddRemove-Steam App 1200 - c:\program files\Steam\steam.exe
AddRemove-Steam App 1230 - c:\program files\Steam\steam.exe
AddRemove-Steam App 1280 - c:\program files\Steam\steam.exe
AddRemove-Steam App 1290 - c:\program files\Steam\steam.exe
AddRemove-Steam App 17500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 17510 - c:\program files\Steam\steam.exe
AddRemove-Steam App 215 - c:\program files\Steam\steam.exe
AddRemove-Steam App 240 - c:\program files\Steam\steam.exe
AddRemove-Steam App 4000 - c:\program files\Steam\steam.exe
AddRemove-Steam App 500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 550 - c:\program files\Steam\steam.exe
AddRemove-Steam App 70 - c:\program files\Steam\steam.exe
AddRemove-Steam App 9880 - c:\program files\Steam\steam.exe
AddRemove-Steam App 99900 - c:\program files\Steam\steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-15 18:38
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\guard32.dll
.
Completion time: 2011-08-15 18:40:41
ComboFix-quarantined-files.txt 2011-08-16 01:40
.
Pre-Run: 175,721,050,112 bytes free
Post-Run: 175,685,304,320 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 5978FF4D8254FD33A1AE3FE49C48F60A

Link to post
Share on other sites

  • Staff

Hi,

I will alert ComboFix's developer about that issue.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

DeQuarantine::
C:\qoobox\quarantine\c\program files\Steam\Steam.exe
ClearJavaCache::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Here is the new DDS log for you. Btw: Thank you for helping me with this :D

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
Run by Brian at 9:21:25 on 2011-08-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1796 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EFC2CF7A-648E-4D93-9A2D-B52E827B2E64} : DhcpNameServer = 192.168.1.254
AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\3mx889wz.default\
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-3 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-3 309848]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 36568]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-3 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-3 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-3 42184]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-5-25 154424]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-27 2218600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]
.
=============== Created Last 30 ================
.
2011-08-21 16:31:58 -------- d-----w- c:\programdata\Comodo
2011-08-21 16:31:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-21 16:31:52 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-08-21 16:31:52 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-08-20 19:14:19 -------- d-----w- c:\users\brian\appdata\roaming\.minecraft
2011-08-19 15:15:28 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b75baced-6096-475f-b4c3-d98be958898d}\mpengine.dll
2011-08-16 01:40:50 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-16 01:40:44 -------- d-----w- c:\users\brian\appdata\local\temp
2011-08-16 01:26:46 98816 ----a-w- c:\windows\sed.exe
2011-08-16 01:26:46 518144 ----a-w- c:\windows\SWREG.exe
2011-08-16 01:26:46 256000 ----a-w- c:\windows\PEV.exe
2011-08-16 01:26:46 208896 ----a-w- c:\windows\MBR.exe
2011-08-16 01:26:33 -------- d-----w- C:\ComboFix
2011-08-10 23:07:06 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 23:07:04 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-05 16:06:47 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-08-05 01:01:45 0 ----a-w- c:\windows\system32\RENA622.tmp
2011-08-05 01:01:45 0 ----a-w- c:\windows\system32\RENA621.tmp
2011-08-05 01:01:45 0 ----a-w- c:\windows\system32\RENA610.tmp
2011-07-26 17:17:50 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2011-08-05 01:35:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-22 13:54:40 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-21 15:49:52 834048 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 14:13:51 389632 ----a-w- c:\windows\system32\html.iec
2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13:55 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-04 01:26:19 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-04 01:26:11 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-31 23:09:01 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-05-31 23:05:04 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2011-05-30 14:43:45 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-05-30 14:43:17 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-05-30 14:43:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-05-30 14:43:17 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-05-30 14:43:15 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-05-30 14:43:14 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-05-30 14:43:14 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-05-29 19:01:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 15:16:47 23552 ----a-w- c:\windows\system32\lpk.dll
2011-05-29 15:16:47 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-05-29 15:14:25 72704 ----a-w- c:\windows\system32\admparse.dll
2011-05-29 15:14:19 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-29 15:12:28 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-05-29 15:12:28 272896 ----a-w- c:\windows\system32\polstore.dll
2011-05-29 15:09:03 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-05-29 15:09:03 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-05-29 15:09:03 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-05-29 15:09:03 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-05-29 15:09:02 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-05-29 15:09:02 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-05-29 15:09:02 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-05-29 15:09:02 10240 ----a-w- c:\windows\system32\finger.exe
2011-05-29 15:06:39 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-05-29 15:06:38 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-05-29 15:06:38 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-05-29 15:06:38 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-05-29 15:06:38 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-05-29 15:06:38 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-05-29 15:06:35 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-05-29 15:05:20 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-05-29 15:05:19 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-05-29 15:05:19 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-05-29 15:04:03 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-29 15:00:43 98816 ----a-w- c:\windows\system32\mfps.dll
2011-05-29 15:00:43 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-05-29 15:00:43 2868224 ----a-w- c:\windows\system32\mf.dll
2011-05-29 15:00:43 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-05-29 15:00:43 2048 ----a-w- c:\windows\system32\mferror.dll
2011-05-29 14:55:21 71680 ----a-w- c:\windows\system32\atl.dll
2011-05-29 14:50:43 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-05-29 14:49:36 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-05-29 14:49:35 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-05-29 14:37:28 623616 ----a-w- c:\windows\system32\localspl.dll
2011-05-29 14:33:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-05-29 14:33:23 9728 ----a-w- c:\windows\system32\lsass.exe
2011-05-29 14:33:23 72704 ----a-w- c:\windows\system32\secur32.dll
2011-05-29 14:33:23 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-05-29 14:33:23 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-05-29 14:33:23 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-05-29 14:25:04 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-05-29 14:21:26 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-05-29 14:21:26 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-05-29 14:18:21 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-05-29 14:18:21 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-05-29 14:18:20 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-05-29 14:18:20 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-05-29 14:11:57 37888 ----a-w- c:\windows\system32\printcom.dll
2011-05-29 13:21:22 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-05-29 13:20:53 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-05-29 13:20:11 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-05-29 13:19:16 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-05-29 13:19:16 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-05-29 13:19:16 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-05-29 13:16:59 243712 ----a-w- c:\windows\system32\rastls.dll
2011-05-29 13:16:34 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-05-29 13:15:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-05-29 13:15:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-05-29 13:15:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-05-29 13:15:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-05-29 13:15:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-05-29 13:15:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-05-29 13:15:27 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-05-29 13:15:27 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-05-29 13:15:27 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-05-29 13:15:27 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-05-29 13:13:51 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-05-28 00:32:21 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-05-28 00:32:03 98304 ----a-w- c:\windows\system32\cabview.dll
2011-05-28 00:25:36 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-05-28 00:24:38 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-05-28 00:24:03 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-05-28 00:24:03 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 9:23:13.01 ===============

Now regarding combofix... Im kinda hesitant to run it again. On account of the fact that it messed up steam, and messed up my comodo firewall program. I just dont want it deleting stuff I need, you know? If you could get back to me about this that would be great.

P.S. When combofix deleted steam.exe, I promptly reinstalled steam and fixed the issue. Now that there is a new steam.exe will de-quarantining the old one combofix has in its quarantine mess stuff up?

And again, Thank You for helping me.

Link to post
Share on other sites

  • Staff

Hi,

Skip it all together...

Please download ATF Cleaner by Atribune from here, and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the whole lot, check Select All.

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.18

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

avast! Free Antivirus

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 26

Adobe Flash Player 10.3.181.14

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

system32 AvastSvc.exe -?-

AVAST Software Avast AvastUI.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 26

Restart your computer.

Get the latest version of Java.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.