Jump to content

Trojan Taken over PC


Recommended Posts

his started in September, I had a Trojan found by melwarebytes, I try ed to delete it and the next thing I know I can not get into PC with out

going through safe mode, As I become frustrated my husband told me to just do a system restore, back to its orig state. Yikes

So I have been trying to get this thing back.

Yesterday and Today..I ran Mal, found a Trojan in the win32/Hostfile . I clicked to delete it and it said it did but its still showing up.

On the last time I run it it said it updated but I don't think It did. Then I got locked out of PC and had to dig around to

find password for the PC.

So now I am here, here is my dds

Any help you could give me would be really appreciated.

DiamondGirl

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 8:45:18 on 2011-10-22

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.att.net/webdirectory

uDefault_Page_URL = hxxp://us10.hpwis.com/

uDefault_Search_URL = hxxp://srch-us10.hpwis.com/

uSearch Bar = hxxp://srch-us10.hpwis.com/

mSearch Bar = hxxp://srch-us10.hpwis.com/

uInternet Settings,ProxyOverride = localhost

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [RecordNow!]

uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [CamMonitor] c:\program files\hp\digital imaging\unload\hpqcmon.exe

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [LTMSG] LTMSG.exe 7

mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1316829629774

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1316658307437

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A48A7E87-3190-437B-A540-35D06186B163} : DhcpNameServer = 192.168.1.254

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\cjsl4uia.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - Yahoo.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R? avast! Firewall;avast! Firewall

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? cpuz134;cpuz134

R? mrtRate;mrtRate

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? aswFsBlk;aswFsBlk

S? aswFW;avast! TDI Firewall driver

S? aswNdis;avast! Firewall NDIS Filter Service

S? aswNdis2;avast! Firewall Core Firewall Service

S? aswSnx;aswSnx

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

.

=============== Created Last 30 ================

.

2011-10-20 14:24:31 1611 ----a-w- c:\windows\mvps.bat

2011-10-12 15:55:18 -------- d-sh--w- c:\documents and settings\owner\IECompatCache

2011-10-10 02:14:27 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2011-10-10 02:11:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-10 02:11:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-10 02:11:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-09-29 02:33:10 -------- d-----w- c:\windows\tracing

2011-09-29 01:45:36 -------- d-----w- c:\program files\Support Tools

2011-09-29 01:14:14 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-09-27 19:33:23 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-09-27 19:33:07 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-09-27 19:33:03 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2011-09-27 19:05:34 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-27 02:05:29 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-09-27 02:05:18 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-09-26 23:58:45 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-09-26 23:58:45 -------- d-----w- c:\windows\Trend Micro

2011-09-26 21:24:31 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic

2011-09-26 21:24:30 -------- d-----w- c:\program files\common files\ParetoLogic

2011-09-26 21:24:30 -------- d-----w- c:\documents and settings\all users\application data\FileCure

2011-09-26 01:05:43 163840 ----a-w- c:\windows\system32\igfxres.dll

2011-09-25 20:34:14 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2011-09-25 20:30:02 -------- d-----w- c:\program files\Microsoft

2011-09-25 20:27:17 23510720 ----a-w- c:\program files\common files\windows live\.cache\84a7f5aa1cc7bc1\dotnetfx.exe

2011-09-25 20:22:38 484632 ----a-w- c:\program files\common files\windows live\.cache\de1b90ac1cc7bc0\DXSETUP.exe

2011-09-25 20:22:37 74520 ----a-w- c:\program files\common files\windows live\.cache\de1b90ac1cc7bc0\DSETUP.dll

2011-09-25 20:22:37 1670936 ----a-w- c:\program files\common files\windows live\.cache\de1b90ac1cc7bc0\dsetup32.dll

2011-09-25 20:22:14 1013800 ----a-w- c:\program files\common files\windows live\.cache\d019bfec1cc7bc0\WindowsXP-KB954708-x86-ENU.exe

2011-09-25 18:39:58 -------- d-sh--w- c:\documents and settings\owner\PrivacIE

2011-09-25 00:47:42 -------- d-sh--w- c:\documents and settings\owner\IETldCache

2011-09-24 01:55:23 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-09-24 01:39:41 -------- d-----w- c:\program files\common files\Windows Live

2011-09-24 01:37:25 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll

2011-09-24 01:37:07 -------- d-----w- c:\windows\ie8updates

2011-09-24 01:35:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-09-24 01:35:24 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-09-24 01:35:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-09-24 01:30:30 -------- dc-h--w- c:\windows\ie8

2011-09-24 01:21:32 -------- d-----w- c:\windows\system32\GroupPolicy

2011-09-24 01:19:21 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2011-09-24 01:19:21 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2011-09-24 01:19:21 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2011-09-24 01:17:24 -------- d-----w- c:\windows\system32\LogFiles

2011-09-23 16:31:10 651144 ----a-w- C:\WindowsServer2003-KB937342-x86-ENU.exe

2011-09-22 20:07:41 -------- d-----w- c:\windows\system32\NtmsData

2011-09-22 14:08:18 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-09-22 14:08:18 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll

2011-09-22 14:08:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-09-22 14:08:18 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll

2011-09-22 14:08:18 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat

2011-09-22 14:08:18 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-09-22 14:08:18 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2011-09-22 14:08:18 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll

.

==================== Find3M ====================

.

2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-25 18:26:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-24 00:22:49 278016 ----a-w- C:\netfx_setupverifier.exe

2011-09-17 23:59:42 0 ----a-w- c:\windows\000001_.tmp

2011-09-17 22:42:45 374888 ----a-w- c:\program files\WindowsServer2003-KB828035-x86-ENU.exe

2011-09-17 02:03:47 1981952 ----a-w- c:\program files\epson11887.exe

2011-09-14 02:23:30 278927592 ----a-w- c:\windows\WindowsXP-KB835935-SP2-ENU.exe

2011-09-14 02:06:05 94560 ----a-w- c:\program files\NETFX4RTM.exe

2011-09-14 02:04:59 889416 ----a-w- C:\dotNetFx40_Full_setup.exe

2011-09-14 01:39:21 5356304 ----a-w- c:\windows\uninst.exe

2011-09-14 01:26:27 827392 ----a-w- c:\windows\system32\FLASH.OCX

2011-09-09 19:23:20 3884 ----a-w- c:\windows\viassary-hp.reg

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 8:48:18.03 ===============

attach text.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

My Mal Log

www.malwarebytes.org

Database version: 8036

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/28/2011 1:57:16 PM

mbam-log-2011-10-28 (13-57-16).txt

Scan type: Quick scan

Objects scanned: 246414

Time elapsed: 12 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Be Back

Link to post
Share on other sites

Sorry for the delay, Unexpected company came in...

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 10:14:10 on 2011-10-29

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.att.net/webdirectory

uDefault_Search_URL = hxxp://srch-us10.hpwis.com/

mSearch Bar = hxxp://srch-us10.hpwis.com/

uInternet Settings,ProxyOverride = localhost

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [CamMonitor] c:\program files\hp\digital imaging\unload\hpqcmon.exe

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A48A7E87-3190-437B-A540-35D06186B163} : DhcpNameServer = 192.168.1.254

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\cjsl4uia.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - Yahoo.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R? avast! Firewall;avast! Firewall

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? cpuz134;cpuz134

R? mrtRate;mrtRate

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? aswFsBlk;aswFsBlk

S? aswFW;avast! TDI Firewall driver

S? aswNdis;avast! Firewall NDIS Filter Service

S? aswNdis2;avast! Firewall Core Firewall Service

S? aswSnx;aswSnx

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

.

=============== Created Last 30 ================

.

2011-10-25 04:04:09 215920 ----a-w- c:\windows\system32\muweb.dll

2011-10-20 14:24:31 1611 ----a-w- c:\windows\mvps.bat

2011-10-12 15:55:18 -------- d-sh--w- c:\documents and settings\owner\IECompatCache

2011-10-10 02:14:27 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2011-10-10 02:11:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-10 02:11:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-10 02:11:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

.

==================== Find3M ====================

.

2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-25 18:26:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-24 00:22:49 278016 ----a-w- C:\netfx_setupverifier.exe

2011-09-17 23:59:42 0 ----a-w- c:\windows\000001_.tmp

2011-09-14 02:06:05 94560 ----a-w- c:\program files\NETFX4RTM.exe

2011-09-14 02:04:59 889416 ----a-w- C:\dotNetFx40_Full_setup.exe

2011-09-14 01:39:21 5356304 ----a-w- c:\windows\uninst.exe

2011-09-14 01:26:27 827392 ----a-w- c:\windows\system32\FLASH.OCX

2011-09-09 19:23:20 3884 ----a-w- c:\windows\viassary-hp.reg

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:54 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37:39 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-09-06 20:10:01 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 10:16:48.28 ===============

1attach.zip

Link to post
Share on other sites

ComboFix 11-11-08.02 - Owner 11/08/2011 13:11:13.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.644 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

.

.

((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))

.

.

2011-10-25 04:04 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll

2011-10-20 14:24 . 2011-05-02 20:05 1611 ----a-w- c:\windows\mvps.bat

2011-10-12 15:55 . 2011-10-12 15:55 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache

2011-10-10 02:14 . 2011-10-10 02:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2011-10-10 02:11 . 2011-10-10 13:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-10 02:11 . 2011-10-10 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-10-10 02:11 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-26 23:58 . 2011-09-26 23:58 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-26 16:41 . 2010-03-18 14:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2003-11-06 00:06 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2003-11-06 00:06 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-25 18:26 . 2011-09-10 02:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-24 00:22 . 2011-01-17 13:26 278016 ----a-w- C:\netfx_setupverifier.exe

2011-09-22 00:44 . 2011-09-22 00:44 36864 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\gnu.dll

2011-09-22 00:44 . 2011-09-22 00:44 45056 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\util.dll

2011-09-22 00:44 . 2011-09-22 00:44 3072 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchealthde.exe

2011-09-22 00:44 . 2011-09-22 00:44 32768 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchapi.dll

2011-09-22 00:44 . 2011-09-22 00:44 98304 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PluginCtrl.dll

2011-09-22 00:44 . 2011-09-22 00:44 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\ZipLib.dll

2011-09-22 00:44 . 2011-09-22 00:44 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\WinVerifyTrust.dll

2011-09-22 00:44 . 2011-09-22 00:44 282624 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\clientutil52.dll

2011-09-22 00:44 . 2011-09-22 00:44 356352 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\client_motkt.dll

2011-09-22 00:44 . 2011-09-22 00:44 4096 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\winverifytrustwrapper.dll

2011-09-22 00:44 . 2011-09-22 00:44 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHI18N.dll

2011-09-22 00:44 . 2011-09-22 00:44 434176 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\motivede.dll

2011-09-22 00:44 . 2011-09-22 00:44 24576 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pcdapi.dll

2011-09-22 00:44 . 2011-09-22 00:44 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\hwinv.dll

2011-09-22 00:44 . 2011-09-22 00:44 212992 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\jsharpinterp.dll

2011-09-22 00:44 . 2011-09-22 00:44 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchealthplugin.dll

2011-09-22 00:44 . 2011-09-22 00:44 122880 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\SearchCtrl.dll

2011-09-22 00:44 . 2011-09-22 00:44 26572 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\INV16.dll

2011-09-22 00:44 . 2011-09-22 00:44 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\msxmlwrapper.dll

2011-09-22 00:44 . 2011-09-22 00:44 5632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\GUI.dll

2011-09-22 00:44 . 2011-09-22 00:44 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\FDIWrapper.dll

2011-09-22 00:44 . 2011-09-22 00:44 344064 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\api.dll

2011-09-22 00:44 . 2011-09-22 00:44 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchmsxml.dll

2011-09-22 00:44 . 2011-09-22 00:44 139264 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\ContentUpdater.exe

2011-09-22 00:44 . 2011-09-22 00:44 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\msxmlwrapper.dll

2011-09-22 00:44 . 2011-09-22 00:44 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchmsxml.dll

2011-09-22 00:44 . 2011-09-22 00:44 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchnotify.exe

2011-09-22 00:44 . 2011-09-22 00:44 159744 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHButton.exe

2011-09-22 00:44 . 2011-09-22 00:44 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\asst_ui.dll

2011-09-17 23:59 . 2011-09-17 23:59 0 ----a-w- c:\windows\000001_.tmp

2011-09-14 02:06 . 2011-09-14 02:06 94560 ----a-w- c:\program files\NETFX4RTM.exe

2011-09-14 02:04 . 2011-09-14 02:05 889416 ----a-w- C:\dotNetFx40_Full_setup.exe

2011-09-14 01:39 . 2011-09-14 01:38 5356304 ----a-w- c:\windows\uninst.exe

2011-09-14 01:26 . 2011-09-14 01:26 827392 ----a-w- c:\windows\system32\FLASH.OCX

2011-09-09 19:23 . 2009-04-28 14:32 3884 ----a-w- c:\windows\viassary-hp.reg

2011-09-09 09:12 . 2002-09-24 05:10 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 20:45 . 2011-09-27 19:03 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-06 20:45 . 2010-07-01 12:53 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38 . 2011-09-27 19:33 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-09-06 20:38 . 2011-09-27 19:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37 . 2011-09-27 19:05 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:37 . 2011-09-27 19:33 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-09-06 20:36 . 2011-09-27 19:05 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2011-09-27 19:05 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2011-09-27 19:05 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-09-06 20:36 . 2011-09-27 19:05 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-09-06 20:36 . 2011-09-27 19:05 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-06 20:33 . 2011-09-27 19:05 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-09-06 20:10 . 2011-09-27 19:33 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2011-09-06 13:20 . 2003-10-11 02:22 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48 . 2003-11-05 23:26 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2003-11-06 00:06 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2003-11-06 00:05 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2011-09-20 00:13 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2003-11-06 00:03 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-09-30 17:15 . 2011-09-09 19:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-23_17.24.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2003-05-15 14:47 . 2003-05-15 14:47 50376 c:\windows\Trend Micro\HiJackThis\backups\backup-20111101-075929-483.dll

+ 2009-01-14 22:49 . 2009-01-14 22:49 92504 c:\windows\Trend Micro\HiJackThis\backups\backup-20111101-075929-184.dll

+ 2011-02-08 17:52 . 2011-02-08 17:52 145688 c:\windows\Trend Micro\HiJackThis\backups\backup-20111024-101414-826.dll

+ 2009-08-07 00:23 . 2009-08-07 00:23 215904 c:\windows\Trend Micro\HiJackThis\backups\backup-20111024-101414-581.dll

+ 2010-12-07 16:44 . 2010-12-07 16:44 562000 c:\windows\Trend Micro\HiJackThis\backups\backup-20111024-101412-338.dll

+ 2009-06-25 17:20 . 2009-06-25 17:20 1485176 c:\windows\Trend Micro\HiJackThis\backups\backup-20111024-101413-623.dll

+ 2003-10-11 05:05 . 2011-10-29 23:06 2248192 c:\windows\Installer\123f4.msi

- 2003-10-11 05:05 . 2011-10-20 20:16 2248192 c:\windows\Installer\123f4.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]

"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-26 49152]

"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

.

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\

AutoTBar.exe [2003-6-18 53248]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

AutoTBar.exe [2003-6-18 53248]

.

c:\documents and settings\Administrator.DIAMOND\Start Menu\Programs\Startup\

AutoTBar.exe [2003-6-18 53248]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

AutoTBar.exe [2003-6-18 53248]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [9/27/2011 2:33 PM 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [9/27/2011 2:33 PM 195416]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [9/27/2011 2:33 PM 111320]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/27/2011 2:05 PM 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/27/2011 2:05 PM 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/27/2011 2:05 PM 20568]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [9/27/2011 2:33 PM 127192]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 mrtRate;mrtRate; [x]

S3 cpuz134;cpuz134;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-07 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-01-28 21:19]

.

2011-10-26 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-01-28 21:19]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.att.net/webdirectory

uDefault_Search_URL = hxxp://srch-us10.hpwis.com/

mSearch Bar = hxxp://srch-us10.hpwis.com/

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cjsl4uia.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - Yahoo.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-08 13:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

C:\## aswSnx private storage

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2708561033-748265662-1500212514-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1232)

c:\windows\system32\igfxsrvc.dll

c:\windows\system32\hccutils.DLL

.

- - - - - - - > 'explorer.exe'(700)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-11-08 13:41:48

ComboFix-quarantined-files.txt 2011-11-08 18:41

ComboFix2.txt 2011-10-28 20:35

ComboFix3.txt 2011-10-23 17:29

.

Pre-Run: 50,606,010,368 bytes free

Post-Run: 51,517,554,688 bytes free

.

- - End Of File - - 346F5A1A3657548D34C3E1788106C0DD

Link to post
Share on other sites

12attach.zip.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 13:58:11 on 2011-11-08

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.530 [GMT -5:00]

.

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\netdde.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.att.net/webdirectory

uDefault_Search_URL = hxxp://srch-us10.hpwis.com/

mSearch Bar = hxxp://srch-us10.hpwis.com/

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [CamMonitor] c:\program files\hp\digital imaging\unload\hpqcmon.exe

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A48A7E87-3190-437B-A540-35D06186B163} : DhcpNameServer = 192.168.1.254

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\cjsl4uia.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - Yahoo.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-9-27 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-9-27 195416]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-9-27 111320]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-27 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-27 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-27 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-27 44768]

S2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-9-27 127192]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 mrtRate;mrtRate; [x]

S3 cpuz134;cpuz134;\??\c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-08 18:55:32 -------- d-s---w- C:\ComboFix

2011-10-25 04:04:09 215920 ----a-w- c:\windows\system32\muweb.dll

2011-10-20 14:24:31 1611 ----a-w- c:\windows\mvps.bat

2011-10-12 15:55:18 -------- d-sh--w- c:\documents and settings\owner\IECompatCache

2011-10-10 02:14:27 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2011-10-10 02:11:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-10 02:11:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-10 02:11:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

.

==================== Find3M ====================

.

2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-25 18:26:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-24 00:22:49 278016 ----a-w- C:\netfx_setupverifier.exe

2011-09-17 23:59:42 0 ----a-w- c:\windows\000001_.tmp

2011-09-14 02:06:05 94560 ----a-w- c:\program files\NETFX4RTM.exe

2011-09-14 02:04:59 889416 ----a-w- C:\dotNetFx40_Full_setup.exe

2011-09-14 01:39:21 5356304 ----a-w- c:\windows\uninst.exe

2011-09-14 01:26:27 827392 ----a-w- c:\windows\system32\FLASH.OCX

2011-09-09 19:23:20 3884 ----a-w- c:\windows\viassary-hp.reg

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:54 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37:39 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-09-06 20:10:01 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 13:59:06.31 ===============

Link to post
Share on other sites

File name:

6D013BA4120AB87D8694AAF12BD5D1C1

Submission date:

2011-10-14 04:33:17 (UTC)

Current status:

finished

Result:

13 /43 (30.2%)

Antivirus Version Last update Result

AhnLab-V3 2011.10.13.00 2011.10.13 Win-Trojan/Agent.53248.FI

AntiVir 7.11.15.252 2011.10.13 -

Antiy-AVL 2.0.3.7 2011.10.13 -

Avast 6.0.1289.0 2011.10.13 -

AVG 10.0.0.1190 2011.10.13 -

BitDefender 7.2 2011.10.13 -

ByteHero 1.0.0.1 2011.09.23 -

CAT-QuickHeal 11.00 2011.10.13 Trojan.Agent.ATV

ClamAV 0.97.0.0 2011.10.13 -

Commtouch 5.3.2.6 2011.10.13 W32/Trojan2.WYO

Comodo 10440 2011.10.13 UnclassifiedMalware

DrWeb 5.0.2.03300 2011.10.12 -

Emsisoft 5.1.0.11 2011.10.13 -

eSafe 7.0.17.0 2011.10.11 Win32.Banker

eTrust-Vet 36.1.8617 2011.10.13 -

F-Prot 4.6.5.141 2011.10.13 W32/Trojan2.WYO

F-Secure 9.0.16440.0 2011.10.13 -

Fortinet 4.3.370.0 2011.10.13 W32/Agent.WYQ!tr

GData 22 2011.10.13 -

Ikarus T3.1.1.107.0 2011.10.13 -

Jiangmin 13.0.900 2011.10.12 -

K7AntiVirus 9.115.5278 2011.10.13 Trojan

Kaspersky 9.0.0.837 2011.10.13 -

McAfee 5.400.0.1158 2011.10.13 -

McAfee-GW-Edition 2010.1D 2011.10.13 -

Microsoft 1.7702 2011.10.13 -

NOD32 6541 2011.10.13 -

Norman 6.07.11 2011.10.13 -

nProtect 2011-10-13.01 2011.10.13 Trojan/W32.Agent.53248.AUI

Panda 10.0.3.5 2011.10.13 -

PCTools 8.0.0.5 2011.10.13 -

Prevx 3.0 2011.10.14 -

Rising 23.79.03.02 2011.10.13 -

Sophos 4.70.0 2011.10.13 -

SUPERAntiSpyware 4.40.0.1006 2011.10.13 -

Symantec 20111.2.0.82 2011.10.13 -

TheHacker 6.7.0.1.322 2011.10.13 Trojan/Agent.duu

TrendMicro 9.500.0.1008 2011.10.13 -

TrendMicro-HouseCall 9.500.0.1008 2011.10.13 -

VBA32 3.12.16.4 2011.10.13 -

VIPRE 10749 2011.10.13 Trojan.Win32.Malware.a

ViRobot 2011.10.13.4717 2011.10.13 Trojan.Win32.Agent.53248.Q

VirusBuster 14.1.11.0 2011.10.13 Trojan.Agent!nau9V4/OkT0

MD5: 6d013ba4120ab87d8694aaf12bd5d1c1

SHA1: 4373a5123e14e2c0ebdc58cfe18b5ec8fc3cf192

SHA256: d0777abaa873017f322590efe40625b4a806ef94fb79fa9e91be136772ac5dbf

File size: 53248 bytes

Scan date: 2011-10-14 04:33:17 (UTC)

Virustotal report.html

Link to post
Share on other sites

  • Staff

Hi,

Please attach that file in your next reply (zip it up first).

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://forums.malwarebytes.org/index.php?showtopic=98222
Collect::
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\AutoTBar.exe

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

Link to post
Share on other sites

I hope I did this correctly, the 2nt log did not come up, ?

but my document folder opened and I saw a file I did not reconize so I attached it ?

782CD1322C12E3 . 3613696 . . [7.00.6000.17102] . . c:\windows\SoftwareDistribution\Download\10c463fa8ddc77e5d9188996e66e35bc\SP3GDR\mshtml.dll

[7] 2011-07-22 . A5E37E013189F2C097AA4C4801215911 . 3615744 . . [7.00.6000.21305] . . c:\windows\$hf_mig$\KB2559049-IE7\SP3QFE\mshtml.dll

[7] 2011-06-28 . C15B93BB8474E71CA76E47F4ACF16D29 . 3085312 . . [6.00.2900.6129] . . c:\windows\$hf_mig$\KB2559049\SP3QFE\mshtml.dll

[7] 2011-06-27 . 42A6B2FC4417FFE6F7825CFF2F408E19 . 3084800 . . [6.00.2900.6129] . . c:\windows\ie7\mshtml.dll

[-] 2011-04-25 . 7E9C4CD54CC21D3F0F7AC8A562FF7101 . 3610624 . . [7.00.6000.21300] . . c:\windows\$hf_mig$\KB2530548-IE7\SP3QFE\mshtml.dll

[-] 2011-02-17 . C9158D1A97BC96CA728F721237DEE9AA . 3607040 . . [7.00.6000.17097] . . c:\windows\ie7updates\KB2530548-IE7\mshtml.dll

[-] 2011-02-17 . F1CBB65EFAFAFA19B06D902DE9E02DEA . 3609600 . . [7.00.6000.21299] . . c:\windows\$hf_mig$\KB2497640-IE7\SP3QFE\mshtml.dll

[-] 2010-12-20 . 48017FB21F1F1DD7E7281B80E162FA43 . 3609088 . . [7.00.6000.21297] . . c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\mshtml.dll

[-] 2010-12-20 . 6FBDFAB3DF839EB93248519681F3C2C9 . 3606528 . . [7.00.6000.17095] . . c:\windows\ie7updates\KB2497640-IE7\mshtml.dll

[-] 2010-11-06 . 2F2DA920F5B9582D40B9761D2AB45696 . 3604480 . . [7.00.6000.17093] . . c:\windows\ie7updates\KB2482017-IE7\mshtml.dll

[-] 2010-11-06 . 1B62916D85DFC66158B1FD0CAC16BA05 . 3607040 . . [7.00.6000.21295] . . c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\mshtml.dll

[-] 2010-09-09 . 2D4ADA592FA9CBBC6D25A4A6293CD719 . 3601920 . . [7.00.6000.17092] . . c:\windows\ie7updates\KB2416400-IE7\mshtml.dll

[-] 2010-09-09 . 151A139487B733CD1B967ED2B14C290E . 3605504 . . [7.00.6000.21294] . . c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\mshtml.dll

[7] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2559049-IE8\mshtml.dll

[7] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\mshtml.dll

[7] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll

[7] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\mshtml.dll

[7] 2010-05-05 . F247F7AC6713066D4C71721BDC73FC2E . 3600384 . . [7.00.6000.17063] . . c:\windows\ie7updates\KB2559049-IE7\mshtml.dll

[7] 2010-05-05 . F247F7AC6713066D4C71721BDC73FC2E . 3600384 . . [7.00.6000.17063] . . c:\windows\SoftwareDistribution\Download\626f83f88e86511ae79d7ff76840cc8e\SP3GDR\mshtml.dll

[7] 2010-05-04 . F247F7AC6713066D4C71721BDC73FC2E . 3600384 . . [7.00.6000.17063] . . c:\windows\ie7updates\KB2360131-IE7\mshtml.dll

[7] 2010-05-04 . C466BDCDFAE6F6EFD618F34BA90B1923 . 3603456 . . [7.00.6000.21264] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll

[7] 2010-05-04 . C466BDCDFAE6F6EFD618F34BA90B1923 . 3603456 . . [7.00.6000.21264] . . c:\windows\SoftwareDistribution\Download\626f83f88e86511ae79d7ff76840cc8e\SP3QFE\mshtml.dll

[7] 2010-04-16 . 6B930309A4A246D133A49EADE11E5773 . 3073024 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\mshtml.dll

[7] 2010-04-16 . 6B930309A4A246D133A49EADE11E5773 . 3073024 . . [6.00.2900.5969] . . c:\windows\$NtUninstallKB2559049$\mshtml.dll

[7] 2010-04-16 . 9574D5B0C784DA0FD8F6A9BB37936A52 . 3073536 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll

[7] 2010-04-16 . 44A6BB3DE8FF814209A1CDFEC4BB51BD . 3065344 . . [6.00.2900.3698] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[7] 2010-04-16 . 149F37C9702F24A50741E56FBC7AE56B . 3073024 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\mshtml.dll

[-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll

[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll

[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll

[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll

[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll

[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll

[-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll

[-] 2009-10-20 . 57B9895B3720587DE96B70FD0F15270A . 3070976 . . [6.00.2900.3636] . . c:\windows\$hf_mig$\KB976749\SP2QFE\mshtml.dll

[-] 2009-10-19 . 4D1EAA7E0B845D1B2E8D711AE754D0F2 . 3070976 . . [6.00.2900.5890] . . c:\windows\$hf_mig$\KB976749\SP3GDR\mshtml.dll

[-] 2009-10-19 . 6C1B3294BCD1A38FDE6D965A96612756 . 3072512 . . [6.00.2900.5890] . . c:\windows\$hf_mig$\KB976749\SP3QFE\mshtml.dll

[-] 2009-09-25 . 299423DFB7E8D8E179F685371C88A6A8 . 3063296 . . [6.00.2900.3627] . . c:\windows\$NtUninstallKB976749$\mshtml.dll

[-] 2009-09-25 . 431D4C38E47AE0CAC1A52A185395A5F5 . 3070976 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB974455\SP2QFE\mshtml.dll

[-] 2009-09-25 . 601E18A9A8F0D0ED39692B593212378F . 3070976 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3GDR\mshtml.dll

[-] 2009-09-25 . 37F578776552FA076EA6085F0365209C . 3072512 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\mshtml.dll

[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll

[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll

[-] 2009-07-18 . 108F212B0E1B4439B014497EEC407981 . 3062272 . . [6.00.2900.3603] . . c:\windows\$NtUninstallKB974455$\mshtml.dll

[-] 2009-07-18 . 7467941BE64DFC5F8E9F3DC1DE920806 . 3069440 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll

[-] 2009-07-18 . 9A878C4D12BE5598B598B27BFEA1B3C2 . 3069440 . . [6.00.2900.3603] . . c:\windows\$hf_mig$\KB972260\SP2QFE\mshtml.dll

[-] 2009-07-18 . F3EE47F296295D08A97CB50EF57244D9 . 3069952 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll

[-] 2009-04-29 . 04AB92BFDDF275D50E3D42CDB4BF110E . 3060736 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\mshtml.dll

[-] 2009-04-29 . ABD8093E43E53AEA5898D2214B92E9BA . 3068928 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll

[-] 2009-04-29 . 7BB862F4CBB8361551C34674291BA5EC . 3068928 . . [6.00.2900.3562] . . c:\windows\$hf_mig$\KB969897\SP2QFE\mshtml.dll

[-] 2009-04-29 . 06CF679E3D24C3DF270556456A0F1EDA . 3069440 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll

[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll

[7] 2009-02-20 . 03D98EB3F7BBD1FA14C650597F1989BC . 3067904 . . [6.00.2900.3527] . . c:\windows\$hf_mig$\KB963027\SP2QFE\mshtml.dll

[7] 2009-02-20 . B20FEE1734EF152AAA8D6C5A938DA902 . 3059712 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\mshtml.dll

[7] 2009-02-20 . 2F70F2F74C40397D031016FA162981C2 . 3068416 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\mshtml.dll

[7] 2009-02-20 . 2F70F2F74C40397D031016FA162981C2 . 3068416 . . [6.00.2900.5764] . . c:\windows\$NtUninstallKB982381$\mshtml.dll

[7] 2009-02-20 . 1618A4A2C5DD8164B8295190C8EA6544 . 3068416 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll

[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB963027$\mshtml.dll

[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll

[7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll

[7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll

[7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB963027_0$\mshtml.dll

[7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB982381_0$\mshtml.dll

[7] 2003-09-19 08:28 . 2E477046A3589D5E461ADF89384A94DC . 2793984 . . [6.00.2800.1264] . . c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\mshtml.dll

.

[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll

[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll

[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2006-10-20 18:10 . 055B02D711CDEDB8C5997274C4E99CB8 . 295000 . . [6.10.8637.0] . . c:\window

Light.zip

Link to post
Share on other sites

No Worries, I understand that you have a life outside of the computer world

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8288

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/2/2011 1:53:25 AM

mbam-log-2011-12-02 (01-53-25).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)

Objects scanned: 501224

Time elapsed: 2 hour(s), 49 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Be Back

Link to post
Share on other sites

  • Staff

Hi,

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr

See if it will run successfully now. Stop it after half an hour of no activity.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.