Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Virus


  • Please log in to reply

#1
lost930

lost930

    New Member

  • Member
  • Pip
  • 1 posts
:) Hi My Dads laptop has a virus, I have tried the whole clean up thing, malware bytes spy something and combo fix. I am not sure if its completely gone. Can someone please help me. The laptop freezes and the start up is slow. I have included a copy of the log. Please if anything else is needed let me know and I will run it and attach it. thank you



ComboFix 10-07-15.05 - Bobby Beckum 07/17/2010 11:35:29.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1381 [GMT -5:00]
Running from: c:\documents and settings\Bobby Beckum\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\System\Uninstall
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
.

2010-07-17 15:57 . 2010-07-17 15:57 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\Malwarebytes
2010-07-17 15:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-17 15:56 . 2010-07-17 15:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-07-17 15:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-17 15:56 . 2010-07-17 15:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-17 13:44 . 2010-07-17 13:44 63488 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-17 13:44 . 2010-07-17 13:44 52224 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-17 13:44 . 2010-07-17 13:44 117760 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-17 13:43 . 2010-07-17 13:43 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\SUPERAntiSpyware.com
2010-07-17 13:43 . 2010-07-17 13:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-07-17 13:43 . 2010-07-17 14:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-17 13:13 . 2010-07-17 13:13 -------- d-----w- c:\program files\CCleaner
2010-07-17 01:41 . 2010-07-17 01:41 -------- d-----w- c:\program files\Trend Micro
2010-07-17 01:41 . 2010-07-17 01:41 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 01:30 . 2010-07-17 01:30 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\Dell
2010-07-14 21:38 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 21:35 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-14 19:36 . 2010-07-14 19:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-13 00:17 . 2010-07-14 22:04 -------- d-----w- c:\documents and settings\Bobby Beckum\Local Settings\Application Data\ursefrtjm
2010-07-10 02:58 . 2010-07-10 02:58 503808 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72621edb-n\msvcp71.dll
2010-07-10 02:58 . 2010-07-10 02:58 499712 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72621edb-n\jmc.dll
2010-07-10 02:58 . 2010-07-10 02:58 348160 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72621edb-n\msvcr71.dll
2010-07-10 02:58 . 2010-07-10 02:58 61440 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-12618108-n\decora-sse.dll
2010-07-10 02:58 . 2010-07-10 02:58 12800 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-12618108-n\decora-d3d.dll
2010-07-09 05:03 . 2010-07-09 05:03 -------- d-----w- c:\documents and settings\Windows Three\Application Data\ScanSoft
2010-06-20 20:55 . 2010-06-20 20:55 -------- d-----w- c:\program files\Hallmark

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 14:09 . 2008-02-10 02:19 -------- d-----w- c:\program files\Common Files\AOL
2010-07-17 14:09 . 2007-11-01 15:56 -------- d-----w- c:\program files\Google
2010-07-17 14:09 . 2008-06-20 04:26 -------- d-----w- c:\program files\Yahoo!
2010-07-17 13:06 . 2008-02-10 02:23 -------- d-----w- c:\program files\Common Files\aolshare
2010-07-17 13:06 . 2010-05-24 03:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL
2010-07-17 13:01 . 2010-03-22 03:27 -------- d-----w- c:\program files\att games
2010-07-17 12:57 . 2010-01-26 07:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2010-07-17 12:56 . 2009-04-13 02:24 -------- d-----w- c:\program files\VideoLAN
2010-07-17 01:41 . 2010-01-18 21:55 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 01:40 . 2010-01-18 21:55 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 21:58 . 2008-06-29 05:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-16 13:28 . 2010-02-03 07:01 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\vlc
2010-06-14 14:31 . 2010-01-18 19:56 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-12 06:12 . 2009-03-03 04:35 -------- d-----w- c:\program files\Bonjour
2010-06-12 06:12 . 2009-09-06 15:51 -------- d-----w- c:\program files\Apple Software Update
2010-06-11 21:51 . 2010-06-11 21:51 3055600 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 21:36 . 2010-06-11 21:36 275952 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-10 04:53 . 2010-06-10 04:53 1244648 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\MSNInstaller\msnauins.exe
2010-06-10 04:53 . 2010-06-10 04:53 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\MSNInstaller
2010-06-02 15:50 . 2010-01-18 21:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-26 14:44 . 2010-05-26 14:44 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\dvdcss
2010-05-26 03:59 . 2010-05-26 03:59 503808 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27950006-n\msvcp71.dll
2010-05-26 03:59 . 2010-05-26 03:59 499712 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27950006-n\jmc.dll
2010-05-26 03:59 . 2010-05-26 03:59 348160 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27950006-n\msvcr71.dll
2010-05-26 03:59 . 2010-05-26 03:59 61440 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-766445f8-n\decora-sse.dll
2010-05-26 03:59 . 2010-05-26 03:59 12800 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-766445f8-n\decora-d3d.dll
2010-05-24 04:05 . 2010-05-24 04:05 -------- d-----w- c:\documents and settings\Bobby Beckum\Application Data\acccore
2010-05-24 03:58 . 2010-05-24 03:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP
2010-05-24 03:57 . 2010-05-24 03:57 686928 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\SinfInst.exe
2010-05-24 03:55 . 2010-05-24 03:55 1484136 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\acscore.exe
2010-05-24 03:55 . 2010-05-24 03:55 420800 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\AIMLang.exe
2010-05-24 03:55 . 2010-05-24 03:55 1364608 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\fdosetup.exe
2010-05-24 03:55 . 2010-05-24 03:54 5243272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\noneCodesignFilesBundle.exe
2010-05-24 03:54 . 2010-05-24 03:54 45864 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\ACSInstA.dll
2010-05-24 03:54 . 2010-05-24 03:54 11592 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\ocfcheck.dll
2010-05-24 03:54 . 2010-05-24 03:54 8008 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\ie7chck.dll
2010-05-24 03:54 . 2010-05-24 03:54 123376 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\jginst.exe
2010-05-24 03:54 . 2010-05-24 03:54 383128 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\tbsetup.exe
2010-05-24 03:54 . 2010-05-24 03:54 11592 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\tbinst.dll
2010-05-24 03:54 . 2010-05-24 03:54 6378688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\ocpinst.exe
2010-05-24 03:54 . 2010-05-24 03:54 183080 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\gui_ext.dll
2010-05-24 03:54 . 2010-05-24 03:53 247136 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\gui.dll
2010-05-24 03:53 . 2010-05-24 03:53 2426872 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\frntlang.exe
2010-05-24 03:53 . 2010-05-24 03:53 17736 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\brwschk.dll
2010-05-24 03:53 . 2010-05-24 03:53 8520 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\wappchck.dll
2010-05-24 03:53 . 2010-05-24 03:53 10856 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\wsfixchk.dll
2010-05-24 03:53 . 2010-05-24 03:53 1362936 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\msvc9rt.exe
2010-05-24 03:53 . 2010-05-24 03:53 964544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\acslaeu.exe
2010-05-24 03:53 . 2010-05-24 03:53 1651320 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\reginst4.exe
2010-05-24 03:53 . 2010-05-24 03:53 642480 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\SLinst.exe
2010-05-24 03:53 . 2010-05-24 03:52 80912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\alsetup.exe
2010-05-24 03:51 . 2010-05-24 03:51 127224 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\afixlang.exe
2010-05-24 03:51 . 2010-05-24 03:51 1233552 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\mailinst.exe
2010-05-24 03:51 . 2010-05-24 03:51 37672 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\ACSInstC.dll
2010-05-24 03:51 . 2010-05-24 03:51 18248 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\NexusSuite\2.1.103.1\comps\imappver.dll
2010-05-24 03:51 . 2010-05-24 03:51 335 ----a-w- c:\windows\nsreg.dat
2010-05-24 03:51 . 2010-05-24 03:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads
2010-05-22 08:15 . 2010-05-22 08:15 -------- d-----w- c:\documents and settings\Windows Three\Application Data\Flood Light Games
2010-05-22 08:15 . 2010-05-22 08:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Flood Light Games
2010-05-22 08:13 . 2008-06-20 04:05 -------- d-----w- c:\program files\Yahoo! Games
2010-05-22 06:21 . 2010-02-06 20:59 31 ----a-w- c:\windows\popcinfo.dat
2010-05-19 17:59 . 2010-05-19 17:59 503808 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7bceb510-n\msvcp71.dll
2010-05-19 17:59 . 2010-05-19 17:59 499712 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7bceb510-n\jmc.dll
2010-05-19 17:59 . 2010-05-19 17:59 348160 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7bceb510-n\msvcr71.dll
2010-05-19 17:59 . 2010-05-19 17:59 61440 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26de578b-n\decora-sse.dll
2010-05-19 17:59 . 2010-05-19 17:59 12800 ----a-w- c:\documents and settings\Bobby Beckum\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26de578b-n\decora-d3d.dll
2010-05-16 01:26 . 2010-05-16 01:26 61440 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f00b271-n\decora-sse.dll
2010-05-16 01:26 . 2010-05-16 01:26 12800 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f00b271-n\decora-d3d.dll
2010-05-16 01:26 . 2010-05-16 01:26 503808 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46250fd1-n\msvcp71.dll
2010-05-16 01:26 . 2010-05-16 01:26 499712 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46250fd1-n\jmc.dll
2010-05-16 01:26 . 2010-05-16 01:26 348160 ----a-w- c:\documents and settings\Windows Three\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46250fd1-n\msvcr71.dll
2010-05-16 01:25 . 2010-05-16 01:26 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 10:41 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2001-08-23 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Bobby Beckum\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-02 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1384.0\mswinext.exe" [2010-02-17 243032]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 01:41 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Bobby Beckum\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/18/2010 4:55 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/18/2010 4:55 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/16/2010 8:40 PM 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 8:41 PM 308136]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2009 11:15 PM 133104]
S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [1/31/2010 11:19 PM 480128]
S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [1/31/2010 11:19 PM 1472000]
.
Contents of the 'Scheduled Tasks' folder

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 04:15]

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 04:15]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1500820517-725345543-1008Core.job
- c:\documents and settings\Bobby Beckum\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-02 02:14]

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1500820517-725345543-1008UA.job
- c:\documents and settings\Bobby Beckum\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-02 02:14]

2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{09D4E691-BC9F-4850-BDF0-A3C97A4FF982}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]

2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{8A72F133-AB9F-4D20-9F0E-441DB93986D9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]

2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{E3A1DCE9-99DD-4452-8AB5-F7240770FAB6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]

2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{ED25AC74-2BE2-4C26-A940-5569E693242B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://internetexplorer.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-Domino - c:\windows\Domino.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 11:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-1500820517-725345543-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-17 11:42:19
ComboFix-quarantined-files.txt 2010-07-17 16:42

Pre-Run: 21,333,372,928 bytes free
Post-Run: 22,005,985,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - A9FB083EDA3C9E5BF0FC66129A1C37B2

Attached Files


Edited by ldtate, 17 July 2010 - 11:26 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP