Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP Anti virus 2012 Removal [Closed]


  • This topic is locked This topic is locked

#1
kharris11

kharris11

    New Member

  • Member
  • Pip
  • 1 posts
i have read multiple forums to no result in removing this pesky virus. Can someone please look at my last combo fix log and see if the virus is still there. i have tried malwarebytes combofix and still cant get tdsskiller to even load and have changed the name numerous times. please help.

also now i have no internet connection now.

ComboFix 12-01-12.04 - DChen 4/2012 Sat 17:10:41.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.3032.2382 [GMT -8:00]
Ö´ÐÐλÖÃ: c:\documents and settings\DChen.HUD-DONGC\Desktop\ComboFix.exe
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( ±»É¾³ýµÄµµ°¸ )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( 2011-12-15 ÖÁ 2012-01-15 µÄеĵµ°¸ )))))))))))))))))))))))))))))))
.
.
2012-01-15 00:41 . 2012-01-15 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-01-10 01:53 . 2012-01-10 01:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-01-09 22:35 . 2012-01-09 22:35 -------- d-----w- C:\290404c1163c5ca21899
2012-01-09 21:39 . 2012-01-09 21:57 -------- d-----w- c:\program files\TrustPort
2012-01-09 21:39 . 2012-01-09 21:56 -------- d-----w- c:\program files\Common Files\TrustPort
2012-01-09 20:14 . 2012-01-09 20:14 -------- d-----w- C:\a2c3114621af83cc891d5a
2012-01-09 01:24 . 2012-01-09 01:24 -------- d-----w- c:\documents and settings\DChen.HUD-DONGC\Application Data\AVG10
2012-01-09 01:23 . 2012-01-09 01:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-09 01:23 . 2012-01-09 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2012-01-09 01:22 . 2012-01-09 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2012-01-09 01:22 . 2012-01-09 20:49 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-09 01:21 . 2012-01-09 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-01-08 23:02 . 2012-01-08 23:02 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2012-01-08 22:48 . 2012-01-08 22:48 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-02 20:44 . 2012-01-08 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\WRData
2012-01-02 19:06 . 2012-01-02 19:06 -------- d-----w- c:\documents and settings\DChen.HUD-DONGC\Application Data\Malwarebytes
2012-01-02 19:06 . 2012-01-02 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-02 19:06 . 2012-01-15 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( ÔÚÈý¸öÔÂÄÚ±»Ð޸ĵĵµ°¸ ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2008-07-21 22:50 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-07-21 22:49 60416 ------w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2008-07-21 22:50 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-07-21 22:49 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-07-21 22:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-07-21 22:49 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-07-21 22:49 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-07-21 22:49 33280 ------w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 00:54 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-07-21 22:49 186880 ------w- c:\windows\system32\encdec.dll
.
.
((((((((((((((((((((((((((((( [email protected]_02.03.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-09 12:35 . 2008-04-18 21:43 10752 c:\windows\system32\TDDL.dll
- 2009-09-09 12:35 . 2008-04-18 05:43 10752 c:\windows\system32\TDDL.dll
+ 2012-01-13 06:00 . 2008-03-26 21:21 13824 c:\windows\system32\ReinstallBackups\0001\DriverFiles\tpm.sys
+ 2012-01-13 06:00 . 2008-04-18 21:43 10752 c:\windows\system32\ReinstallBackups\0001\DriverFiles\TDDL.dll
+ 2012-01-13 05:43 . 2009-02-12 20:39 48640 c:\windows\system32\Lang\iTPM\CHS\ITPMCHS.dll
- 2009-09-09 12:35 . 2008-03-26 05:21 13824 c:\windows\system32\DRVSTORE\tpm_F4B269EF8C38A562CB6889B0566281F519459752\tpm.sys
+ 2009-09-09 12:35 . 2008-03-26 21:21 13824 c:\windows\system32\DRVSTORE\tpm_F4B269EF8C38A562CB6889B0566281F519459752\tpm.sys
+ 2009-09-09 12:35 . 2008-04-18 21:43 10752 c:\windows\system32\DRVSTORE\tpm_F4B269EF8C38A562CB6889B0566281F519459752\TDDL.dll
- 2009-09-09 12:35 . 2008-04-18 05:43 10752 c:\windows\system32\DRVSTORE\tpm_F4B269EF8C38A562CB6889B0566281F519459752\TDDL.dll
+ 2009-09-09 12:35 . 2008-03-26 21:21 13824 c:\windows\system32\drivers\tpm.sys
- 2009-09-09 12:35 . 2008-03-26 05:21 13824 c:\windows\system32\drivers\tpm.sys
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2009-09-09 12:35 . 2009-02-12 20:48 993816 c:\windows\system32\ITPMudlg.exe
- 2009-09-09 12:35 . 2008-05-06 04:51 993816 c:\windows\system32\ITPMudlg.exe
+ 2009-09-09 12:35 . 2008-07-23 21:54 319456 c:\windows\system32\difxapi.dll
- 2009-09-09 12:35 . 2006-11-10 00:25 319456 c:\windows\system32\difxapi.dll
+ 2012-01-08 22:44 . 2012-01-15 00:42 39390732 c:\windows\system32\Restore\rstrlog.dat
+ 2009-09-17 17:03 . 2012-01-13 11:00 52128560 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( ÖØÒªµÇÈëµã ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*×¢Òâ* ¿Õ°×ÓëºÏ·¨È±Ê¡µÇ¼½«²»»á±»ÏÔʾ
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94C3E4BB-A261-4A83-B437-EA6F7A28CA68}]
2011-05-11 12:36 186256 ------w- c:\program files\Kuaiwan\QvodGameExtend.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouSendIt.exe"="c:\program files\YouSendIt\Express\YouSendIt.exe" [2009-10-02 82432]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-13 39408]
"Kuaiwan"="c:\program files\Kuaiwan\Kuaiwan.exe" [2011-06-03 1234832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-15 61728]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-01-26 92960]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-08-31 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-08-31 124248]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2009-03-13 16384]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-02-18 389120]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-02-18 208896]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-04-17 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-04-17 172032]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MWREGICBC.exe"="c:\program files\ICBCEbankTools\MingWah\MWREGICBC.exe" [2011-10-10 50632]
"D4Svr_ICBC.exe"="D4Svr_ICBC.exe" [2011-01-13 66864]
"eKeyClient_csp.exe"="c:\program files\Mingwah_v2\eKeyClient_csp.exe" [2010-10-12 526336]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2010-04-07 85528]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-02-12 357400]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-9-9 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0tpnative
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-725345543-854245398-2145752213-29152\Scripts\Logon\0\0]
"Script"=hud_jre.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-725345543-854245398-2145752213-3161\Scripts\Logon\0\0]
"Script"=hud_jre.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"=
"c:\\Program Files\\Kuaiwan\\Kuaiwan.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 4:57 PM 20520]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2/15/2007 26624]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [9/9/2009 4:36 AM 23080]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/23/2008 12:15 AM 13480]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 4:50 PM 46144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 9:16 AM 130384]
S2 CMB8100;CMB8100;\??\c:\windows\system32\Drivers\CertClient.dat --> c:\windows\system32\Drivers\CertClient.dat [?]
S2 CMBProtector;CMBProtector;\??\c:\windows\system32\Drivers\CMBProtector.dat --> c:\windows\system32\Drivers\CMBProtector.dat [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/13/2011 10:08 AM 136176]
S2 ICBC Daemon Service;ICBC Daemon Service;c:\program files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe [4/21/2011 3:46 PM 428960]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [4/16/2009 8:05 PM 45424]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/11/2012 11:46 AM 652872]
S2 OnKey Service _ICBC;OnKey Service _ICBC;c:\windows\system32\D4Ser_ICBC.exe [1/12/2011 6:36 PM 58672]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [9/9/2009 4:47 AM 53248]
S2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [4/16/2009 8:05 PM 62320]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 2:34 PM 520192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 4:50 PM 360448]
S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [1/12/2012 9:43 PM 2058776]
S3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [9/9/2009 4:26 AM 72192]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys --> c:\windows\system32\Drivers\ATSwpWDF.sys [?]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [9/9/2009 4:25 AM 243856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/13/2011 10:08 AM 136176]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 2:54 PM 37312]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/21/2008 2:50 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 9:16 AM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
¡®¼Æ»®ÈÎÎñ¡¯ Îļþ¼Ð ÀïµÄÄÚÈÝ
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-13 18:08]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-13 18:08]
.
2012-01-12 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-09 16:53]
.
.
------- ¶øÍâµÄɨÃè -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZLxdm256YYUS&ptb=yffytTlKc120Lbqgcc163g
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: com.cn\*.icbc
Trusted Zone: icbc.com.cn
Trusted Zone: icbc.com.cn\*
Trusted Zone: vectron.com\appsascp
Trusted Zone: vectron.com\appsdev01
Trusted Zone: vectron.com\appsdev01ascp
Trusted Zone: vectron.com\appsprod
Trusted Zone: vectron.com\appstest
Trusted Zone: vectron.com\appstestascp
Trusted Zone: vectron.com\cosxaorjg
Trusted Zone: vectron.com\cosxapa10
Trusted Zone: vectron.com\mdsxaorkm
Trusted Zone: vectron.com\mdsxapa20
Trusted Zone: vectron.com\preprod
DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} - hxxps://site.cmbchina.com/download/CMBEdit.cab
DPF: {6B68CDBA-8AFE-4CAC-80FB-727B9F946957} - hxxp://helpstar.vectron.com/hsActiveX/HPluginI.cab
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
DPF: {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} - hxxp://szdl.cmbchina.com/download/PB/pb50.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-14 17:42
Windows 5.1.2600 Service Pack 3 NTFS
.
ɨÃè±»Òþ²ØµÄ½ø³Ì ¡£¡£¡£
.
ɨÃè±»Òþ²ØµÄÆô¶¯×é ¡£¡£¡£
.
ɨÃè±»Òþ²ØµÄÎļþ ¡£¡£¡£
.
ɨÃèÍê³É
±»Òþ²ØµÄµµ°¸: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CMB8100]
"ImagePath"="\??\c:\windows\system32\Drivers\CertClient.dat"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CMBProtector]
"ImagePath"="\??\c:\windows\system32\Drivers\CMBProtector.dat"
.
Íê³Éʱ¼ä: 2012-01-14 17:57:20
ComboFix-quarantined-files.txt 2012-01-15 01:56
ComboFix2.txt 2012-01-13 02:20
.
Pre-Run: 93,292,916,736 bytes free
Post-Run: 93,277,732,864 bytes free
.
- - End Of File - - 410C45F21BBBB31DAD4055220800927C

Attached Files


  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP