Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IRC BOT [Closed]


  • This topic is locked This topic is locked

#16
Groovka

Groovka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
There were no issues running the combofix. The issue that I noticed before where my homepage on Firefox would default to some page not found is gone. Other than that all is good.


ComboFix 12-11-05.03 - Owner 11/06/2012 8:47.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1534.942 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Owner\LOCALS~1\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
c:\documents and settings\Owner\Local Settings\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-04 02:15 . 2012-11-04 02:15 -------- d-----w- c:\documents and settings\Owner\.swt
2012-11-04 02:14 . 2012-11-06 02:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2012-11-04 02:14 . 2012-11-04 02:15 -------- d-----w- c:\program files\Vuze
2012-10-27 18:23 . 2012-10-27 18:23 -------- d-----w- C:\RK_Quarantine
2012-10-09 07:29 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-10-09 07:24 . 2009-07-31 04:57 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-10-09 07:24 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-10-09 07:18 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-10-09 07:18 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2012-10-09 07:18 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-10-09 07:18 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-10-09 07:18 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-10-09 07:18 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-10-09 07:18 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-10-09 07:01 . 2009-07-17 16:27 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2012-10-08 12:46 . 2009-12-16 12:58 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2012-10-08 07:01 . 2004-08-04 07:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-10-07 16:53 . 2012-10-09 07:11 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-10-07 15:52 . 2009-12-14 07:35 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2012-10-07 15:52 . 2008-07-03 13:16 8454656 -c----w- c:\windows\system32\dllcache\shell32.dll
2012-10-07 15:52 . 2009-09-04 20:45 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2012-10-07 15:52 . 2010-04-20 05:51 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
2012-10-07 15:52 . 2008-06-24 16:23 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2012-10-07 15:52 . 2009-10-12 13:54 69632 -c----w- c:\windows\system32\dllcache\raschap.dll
2012-10-07 15:52 . 2009-10-12 13:54 112128 -c----w- c:\windows\system32\dllcache\rastls.dll
2012-10-07 15:47 . 2010-02-12 04:47 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2012-10-07 15:47 . 2009-06-25 08:44 168448 -c----w- c:\windows\system32\dllcache\schannel.dll
2012-10-07 15:41 . 2009-11-27 16:37 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2012-10-07 15:41 . 2009-11-27 16:37 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2012-10-07 15:41 . 2009-11-27 16:37 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2012-10-07 15:41 . 2010-01-29 15:08 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2012-10-07 15:41 . 2010-01-29 15:08 1315840 -c----w- c:\windows\system32\dllcache\msoe.dll
2012-10-07 15:36 . 2006-10-04 08:48 215552 -c----w- c:\windows\system32\dllcache\osk.exe
2012-10-07 15:36 . 2006-10-04 08:48 72704 -c----w- c:\windows\system32\dllcache\magnify.exe
2012-10-07 15:36 . 2006-10-04 08:48 53760 -c----w- c:\windows\system32\dllcache\narrator.exe
2012-10-07 15:36 . 2010-03-05 14:57 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll
2012-10-07 15:36 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-10-07 15:36 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-10-07 15:36 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-10-07 15:36 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-10-07 15:36 . 2009-08-05 09:11 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2012-10-07 15:36 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-10-07 15:35 . 2010-06-14 14:30 743936 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-10-07 15:35 . 2008-10-23 13:01 283648 -c----w- c:\windows\system32\dllcache\gdi32.dll
2012-10-07 15:35 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-10-07 15:35 . 2008-05-01 14:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-10-07 15:35 . 2009-07-17 18:55 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2012-10-07 15:30 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2012-10-07 15:30 . 2009-10-13 10:53 266752 -c----w- c:\windows\system32\dllcache\oakley.dll
2012-10-07 15:29 . 2010-01-13 14:10 85504 -c----w- c:\windows\system32\dllcache\cabview.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-06 15:27 . 2009-10-02 23:39 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-10-06 15:27 . 2012-05-25 23:38 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-09-29 23:54 . 2012-10-06 12:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-18 01:39 . 2012-08-18 01:39 200632 ----a-w- c:\windows\system32\klogon.dll
2012-08-16 08:52 . 2012-08-16 08:52 261448 ----a-w- c:\windows\system32\betwinservicexp.exe
2012-08-16 08:52 . 2012-08-16 08:52 249856 ----a-w- c:\windows\system32\slsapi.dll
2012-08-16 08:52 . 2012-08-16 08:52 20800 ----a-w- c:\windows\system32\drivers\betwinvf.sys
2012-08-16 08:52 . 2012-08-16 08:52 13640 ----a-w- c:\windows\system32\drivers\betwinsystem.sys
2012-08-16 08:52 . 2012-08-16 08:52 16192 ----a-w- c:\windows\system32\drivers\betwinmf.sys
2012-08-16 08:52 . 2012-08-16 08:52 16192 ----a-w- c:\windows\system32\drivers\betwinkf.sys
2012-08-13 22:24 . 2012-10-06 13:09 74072 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-08-13 20:49 . 2012-08-13 20:49 144344 ----a-w- c:\windows\system32\drivers\kneps.sys
2004-10-01 19:00 . 2010-09-01 20:17 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2010-05-12 20:42 . 2012-10-26 21:43 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 21:22 . 2012-10-26 21:43 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 20:43 . 2012-10-26 21:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-05-12 20:42 . 2012-10-26 21:43 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 20:42 . 2012-10-26 21:43 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 20:41 . 2012-10-26 21:43 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 20:42 . 2012-10-26 21:43 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 20:42 . 2012-10-26 21:43 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-14 17:55 . 2012-10-26 21:43 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 20:43 . 2012-10-26 21:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-10-26 21:44 . 2012-10-26 21:43 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-03 39408]
"Akamai NetSession Interface"="c:\documents and settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-11-30 935312]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-30 21392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17416880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-11-30 3508624]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-08-18 218880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17416880]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Adobe\\Adobe Flash Builder 4.5\\FlashBuilder.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7935:TCP"= 7935:TCP:Adobe Flash Builder 4.5
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 3:22 PM 65584]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [6/8/2012 10:38 AM 43608]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [8/13/2012 3:49 PM 144344]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/18/2001 7:00 AM 14336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/6/2012 7:01 AM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/6/2012 7:01 AM 676936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [6/27/2012 1:09 PM 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [5/25/2012 6:38 PM 24408]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 24920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/6/2012 7:01 AM 22856]
S0 BeTwinVideo;BeTwinVideo;c:\windows\system32\drivers\betwinvf.sys [8/16/2012 3:52 AM 20800]
S1 BeTwinSystem;BeTwinSystem;c:\windows\system32\drivers\betwinsystem.sys [8/16/2012 3:52 AM 13640]
S3 BeTwinKeyboard;BeTwinKeyboard;c:\windows\system32\drivers\betwinkf.sys [8/16/2012 3:52 AM 16192]
S3 BeTwinMouse;BeTwinMouse;c:\windows\system32\drivers\betwinmf.sys [8/16/2012 3:52 AM 16192]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [12/18/2011 9:38 PM 78136]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [12/18/2011 9:38 PM 181432]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 11:06]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 11:06]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-682003330-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-11 10:37]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-682003330-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-11 10:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://win8.microsoft.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F69E475D-D94F-43AF-AE7B-DE24AB6DEFF8}: NameServer = 200.74.244.126,8.8.8.8
DPF: {6416C78A-E810-445C-8712-1785809FA433} - hxxps://remoteaccess.tdbank.ca/CitrixLogonPoint/TDBFG/EPAClient/EPAClient.exe
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\kvrfbzev.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
FF - ExtSQL: 2012-10-06 09:10; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2012-10-06 09:10; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2012-10-06 09:11; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2012-10-06 09:11; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2012-10-06 09:11; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-06 09:45
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b5e8a4c.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4580)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-11-06 09:56:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-06 14:56
ComboFix2.txt 2012-10-28 16:46
ComboFix3.txt 2012-10-26 13:28
.
Pre-Run: 35,178,291,200 bytes free
Post-Run: 35,192,471,552 bytes free
.
- - End Of File - - 17757373202E1F5A4AD9A43681D4EA0C
  • 0

Advertisements


#17
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#18
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#19
Groovka

Groovka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
here is the latest report:

Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Adobe Widget Browser
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArtiCAD 14.0 Build 20
Better Homes and Gardens Interior Designer 7.0
Bonjour
Brother 1440
Brownie
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
CoffeeCup HTML Editor
DVD Solution
DX Studio Player v3.2.68
EPAFactory Endpoint Analysis Client 3.64
FileZilla Client 3.5.1
Google Chrome
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
iJoysoft DVD Ripper Standard
Intel® Extreme Graphics Driver
iTunes
Java Auto Updater
Java™ 6 Update 24
K-Lite Codec Pack 3.1.0 Full
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 6 Service Pack 2 (KB973686)
Multimedia Launcher
MultipleIEs
MyFreeCodec
Nero OEM
Notepad++
NVIDIA GAME System Software 2.8.1
Opera 11.01
PDF Settings CS5
Picasa 3
PowerDVD
PxMergeModule
QuickTime
Russian Phonetic YaZHert - WinRus.com
Safari
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Skype™ 5.10
SoundMAX
SweetIM for Messenger 3.3
Times Reader
TopStyle 4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.9
Vuze
WebFldrs XP
Winamp
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 2
WinRAR archiver
Yahoo! Detect


Thanks for your help!
  • 0

#20
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.3.1
Java™ 6 Update 24
McAfee Security Scan Plus
SweetIM for Messenger 3.3
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#21
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#22
Groovka

Groovka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I am in the process of completing the last step.
  • 0

#23
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
:thumbsup:
  • 0

#24
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#25
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

Advertisements


#26
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP