browser redirected

closed · 23 February 2010 at 12:56AM

click the update tab, and update it before doing a scan, should be 3778, not 3759

aliEnRIK · 23 February 2010 at 1:09AM

And run a FULL scan to be safer

aliEnRIK · 23 February 2010 at 1:12AM

TICK and FIX these in hijack ~
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

inver90 · 23 February 2010 at 1:20AM

combofix pt1
ComboFix 10-02-21.02 - tommy 22/02/2010 23:58:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2567 [GMT 0:00]
Running from: c:\documents and settings\tommy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_007053_.tmp.dll
c:\windows\system32\_007054_.tmp.dll
c:\windows\system32\_007055_.tmp.dll
c:\windows\system32\_007056_.tmp.dll
c:\windows\system32\_007063_.tmp.dll
c:\windows\system32\_007064_.tmp.dll
c:\windows\system32\_007065_.tmp.dll
c:\windows\system32\_007066_.tmp.dll
c:\windows\system32\_007068_.tmp.dll
c:\windows\system32\_007069_.tmp.dll
c:\windows\system32\_007072_.tmp.dll
c:\windows\system32\_007073_.tmp.dll
c:\windows\system32\_007075_.tmp.dll
c:\windows\system32\_007076_.tmp.dll
c:\windows\system32\_007077_.tmp.dll
c:\windows\system32\_007079_.tmp.dll
c:\windows\system32\_007082_.tmp.dll
c:\windows\system32\_007083_.tmp.dll
c:\windows\system32\_007087_.tmp.dll
c:\windows\system32\_007088_.tmp.dll
c:\windows\system32\_007090_.tmp.dll
c:\windows\system32\_007093_.tmp.dll
c:\windows\system32\_007095_.tmp.dll
c:\windows\system32\_007096_.tmp.dll
c:\windows\system32\_007097_.tmp.dll
c:\windows\system32\_007098_.tmp.dll
c:\windows\system32\_007099_.tmp.dll
c:\windows\system32\_007102_.tmp.dll
c:\windows\system32\_007103_.tmp.dll
c:\windows\system32\_007104_.tmp.dll
c:\windows\system32\_007105_.tmp.dll
c:\windows\system32\_007106_.tmp.dll
c:\windows\system32\_007111_.tmp.dll
c:\windows\system32\_007113_.tmp.dll
c:\windows\system32\_007114_.tmp.dll
c:\windows\system32\SET497.tmp

inver90 · 23 February 2010 at 1:21AM

pt2
((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.
2010-02-22 17:49 . 2010-02-22 17:49

d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-19 14:38 . 2001-08-17 22:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-02-19 14:38 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-02-19 14:38 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-02-19 14:38 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-02-19 14:27 . 2010-02-18 23:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-19 00:45 . 2010-02-19 00:45

d

w- c:\documents and settings\tommy\Application Data\DivX
2010-02-19 00:32 . 2010-02-18 23:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-19 00:08 . 2010-02-19 00:08 128 ----a-w- c:\documents and settings\tommy\Local Settings\Application Data\fusioncache.dat
2010-02-18 23:54 . 2010-02-18 23:54

d

w- c:\documents and settings\tommy\Local Settings\Application Data\IsolatedStorage
2010-02-18 23:40 . 2010-02-18 23:57

d

w- c:\documents and settings\tommy\Local Settings\Application Data\Pinnacle
2010-02-18 23:33 . 2010-02-18 23:33 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-02-18 23:33 . 2010-02-19 14:27 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-18 23:33 . 2010-02-18 23:33 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-18 23:33 . 2010-02-18 23:33 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-18 23:33 . 2010-02-19 14:27 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-18 23:33 . 2010-02-18 23:33 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-18 23:33 . 2010-02-18 23:33 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-18 23:32 . 2010-02-18 23:32

dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-18 23:32 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-18 23:30 . 2010-02-22 22:56

d

w- c:\program files\Lavasoft
2010-02-18 23:30 . 2010-02-18 23:34

d

w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-18 22:53 . 2010-02-18 22:53

d

w- c:\program files\Trend Micro
2010-02-18 22:48 . 2010-02-18 22:48

d

w- c:\program files\MSXML 4.0
2010-02-18 22:47 . 1998-11-02 19:57 57856

w- c:\windows\system32\MASD32.DLL
2010-02-18 22:47 . 1998-11-02 19:57 196096

w- c:\windows\system32\MACD32.DLL
2010-02-18 22:47 . 1998-11-02 19:57 138752

w- c:\windows\system32\MASE32.DLL
2010-02-18 22:47 . 1998-11-02 19:57 136192

w- c:\windows\system32\MAMC32.DLL
2010-02-18 22:47 . 1998-11-02 19:57 27648

w- c:\windows\system32\MA32.DLL
2010-02-18 22:46 . 2004-06-03 11:47 385100

w- c:\windows\system32\MSVCRTD.DLL
2010-02-18 22:46 . 2003-03-19 04:03 544768

w- c:\windows\system32\msvcr71d.dll
2010-02-18 22:46 . 2004-07-23 08:00 446464

w- c:\windows\system32\HHActiveX.dll
2010-02-18 22:46 . 2003-03-19 05:28 2179072

w- c:\windows\system32\mfc71d.dll
2010-02-18 22:46 . 2003-03-19 04:04 765952

w- c:\windows\system32\msvcp71d.dll
2010-02-18 22:46 . 2002-01-05 20:16 737280

w- c:\windows\system32\msvcp70d.dll
2010-02-18 22:46 . 2002-01-05 20:16 536576

w- c:\windows\system32\msvcr70d.dll
2010-02-18 22:45 . 2006-12-01 22:54 548864

w- c:\windows\system32\msvcp80.dll
2010-02-18 22:45 . 2006-12-01 22:54 626688

w- c:\windows\system32\msvcr80.dll
2010-02-18 22:45 . 2002-01-05 12:40 487424

w- c:\windows\system32\MSVCP70.DLL
2010-02-18 22:45 . 2010-02-18 22:45

d

w- c:\program files\Pinnacle
2010-02-18 22:45 . 2002-01-05 12:37 344064

w- c:\windows\system32\MSVCR70.DLL
2010-02-18 22:43 . 2010-02-18 23:40

d

w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-02-18 22:38 . 2010-02-18 22:38

d

w- c:\documents and settings\tommy\Local Settings\Application Data\Downloaded Installations
2010-02-18 22:32 . 2008-05-25 03:41 3072 ----a-r- c:\windows\system32\34CoInstaller.dll
2010-02-18 22:32 . 2008-05-25 03:41 1121536 ----a-r- c:\windows\system32\drivers\3xHybrid.sys
2010-02-17 22:36 . 2010-02-18 14:52

d

w- c:\program files\Spybot - Search & Destroy
2010-02-17 22:30 . 2005-08-25 19:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-02-17 22:30 . 2010-02-22 17:49

d

w- c:\program files\SpywareBlaster
2010-02-16 23:54 . 2010-02-16 23:54

d

w- c:\documents and settings\tommy\Application Data\ImgBurn
2010-02-16 23:37 . 2010-02-16 23:41

d

w- c:\program files\ImgBurn
2010-02-16 17:53 . 2008-05-29 12:04 10752

w- c:\windows\system32\rspndr.exe
2010-02-16 17:53 . 2008-05-29 12:04 62848

w- c:\windows\system32\drivers\rspndr.sys
2010-02-16 00:05 . 2010-02-16 00:05

d

w- c:\documents and settings\tommy\Local Settings\Application Data\PassMark
2010-02-16 00:04 . 2010-02-16 00:04

d

w- c:\documents and settings\All Users\Application Data\PassMark
2010-02-15 21:56 . 2010-02-15 21:57

d

w- c:\windows\system32\NtmsData
2010-02-15 17:56 . 2010-02-15 17:56

d

w- c:\documents and settings\tommy\Local Settings\Application Data\dboledg
2010-02-15 17:15 . 2010-02-15 17:15

d

w- c:\documents and settings\tommy\Local Settings\Application Data\Identities
2010-02-14 16:41 . 2010-02-14 16:41

d

w- c:\documents and settings\tommy\Application Data\Canneverbe Limited
2010-02-14 16:41 . 2010-02-14 16:41

d

w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-02-14 16:41 . 2010-02-14 16:41

d

w- c:\program files\CDBurnerXP
2010-02-14 16:16 . 2010-02-14 16:16

d

w- c:\documents and settings\tommy\Application Data\NeroVision
2010-02-14 16:11 . 2001-06-26 07:15 38912 ----a-r- c:\windows\system32\picn20.dll
2010-02-14 16:11 . 2001-07-06 17:24 283920 ----a-r- c:\windows\system32\ImagXpr5.dll
2010-02-14 16:11 . 2001-07-06 13:41 569344 ----a-r- c:\windows\system32\imagr5.dll
2010-02-14 16:11 . 2001-07-06 11:44 544768 ----a-r- c:\windows\system32\imagx5.dll
2010-02-14 16:11 . 2010-02-14 16:11

d

w- c:\program files\Common Files\Ahead
2010-02-14 16:11 . 2001-07-09 10:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe
2010-02-13 22:14 . 2010-02-13 22:14

d

w- c:\documents and settings\tommy\Application Data\VistaCodecs
2010-02-13 22:14 . 2010-02-13 22:14

d

w- c:\program files\VistaCodecPack
2010-02-13 22:13 . 2010-02-13 22:14

d

w- c:\documents and settings\All Users\Application Data\VistaCodecs
2010-02-13 00:48 . 2010-02-13 00:48

d

w- c:\windows\system32\windows media
2010-02-13 00:48 . 2010-02-13 00:48

d

w- c:\program files\Windows Media Components
2010-02-13 00:03 . 1998-10-29 16:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-02-13 00:03 . 2010-02-13 00:03

d

w- c:\documents and settings\tommy\WINDOWS
2010-02-10 23:43 . 2010-02-19 19:30

d

w- c:\program files\Common Files\DivX Shared
2010-02-10 23:40 . 2010-02-11 22:12

d

w- c:\program files\K-Lite Codec Pack
2010-02-10 23:33 . 2010-01-14 11:12 181120

w- c:\windows\system32\MpSigStub.exe
2010-02-10 23:30 . 2010-02-10 23:31

d

w- c:\program files\Microsoft Security Essentials
2010-02-09 23:49 . 2010-02-09 23:49

d

w- c:\windows\WinRAR
2010-02-09 23:11 . 2010-02-09 23:11

d

w- c:\program files\Speccy
2010-02-09 22:48 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-09 22:48 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-09 22:36 . 2010-02-09 22:36

d

w- c:\program files\CCleaner
2010-02-06 23:56 . 2010-02-06 23:58

d

w- c:\program files\FLAC
2010-02-06 21:53 . 2010-02-06 21:53

d

w- c:\documents and settings\tommy\Application Data\InterVideo
2010-02-05 22:36 . 2010-02-05 22:36

d

w- c:\program files\Diskeeper Corporation
2010-02-05 22:36 . 2010-02-05 22:36

d

w- c:\windows\Downloaded Installations
2010-02-05 18:39 . 2005-05-02 21:15 36484 ----a-w- c:\windows\system32\drivers\SMBios.sys
2010-02-05 18:16 . 2010-02-05 18:16

d

w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-04 19:45 . 2010-02-04 19:45

d

w- c:\documents and settings\tommy\Local Settings\Application Data\Logitech-LS
2010-02-04 19:44 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-02-04 19:44 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-02-04 19:43 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-02-04 19:43 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-02-04 19:38 . 2010-02-18 23:39 15792 ----a-w- c:\documents and settings\tommy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 19:23 . 2010-02-04 19:38

d

w- c:\program files\Common Files\LogiShrd
2010-02-04 19:21 . 2010-02-04 19:40

d

w- c:\program files\Logitech
2010-02-04 19:18 . 2010-02-04 19:18

d

w- c:\documents and settings\tommy\Application Data\Leadertech
2010-02-04 19:16 . 2010-02-04 19:16

d

w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-02-03 22:56 . 2010-02-03 23:41

d

w- c:\windows\system32\scripting
2010-02-03 22:56 . 2010-02-03 23:41

d

w- c:\windows\l2schemas
2010-02-03 22:56 . 2010-02-03 23:41

d

w- c:\windows\system32\en
2010-02-03 22:45 . 2009-12-14 07:08 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-02-03 22:23 . 2010-02-03 22:23

d

w- c:\windows\Sun
2010-02-03 22:23 . 2010-02-03 22:23 61440 ----a-w- c:\documents and settings\tommy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-64010a9e-n\decora-sse.dll
2010-02-03 22:23 . 2010-02-03 22:23 12800 ----a-w- c:\documents and settings\tommy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-64010a9e-n\decora-d3d.dll
2010-02-03 22:22 . 2010-02-03 22:22 503808 ----a-w- c:\documents and settings\tommy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c0bb280-n\msvcp71.dll
2010-02-03 22:22 . 2010-02-03 22:22 499712 ----a-w- c:\documents and settings\tommy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c0bb280-n\jmc.dll
2010-02-03 22:22 . 2010-02-03 22:22 348160 ----a-w- c:\documents and settings\tommy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3c0bb280-n\msvcr71.dll
2010-02-03 22:22 . 2010-02-03 22:22

d

w- c:\program files\Common Files\Java
2010-02-03 19:38 . 2007-03-05 12:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-02-03 19:23 . 2010-02-13 00:49

d--h--w- c:\windows\msdownld.tmp
2010-02-03 19:23 . 2010-02-03 19:23

d

w- c:\windows\Logs
2010-02-03 18:39 . 2010-02-03 18:39 137072 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-03 18:32 . 2004-06-07 05:00 7680 ----a-w- c:\windows\system32\CNMVS6d.DLL
2010-02-03 18:32 . 2004-06-07 05:00 54272 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP6d.DLL
2010-02-03 18:32 . 2004-06-07 05:00 17920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD6d.DLL
2010-02-03 18:32 . 2004-06-07 05:00 116736 ----a-w- c:\windows\system32\CNMLM6d.DLL
2010-02-03 18:10 . 2010-02-03 18:10

d

w- c:\documents and settings\All Users\Application Data\ATI
2010-02-02 23:31 . 2010-02-02 23:31

d

w- c:\windows\system32\wbem\Repository
2010-02-02 21:31 . 2010-02-21 22:19

d

w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-02 21:16 . 2010-02-02 21:16

d

w- c:\documents and settings\tommy\Application Data\Malwarebytes
2010-02-02 21:15 . 2010-02-02 21:15

d

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-02 21:15 . 2010-02-09 22:48

d

w- c:\program files\Malwarebytes' Anti-Malware
2010-02-02 17:10 . 2010-02-02 23:30

d

w- c:\program files\Microsoft ActiveSync

inver90 · 23 February 2010 at 1:22AM

pt3
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 14:27 . 2010-02-18 23:34 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-18 22:45 . 2009-12-27 14:20

d--h--w- c:\program files\InstallShield Installation Information
2010-02-07 22:48 . 2009-12-27 19:15

d

w- c:\program files\Common Files\Adobe
2010-02-06 00:22 . 2009-12-27 23:24

d

w- c:\program files\Ares
2010-02-04 19:40 . 2010-02-04 19:40

d

w- c:\program files\Common Files\Logitech
2010-02-04 15:53 . 2010-02-18 23:34 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 23:44 . 2009-12-27 14:18 80491 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-03 22:22 . 2009-12-27 14:20

d

w- c:\program files\Java
2010-02-03 18:07 . 2009-12-27 20:37

d

w- c:\program files\ATI Technologies
2010-01-05 10:00 . 2003-07-30 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 07:56 78336

w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2003-07-30 12:00 17408

w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2010-02-03 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 16:50 . 2009-12-28 16:50

d

w- c:\program files\MSBuild
2009-12-28 16:50 . 2009-12-28 16:50

d

w- c:\program files\Reference Assemblies
2009-12-28 16:47 . 2009-12-28 16:47

d

w- c:\program files\MSXML 6.0
2009-12-27 23:09 . 2009-12-27 21:49

d

w- c:\documents and settings\All Users\Application Data\NOS
2009-12-27 21:55 . 2009-12-27 21:55

d

w- c:\documents and settings\tommy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-12-27 21:51 . 2009-12-27 21:51 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-27 21:50 . 2009-12-27 21:50 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-12-27 21:48 . 2009-12-27 21:48 152576 ----a-w- c:\documents and settings\tommy\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-27 21:47 . 2009-12-27 21:47 79488 ----a-w- c:\documents and settings\tommy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-27 21:32 . 2009-12-27 21:32

d

w- c:\documents and settings\tommy\Application Data\ATI
2009-12-27 21:31 . 2009-12-27 21:31 0 ----a-w- c:\windows\ativpsrm.bin
2009-12-27 21:25 . 2009-12-27 21:25 9158 ----a-r- c:\documents and settings\tommy\Application Data\Microsoft\Installer\{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF}\ARPPRODUCTICON.exe
2009-12-27 21:22 . 2009-12-27 14:20

d

w- c:\program files\Common Files\InstallShield
2009-12-27 21:22 . 2009-12-27 21:22

d

w- c:\program files\Common Files\ATI Technologies
2009-12-27 20:37 . 2009-12-27 20:37 10134 ----a-r- c:\documents and settings\tommy\Application Data\Microsoft\Installer\{638965F2-4A84-F3D5-DE33-FE6A8B1EF01C}\ARPPRODUCTICON.exe
2009-12-27 20:37 . 2009-12-27 20:37

d

w- c:\program files\ATI
2009-12-27 19:15 . 2009-12-27 19:15

d

w- c:\documents and settings\tommy\Application Data\AdobeUM
2009-12-27 19:04 . 2009-12-27 19:04

d

w- c:\program files\Microsoft
2009-12-27 19:04 . 2009-12-27 19:03

d

w- c:\program files\Windows Live
2009-12-27 19:04 . 2009-12-27 19:04

d

w- c:\program files\Windows Live SkyDrive
2009-12-27 19:02 . 2009-12-27 19:02

d

w- c:\program files\Common Files\Windows Live
2009-12-27 18:57 . 2009-12-27 18:57

d

w- c:\program files\Belarc
2009-12-27 18:54 . 2009-12-27 18:54

d

w- c:\program files\AVG
2009-12-27 14:48 . 2009-12-27 14:48

d

w- c:\program files\InterVideo
2009-12-27 14:47 . 2009-12-27 14:37 586 ----a-w- C:\pnpID.dat
2009-12-27 14:42 . 2009-12-27 14:42 808 ----a-w- c:\windows\system32\drivers\alcxinit.dat
2009-12-27 14:38 . 2009-12-27 14:38 865 ----a-w- C:\tmpFile.dat
2009-12-27 14:30 . 2009-12-27 14:30

d

w- c:\program files\Managed DirectX (0901)
2009-12-27 14:20 . 2009-12-27 14:20

d

w- c:\program files\microsoft frontpage
2009-12-27 14:20 . 2009-12-27 14:20

d

w- c:\program files\Java Web Start
2009-12-27 14:15 . 2009-12-27 14:15 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-17 17:14 . 2009-12-27 21:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2009-12-27 14:14 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-08 19:26 . 2010-02-03 22:45 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2010-02-03 22:45 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2010-02-03 22:45 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2009-12-27 14:30 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2003-07-30 03:53 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2003-07-30 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2003-07-30 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2003-07-30 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
.

aliEnRIK · 23 February 2010 at 12:11PM

What happened to the rest of the log?

inver90 · 23 February 2010 at 3:04PM

pt4
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"PMCLoader"="c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 109640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-09 98304]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 14:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 15:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 15:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/02/2010 23:34 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 15:52 1229232]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [18/02/2010 22:32 1121536]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [09/02/2010 22:48 38224]
.

inver90 · 23 February 2010 at 3:06PM

pt5
Contents of the 'Scheduled Tasks' folder
2010-02-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:33]
2010-02-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 17:36]
2010-02-23 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 17:36]
.
.

Supplementary Scan

.
uStart Page = google.co.uk/
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - .logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-PMCRemote - (no file)
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL

inver90 · 23 February 2010 at 3:09PM

pt6
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2010-02-23 00:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

DLLs Loaded Under Running Processes

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.

Other Running Processes

.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2010-02-23 00:14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-23 00:14
Pre-Run: 912,300,285,952 bytes free
Post-Run: 912,818,454,528 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - 8A30203C44CAC8AF597F081AD92638F3

browser redirected

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free