infosteealer combofix help

February 28, 2010 at 13:03:13
Specs: Windows XP, 1.oo gb
i need some help using combofix to remove infostealer viruson my computer i have use my antivirus in safe mode and malwarebytes but it still remains i was told to use vombo fix but im nothat familiar with the program can anyone help thanks.

See More: infosteealer combofix help

Report •

#1
February 28, 2010 at 13:51:15
Pretty much spelled out here.

http://www.computing.net/answers/se...


Report •

#2
February 28, 2010 at 13:54:49
do i still post the post the "C:\Combo-Fix.txt" .
do i still post this

Report •

#3
February 28, 2010 at 14:15:12
That is correct, but post it in your other thread so we can keep up with what has been completed so far.

Report •

Related Solutions

#4
February 28, 2010 at 14:45:57
ComboFix 10-02-27.04 - tonny 02/28/2010 14:19:52.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.524 [GMT -8:00]
Running from: c:\documents and settings\tonny\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\tonny\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\tonny\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\tonny\Local Settings\Application Data\{B59CB0A9-8657-42E5-8032-03C6636C182D}
c:\documents and settings\tonny\Local Settings\Application Data\{B59CB0A9-8657-42E5-8032-03C6636C182D}\chrome.manifest
c:\documents and settings\tonny\Local Settings\Application Data\{B59CB0A9-8657-42E5-8032-03C6636C182D}\chrome\content\_cfg.js
c:\documents and settings\tonny\Local Settings\Application Data\{B59CB0A9-8657-42E5-8032-03C6636C182D}\chrome\content\overlay.xul
c:\documents and settings\tonny\Local Settings\Application Data\{B59CB0A9-8657-42E5-8032-03C6636C182D}\install.rdf
c:\documents and settings\tonny\Start Menu\Programs\Startup\MagicDisc.lnk
c:\program files\Antivirus
c:\recycler\S-1-5-21-1205268604-1058200507-185623928-5390
c:\recycler\S-1-5-21-2773475152-0833457400-172114173-1519
c:\recycler\S-1-5-21-5496679760-4087774647-085693647-8485
c:\recycler\S-1-5-21-7673207732-1838465144-205873375-8201
c:\recycler\S-1-5-21-8847155915-2676581576-266533375-1292
c:\recycler\S-1-5-21-9459965055-3684272399-616483762-1946
c:\recycler\S-1-5-21-9850849400-3729537890-458442369-9373
c:\windows\system32\0030.DLL
c:\windows\system32\0031.DLL
c:\windows\system32\0033.DLL
c:\windows\system32\0034.DLL
c:\windows\system32\0035.DLL
c:\windows\system32\svchost2.exe
c:\windows\system32\WORK.DAT
c:\windows\system32\wupd.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32


((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-28 05:51 . 2010-02-28 05:51 -------- d-----w- C:\NV17441124.TMP
2010-02-28 05:51 . 2010-02-28 05:51 -------- d-----w- C:\NV24842392.TMP
2010-02-28 05:51 . 2010-02-28 05:51 -------- d-----w- C:\NV1520296.TMP
2010-02-28 05:51 . 2010-02-28 05:51 -------- d-----w- C:\NV3444264.TMP
2010-02-28 05:39 . 2010-02-28 05:39 -------- d-----w- c:\program files\ATI Technologies
2010-02-28 05:37 . 2010-02-28 05:37 -------- d-----w- C:\ATI
2010-02-28 05:05 . 2010-02-28 05:05 -------- d-----w- C:\NVIDIA
2010-02-28 05:03 . 2010-02-28 05:03 -------- d-----w- c:\program files\New Folder
2010-02-27 08:06 . 2006-06-19 21:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-27 08:06 . 2006-05-25 23:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-27 08:06 . 2005-08-26 09:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-27 08:06 . 2003-02-03 04:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-02-27 08:06 . 2002-03-06 09:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-27 08:05 . 2010-02-27 08:07 -------- d-----w- c:\documents and settings\tonny\Application Data\Simply Super Software
2010-02-27 08:05 . 2010-02-27 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-02-26 23:22 . 2010-02-26 23:22 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Symantec
2010-02-26 23:19 . 2010-02-26 23:19 32 --sha-w- c:\windows\system32\{12FD4263-E478-47FC-9694-A07DC05AD7AF}.dat
2010-02-26 23:19 . 2010-02-26 23:19 32 --sha-w- c:\windows\{BEBDDBD4-71CB-4194-9DBE-ED4D5E40C820}.dat
2010-02-26 23:19 . 2010-02-26 23:19 14 ----a-w- c:\windows\system32\SR2.dat
2010-02-26 23:19 . 2002-08-14 14:03 34578 ----a-w- c:\windows\system32\drivers\NPDRIVER.SYS
2010-02-26 23:18 . 2002-08-16 03:59 83672 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-26 23:18 . 2002-08-16 03:59 73224 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-25 05:42 . 2010-02-28 06:09 -------- d-----w- C:\DeusEx
2010-02-25 00:53 . 2010-02-25 00:53 -------- d-----w- c:\program files\Deux Ex
2010-02-24 23:59 . 2010-02-25 00:00 -------- d-----w- c:\windows\system32\Adobe
2010-02-24 21:56 . 2010-02-24 21:56 -------- d-----w- c:\program files\PowerISO
2010-02-23 08:23 . 2010-02-24 08:07 -------- d-----w- C:\Downloads
2010-02-23 06:43 . 2010-02-23 06:43 -------- d-----w- c:\program files\Red Storm Entertainment
2010-02-23 04:13 . 2010-02-23 05:09 -------- d-----w- c:\program files\Loaris
2010-02-23 03:37 . 2010-02-23 03:37 -------- d-----w- c:\documents and settings\tonny\Local Settings\Application Data\Readon_Technology
2010-02-22 20:30 . 2002-09-11 17:04 53248 ----a-w- c:\windows\system32\fwsvpn.dll
2010-02-22 18:50 . 2010-02-22 19:07 -------- d-----w- c:\program files\warcraft
2010-02-22 18:50 . 2010-02-27 00:58 -------- d-----w- c:\program files\Norton2
2010-02-22 00:33 . 2010-02-22 00:33 -------- d-----w- c:\documents and settings\tonny\Application Data\Ambient Design
2010-02-20 23:31 . 2010-02-21 01:56 -------- d-----w- c:\program files\7-Zip
2010-02-18 07:18 . 2010-02-18 07:18 -------- d-----w- c:\program files\Prototype
2010-02-16 23:39 . 2010-02-16 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-02-16 23:39 . 2010-02-16 23:40 -------- d-----w- c:\program files\PCPitstop
2010-02-16 18:40 . 2010-02-16 18:40 -------- d-sh--w- c:\documents and settings\tonny\IECompatCache
2010-02-16 07:13 . 2010-02-16 23:02 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-15 19:35 . 2010-02-15 19:35 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-14 04:06 . 2010-02-14 04:06 -------- d-----w- c:\documents and settings\tonny\Local Settings\Application Data\DFX
2010-02-14 04:05 . 2010-02-14 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX
2010-02-14 04:05 . 2010-02-14 04:05 -------- d-----w- c:\program files\Common Files\DFX
2010-02-14 01:08 . 2010-02-14 01:08 -------- d-----w- c:\program files\iPod
2010-02-14 01:08 . 2010-02-14 01:09 -------- d-----w- c:\program files\iTunes
2010-02-14 01:07 . 2010-02-14 01:07 -------- d-----w- c:\program files\Bonjour
2010-02-13 22:17 . 2010-02-13 22:18 -------- d-----w- c:\program files\Direct x 9
2010-02-13 21:32 . 2010-02-13 21:32 50354 ----a-w- c:\documents and settings\tonny\Application Data\Facebook\uninstall.exe
2010-02-13 21:32 . 2010-02-13 21:32 -------- d-----w- c:\documents and settings\tonny\Application Data\Facebook
2010-02-13 06:40 . 2010-02-13 07:01 -------- d-----w- C:\Team17
2010-02-13 04:17 . 2009-02-25 02:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-02-13 04:17 . 2010-02-22 21:01 -------- d-----w- c:\program files\MagicDisc
2010-02-12 23:50 . 2010-02-12 23:52 -------- d-----w- c:\program files\file folder
2010-02-12 00:53 . 2009-12-30 19:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-12 00:53 . 2010-02-12 00:53 -------- d-----w- c:\program files\VS Revo Group
2010-02-12 00:34 . 2010-02-12 00:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-02-12 00:31 . 2010-02-12 00:36 -------- d-----w- c:\program files\FilterGate
2010-02-11 00:23 . 2010-02-11 00:23 -------- d-----w- c:\program files\ghost
2010-02-11 00:13 . 2010-02-11 00:13 0 ----a-w- c:\windows\PowerReg.dat
2010-02-08 20:33 . 2010-02-08 20:33 -------- d-----w- c:\documents and settings\tonny\Local Settings\Application Data\VS Revo Group
2010-02-06 03:47 . 2010-02-28 05:05 -------- d-----w- c:\program files\Direct x
2010-02-02 05:12 . 2010-02-02 05:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\tonny\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\tonny\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-02-01 02:57 . 2010-02-01 02:57 -------- d-----w- c:\documents and settings\tonny\Application Data\DAEMON Tools Lite
2010-02-01 02:57 . 2010-02-01 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-02-01 02:47 . 2010-02-01 02:47 -------- d-----w- c:\documents and settings\tonny\Application Data\DAEMON Tools Pro
2010-02-01 02:47 . 2010-02-01 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-01-31 21:54 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-31 21:54 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-31 21:53 . 2008-09-04 16:42 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-01-31 19:25 . 2010-01-31 19:25 -------- d-----w- c:\program files\Veoh Networks
2010-01-30 07:20 . 2004-08-04 07:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-30 07:15 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-30 07:14 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-01-30 04:00 . 2010-01-30 04:00 -------- d-sh--w- c:\documents and settings\tonny\PrivacIE
2010-01-30 02:36 . 2010-01-30 02:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-30 02:36 . 2010-01-30 02:36 -------- d-sh--w- c:\documents and settings\tonny\IETldCache
2010-01-30 02:33 . 2010-01-30 02:33 -------- d-----w- c:\windows\ie8updates
2010-01-30 02:31 . 2010-01-30 02:32 -------- dc-h--w- c:\windows\ie8
2010-01-30 02:28 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-30 02:28 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-30 02:28 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-30 02:28 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-30 02:28 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-30 02:28 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-30 02:28 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 22:32 . 2009-12-16 00:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-28 06:43 . 2010-01-28 07:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-28 05:39 . 2009-12-16 02:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-28 04:36 . 2009-12-24 20:45 -------- d-----w- c:\documents and settings\tonny\Application Data\BitTorrent
2010-02-26 23:18 . 2009-12-16 00:25 -------- d-----w- c:\program files\Symantec
2010-02-26 23:18 . 2009-12-16 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-26 23:11 . 2009-12-16 00:25 -------- d-----w- c:\program files\Norton AntiVirus
2010-02-22 07:25 . 2009-12-18 18:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-16 22:18 . 2010-01-29 18:18 -------- d-----w- c:\program files\Error Fix
2010-02-14 01:08 . 2010-01-28 07:28 -------- d-----w- c:\program files\Common Files\Apple
2010-02-14 00:42 . 2010-01-28 01:37 -------- d-----w- c:\documents and settings\tonny\Application Data\DivX
2010-02-14 00:40 . 2010-01-27 07:54 -------- d-----w- c:\program files\DivX
2010-02-14 00:39 . 2010-01-27 07:54 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-12 00:43 . 2009-12-26 21:46 -------- d-----w- c:\documents and settings\tonny\Application Data\FUJIFILM
2010-02-05 00:42 . 2010-01-29 18:47 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-05 00:42 . 2010-01-29 18:39 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-05 00:42 . 2010-01-29 18:38 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-05 00:42 . 2010-01-29 18:37 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-02 05:12 . 2010-01-28 07:29 -------- d-----w- c:\program files\Apple Software Update
2010-01-29 18:48 . 2010-01-29 18:48 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-29 18:48 . 2010-01-29 19:14 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-29 18:48 . 2010-01-29 18:48 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-29 18:48 . 2010-01-29 18:48 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-29 18:48 . 2010-01-29 18:48 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-29 18:48 . 2010-01-29 18:47 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-29 18:47 . 2010-01-29 18:47 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-29 18:47 . 2010-01-29 18:47 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-29 18:41 . 2010-01-29 18:41 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-29 18:41 . 2010-01-29 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-29 18:41 . 2010-01-29 18:40 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-29 18:40 . 2010-01-29 18:40 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-29 18:40 . 2010-01-29 18:39 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-29 18:39 . 2010-01-29 18:38 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-29 18:38 . 2010-01-29 18:38 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-29 18:38 . 2010-01-29 18:37 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-29 18:36 . 2010-01-29 18:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-29 18:29 . 2010-01-29 18:18 -------- d-----w- c:\documents and settings\tonny\Application Data\Error Fix
2010-01-29 17:40 . 2010-01-29 17:40 61440 ----a-w- c:\documents and settings\tonny\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ef4fb77-n\decora-sse.dll
2010-01-29 17:40 . 2010-01-29 17:40 503808 ----a-w- c:\documents and settings\tonny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-79f8dbb9-n\msvcp71.dll
2010-01-29 17:40 . 2010-01-29 17:40 499712 ----a-w- c:\documents and settings\tonny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-79f8dbb9-n\jmc.dll
2010-01-29 17:40 . 2010-01-29 17:40 348160 ----a-w- c:\documents and settings\tonny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-79f8dbb9-n\msvcr71.dll
2010-01-29 17:40 . 2010-01-29 17:40 12800 ----a-w- c:\documents and settings\tonny\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ef4fb77-n\decora-d3d.dll
2010-01-29 08:05 . 2010-01-28 08:36 -------- d-----w- c:\documents and settings\tonny\Application Data\Nero
2010-01-29 07:45 . 2010-01-28 08:33 -------- d-----w- c:\program files\Common Files\Nero
2010-01-29 07:44 . 2010-01-29 07:29 -------- d-----w- c:\program files\Nero
2010-01-29 07:33 . 2010-01-28 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-01-29 01:14 . 2010-01-29 01:12 -------- d-----w- c:\program files\RegCleaner
2010-01-28 21:39 . 2010-01-28 17:28 120 ----a-w- c:\windows\Dgatariveh.dat
2010-01-28 21:10 . 2010-01-24 20:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-28 19:04 . 2010-01-28 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 19:04 . 2010-01-28 19:04 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-28 17:28 . 2010-01-28 17:28 0 ----a-w- c:\windows\Vzoxad.bin
2010-01-28 17:24 . 2010-01-28 17:24 38656 ----a-w- c:\windows\wvaru27718.exe
2010-01-28 08:53 . 2010-01-28 08:53 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 08:53 . 2010-01-28 08:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-28 08:53 . 2010-01-28 08:53 -------- d-----w- c:\program files\Java
2010-01-28 08:24 . 2010-01-28 08:24 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-28 07:47 . 2010-01-28 07:47 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-28 07:34 . 2010-01-28 07:31 -------- d-----w- c:\documents and settings\tonny\Application Data\Apple Computer
2010-01-28 07:31 . 2010-01-28 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-28 07:30 . 2010-01-28 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-28 07:30 . 2010-01-28 07:29 -------- d-----w- c:\program files\QuickTime
2010-01-28 07:28 . 2010-01-28 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-28 07:25 . 2010-01-28 07:25 13104 ----a-w- c:\documents and settings\tonny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 07:18 . 2009-12-15 23:47 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-01-28 03:29 . 2010-01-28 03:28 -------- d-----w- c:\program files\Password Protect
2010-01-24 20:59 . 2010-01-24 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-24 20:57 . 2010-01-24 20:57 -------- d-----w- c:\documents and settings\tonny\Application Data\Webshots
2010-01-24 20:57 . 2010-01-24 20:57 -------- d-----w- c:\program files\Webshots
2010-01-24 20:57 . 2010-01-24 20:57 -------- d-----w- c:\documents and settings\tonny\Application Data\AGI
2010-01-24 20:57 . 2010-01-24 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\agi
2010-01-24 20:56 . 2010-01-24 20:56 -------- d-----w- c:\program files\AGI
2010-01-23 03:51 . 2010-01-23 03:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 01:48 . 2010-01-22 01:48 -------- d-----w- c:\program files\Ahead
2010-01-22 01:48 . 2010-01-22 01:48 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-12 05:48 . 2010-01-12 05:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-12 05:48 . 2010-01-12 05:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-08 00:07 . 2010-01-28 17:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2010-01-28 17:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 19:14 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 04:04 . 2009-12-16 04:04 0 ----a-w- c:\windows\nsreg.dat
2009-12-16 01:56 . 2009-12-16 01:49 61952 ----a-w- c:\windows\system32\zqeb.exe
2009-12-16 01:55 . 2009-12-16 01:50 61952 ----a-w- c:\windows\system32\vqlvok.exe
2009-12-16 01:55 . 2009-12-16 01:49 61952 ----a-w- c:\windows\system32\pbty.exe
2009-12-16 01:55 . 2009-12-16 01:49 61952 ----a-w- c:\windows\system32\iaebsnu.exe
2009-12-16 01:50 . 2009-12-16 01:50 61952 ----a-w- c:\windows\system32\lvypa.exe
2009-12-16 01:46 . 2001-08-23 12:00 25600 ----a-w- c:\windows\system32\routemon.exe
2009-12-16 01:32 . 2009-12-16 00:35 61952 ----a-w- c:\windows\system32\szvedldu.exe
2009-12-16 01:31 . 2001-08-23 12:00 9216 ----a-w- c:\windows\system32\print.exe
2009-12-16 01:30 . 2001-08-23 12:00 51712 ----a-w- c:\windows\system32\migpwd.exe
2009-12-16 01:25 . 2009-12-16 00:31 61952 ----a-w- c:\windows\system32\dkpat.exe
2009-12-16 01:24 . 2009-12-15 23:45 35328 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\notiflag.exe
2009-12-16 01:24 . 2009-12-15 23:45 99840 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\HelpHost.exe
2009-12-16 01:17 . 2001-08-23 12:00 45568 ----a-w- c:\windows\system32\drwtsn32.exe
2009-12-16 01:10 . 2009-12-16 01:10 124 ----a-w- c:\windows\system32\zpglh.bat
2009-12-16 01:01 . 2009-12-16 01:01 120 ----a-w- c:\windows\system32\mkloqht.bat
2009-12-16 00:56 . 2009-12-16 00:56 61952 ----a-w- c:\windows\system32\iuniqh.exe
2009-12-16 00:53 . 2009-12-16 00:53 125 ----a-w- c:\windows\system32\fmkrbd.bat
2009-12-16 00:51 . 2009-12-16 00:51 61952 ----a-w- c:\windows\system32\ucxizln.exe
2009-12-16 00:51 . 2009-12-16 00:51 122 ----a-w- c:\windows\system32\rzkdpd.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2005-09-23 270848]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2005-09-23 15:28 270848 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2009-12-16 6856704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-20 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-20 34504]
"Advanced Tools Check"="c:\progra~1\Norton2\AdvTools\ADVCHK.EXE" [2002-08-27 79480]

c:\documents and settings\tonny\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-1-24 157088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-21 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"RestrictCpl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"RestrictCpl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/29/2010 10:50 AM 64288]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10752\AGCoreService.exe [1/24/2010 12:56 PM 20480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton2\AdvTools\NPROTECT.EXE [2/26/2010 3:19 PM 135168]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/11/2010 4:53 PM 27064]
.
Contents of the 'Scheduled Tasks' folder

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:42]

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:42]

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:42]

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:42]

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:42]

2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-02-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2009-12-16 17:04]

2010-02-28 c:\windows\Tasks\User_Feed_Synchronization-{B439E313-7835-4E0B-913F-4EB512113388}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\tonny\Application Data\Mozilla\Firefox\Profiles\3hjvjimu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\documents and settings\tonny\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ATIModeChange - Ati2mdxx.exe
SafeBoot-lsass
MSConfigStartUp-Hfoxepajonatuq - c:\windows\ofiroyokaxuwe.dll
AddRemove-HijackThis - c:\documents and settings\tonny\Desktop\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 14:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3724)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton2\navapsvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\progra~1\Webshots\315~1.761\webshots.scr
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-02-28 14:39:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-28 22:39

Pre-Run: 103,323,480,064 bytes free
Post-Run: 107,707,301,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 786AD8CD2C25D476BFBA49DDF6AE52F9


Report •

#5
February 28, 2010 at 14:57:58
here is the log it appears to be gone !!

Report •

Ask Question