1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved ran combofix myself now windows wont boot

Discussion in 'Malware and Virus Removal Archive' started by JusticeNY, 2010/12/27.

Page 3 of 3
  1. 2010/12/29
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    Code:
    ComboFix 10-12-29.01 - Family 2010-12-29  18:32:29.11.2 - x86
Running from: c:\documents and settings\family\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2010-11-28 to 2010-12-29  )))))))))))))))))))))))))))))))
.

2010-12-29 04:23 . 2010-12-29 04:23	--------	d-----w-	c:\windows\system32\msmq
2010-12-29 04:23 . 2010-12-29 04:23	--------	d-----w-	C:\Inetpub
2010-12-29 04:08 . 2010-12-29 04:08	--------	d-s---w-	c:\documents and settings\NetworkService\UserData
2010-12-29 03:43 . 2010-12-29 03:43	--------	d-----w-	c:\documents and settings\family\Local Settings\Application Data\Secunia PSI
2010-12-29 03:43 . 2010-12-29 03:43	--------	d-----w-	c:\program files\Secunia
2010-12-28 23:57 . 2010-12-28 23:57	--------	d-----w-	c:\program files\ESET
2010-12-28 23:23 . 2010-12-28 23:23	--------	d-----w-	C:\_OTL
2010-12-28 08:46 . 2010-12-28 09:28	--------	d-----w-	C:\9c1c213a8b65e850fa7c8b95a8
2010-12-28 06:31 . 2010-12-28 06:31	--------	d-----w-	C:\Adobe
2010-12-28 03:08 . 2004-08-12 13:36	13894	-c--a-w-	c:\windows\system32\dllcache\zonelibm.dll
2010-12-28 03:08 . 2004-08-12 13:36	113222	-c--a-w-	c:\windows\system32\dllcache\zoneclim.dll
2010-12-28 03:08 . 2004-08-12 13:36	4677	-c--a-w-	c:\windows\system32\dllcache\zeeverm.dll
2010-12-28 03:08 . 2004-08-12 13:36	29760	-c--a-w-	c:\windows\system32\dllcache\znetm.dll
2010-12-28 03:08 . 2004-08-12 13:36	41029	-c--a-w-	c:\windows\system32\dllcache\zcorem.dll
2010-12-28 03:08 . 2004-08-12 13:36	36937	-c--a-w-	c:\windows\system32\dllcache\zclientm.exe
2010-12-28 03:08 . 2004-08-12 13:34	5632	-c--a-w-	c:\windows\system32\dllcache\write.exe
2010-12-28 03:06 . 2004-08-12 13:29	538624	-c--a-w-	c:\windows\system32\dllcache\spider.exe
2010-12-28 03:05 . 2004-08-12 13:20	98304	-c--a-w-	c:\windows\system32\dllcache\msir3jp.dll
2010-12-28 03:04 . 2004-08-12 13:20	13463552	-c--a-w-	c:\windows\system32\dllcache\hwxjpn.dll
2010-12-28 03:03 . 2004-08-12 13:17	9216	-c--a-w-	c:\windows\system32\dllcache\authfilt.dll
2010-12-28 03:02 . 2003-03-24 21:52	20540	-c--a-w-	c:\windows\system32\dllcache\admin.dll
2010-12-28 02:22 . 2004-08-12 13:29	24661	-c--a-w-	c:\windows\system32\dllcache\spxcoins.dll
2010-12-28 02:22 . 2004-08-12 13:29	24661	----a-w-	c:\windows\system32\spxcoins.dll
2010-12-28 02:22 . 2004-08-12 13:20	13312	-c--a-w-	c:\windows\system32\dllcache\irclass.dll
2010-12-28 02:22 . 2004-08-12 13:20	13312	----a-w-	c:\windows\system32\irclass.dll
2010-12-27 21:04 . 2010-12-27 21:04	--------	d-----w-	c:\windows\msapps
2010-12-27 21:04 . 2010-12-27 21:04	--------	d-----w-	c:\windows\dell
2010-12-12 03:57 . 2010-12-12 03:57	--------	d-----w-	c:\documents and settings\family\Application Data\Avira
2010-12-12 03:46 . 2010-12-25 17:19	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-12-12 03:46 . 2010-12-19 16:33	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-12-12 03:46 . 2010-06-17 20:27	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-12-12 03:46 . 2010-06-17 20:27	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-12-12 03:46 . 2010-12-12 03:46	--------	d-----w-	c:\program files\Avira
2010-12-12 03:46 . 2010-12-12 03:46	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2010-12-09 05:59 . 2010-12-09 05:59	--------	d-----w-	c:\documents and settings\family\Application Data\Toolbar4
2010-12-09 05:59 . 2010-12-09 05:59	--------	d-----w-	c:\program files\HyperCam Toolbar
2010-12-05 05:48 . 2010-12-05 05:48	--------	d-----w-	c:\program files\Common Files\Software Update Utility

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2009-07-27 05:45	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-07-27 05:45	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-11-29 23:07 . 2009-08-18 16:30	564632	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2010-11-29 23:07 . 2009-08-18 16:24	17816	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-12 23:53 . 2010-11-29 22:25	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-11-12 21:34 . 2008-04-24 02:40	73728	----a-w-	c:\windows\system32\javacpl.cpl
2010-11-10 04:55 . 2009-05-06 21:35	398744	----a-r-	c:\windows\system32\cpnprt2.cid
.

(((((((((((((((((((((((((((((   SnapShot@2010-12-29_05.34.17   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-29 22:30 . 2010-12-29 22:30	16384              c:\windows\temp\Perflib_Perfdata_25c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
 "{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} "=  "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 15:50	2517088	----a-w-	c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
 "{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} "=  "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
 "{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} "=  "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
 "ISW "= "c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-18 730600]
 "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
 "avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
 "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]

[HKLM\~\startupfolder\C:^Documents and Settings^family^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\family\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07	1848648	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-02 06:09	135664	----atw-	c:\documents and settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 05:47	31016	-c--a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-05-06 21:48	118784	-c--a-w-	c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-05-06 21:52	155648	-c--a-w-	c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 22:07	141608	-c--a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 16:12	288080	----a-w-	c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2001-01-12 21:36	73728	-c--a-w-	c:\windows\SYSTEM32\PELMICED.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2010-02-12 16:02	240992	----a-w-	c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 03:08	417792	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\replay_telecorder_skype]
2010-11-07 04:16	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-11-07 04:16	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
 "iPod Service "=3 (0x3)
 "PnkBstrB "=2 (0x2)
 "PnkBstrA "=2 (0x2)
 "ATI Smart "=2 (0x2)
 "Ati HotKey Poller "=2 (0x2)
 "Apple Mobile Device "=2 (0x2)
 "SeaPort "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
 "DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
 "EnableFirewall "= 0 (0x0)
 "DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
 "%windir%\\system32\\sessmgr.exe "=
 "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
 "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
 "c:\\Program Files\\AIM7\\aim.exe "=
 "c:\\Program Files\\Opera 10 Beta\\opera.exe "=
 "c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
 "c:\\Documents and Settings\\family\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
 "c:\\Documents and Settings\\family\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
 "c:\\Program Files\\iTunes\\iTunes.exe "=
 "c:\\Black III\\Orbitdownloader\\orbitdm.exe "=
 "c:\\Black III\\Orbitdownloader\\orbitnet.exe "=
 "c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe "=
 "c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe "=
 "c:\\Program Files\\Tencent\\QQ Games\\QQGamesD.exe "=
 "c:\\Program Files\\Tencent\\QQ Games\\Update\\Update.exe "=
 "c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
 "443:TCP "= 443:TCP:*:Disabled:ooVoo TCP port 443
 "443:UDP "= 443:UDP:*:Disabled:ooVoo UDP port 443
 "37674:TCP "= 37674:TCP:*:Disabled:ooVoo TCP port 37674
 "37674:UDP "= 37674:UDP:*:Disabled:ooVoo UDP port 37674
 "37675:UDP "= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 136176]
R2 sbbotdi;sbbotdi; [x]
R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [2010-06-24 28256]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2004-08-12 14336]
R3 NTProcDrv;Process creation detector for NT.; [x]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [2002-01-12 3567]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 scsiprnt;Microsoft SCSI/1394 Generic Printer Class;c:\windows\system32\DRIVERS\scsiprnt.sys [2004-08-12 11648]
R3 vaxscsi;vaxscsi;c:\windows\System32\Drivers\vaxscsi.sys [2007-06-04 223128]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-12-10 717296]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-05-18 26352]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-18 493032]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [2010-06-24 28256]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 04:17]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 04:17]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271019165-553755714-499774489-1005Core.job
- c:\documents and settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-02 06:09]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271019165-553755714-499774489-1005UA.job
- c:\documents and settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-02 06:09]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Orbit - c:\black iii\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\black iii\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\black iii\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\black iii\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\family\Application Data\Mozilla\Firefox\Profiles\h0sglesq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AnyColor: [email]anycolor.pavlos256@gmail.com[/email] - %profile%\extensions\anycolor.pavlos256@gmail.com
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: BlackBar Community Toolbar: {2ac337b3-fc9c-4d51-bed1-1ac1c48c63ea} - %profile%\extensions\{2ac337b3-fc9c-4d51-bed1-1ac1c48c63ea}
FF - Ext: Conduit Engine : [email]engine@conduit.com[/email] - %profile%\extensions\engine@conduit.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2010-12-29 18:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2271019165-553755714-499774489-1005\¬ ³*]
@Allowed: (Read) (RestrictedCode)
 "verticalChoices "= "weatherV "
 "firstLaunch "= "false "
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
 "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
 "Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
 "Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1732)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1796)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(3940)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-29  18:47:28
ComboFix-quarantined-files.txt  2010-12-29 23:47
ComboFix2.txt  2010-12-29 05:42

Pre-Run: 2,212,720,640 bytes free
Post-Run: 2,297,491,456 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - F10E638A4BF07A2C163584822EF1DC19
     
    JusticeNY,
    #41
  2. 2010/12/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks clean.
    How are the issues?
     
    broni,
    #42


  3. to hide this advert.

  4. 2010/12/29
    JusticeNY

    JusticeNY Well-Known Member Thread Starter

    Joined:
    2008/12/14
    Messages:
    160
    Likes Received:
    0
    everythings good :)
    thnx alot
    could u recommend me a new firewall or anti virus
    i was running zone alarm and anti vir and this still happened is there anyway to stop this from happening again
     
    JusticeNY,
    #43
  5. 2010/12/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm really curious, what happened between a time, when I declared your computer clean and the time, you got some nasty again.
    ZA and Avira are perfectly fine.
    You have to remember, there is no perfect security program.
    The main danger to your computer are you and your computer habits.

    Now, we have to run couple of final steps.

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    Delete TDSSKiller file.

    ...and....VERY IMPORTANT!
    Reset system restore again.
    Turn system restore off.
    Restart computer.
    Turn system restore on.
     
    broni,
    #44
Page 3 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...