1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Checking out pc's stability/security.

Discussion in 'Malware and Virus Removal Archive' started by Forsaken Knight, 2011/04/14.

Page 2 of 2
  1. 2011/04/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We'll remove it manually little bit later.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
d:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Folder::
d:\program files\Ask.com

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
 "DisableMonitoring "=dword:00000000

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #21
  2. 2011/04/14
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    ComboFix 11-04-13.06 - Nelson Ramon Arucas 04/14/2011 15:39:53.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1092 [GMT -4:00]
    Running from: d:\documents and settings\Nelson Ramon Arucas\Desktop\ComboFix.exe
    Command switches used :: d:\documents and settings\Nelson Ramon Arucas\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    * Created a new restore point
    .
    FILE ::
    "d:\windows\Tasks\Scheduled Update for Ask Toolbar.job "
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    d:\program files\Ask.com
    d:\program files\Ask.com\cb_c020.ico
    d:\program files\Ask.com\cobrand.ico
    d:\program files\Ask.com\config.xml
    d:\program files\Ask.com\favicon.ico
    d:\program files\Ask.com\fv_c01f.ico
    d:\program files\Ask.com\mupcfg.xml
    d:\program files\Ask.com\SaUpdate.exe
    d:\program files\Ask.com\UpdateTask.exe
    d:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-14 04:52 . 2011-04-14 04:52 33810 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
    2011-04-14 04:52 . 2011-04-14 04:52 20719 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2011-04-14 04:52 . 2011-04-14 04:52 23327 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2011-04-14 04:52 . 2011-04-14 04:52 7271 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2011-04-14 04:52 . 2011-04-14 04:52 8782 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2011-04-08 11:28 . 2011-04-08 11:28 41872 ----a-w- d:\windows\system32\xfcodec.dll
    2011-03-27 17:16 . 2011-03-27 17:16 -------- d-----w- d:\program files\iPod
    2011-03-27 17:16 . 2011-03-27 17:17 -------- d-----w- d:\program files\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-16 16:02 . 2011-03-09 19:03 137656 ----a-w- d:\windows\system32\drivers\avipbb.sys
    2011-02-11 06:54 . 2011-03-08 07:17 5943120 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FF781BAE-3C6F-43EB-8538-183714CF6758}\mpengine.dll
    2011-02-11 06:54 . 2008-04-03 19:33 5943120 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-02-03 02:40 . 2011-01-10 07:34 472808 ----a-w- d:\windows\system32\deployJava1.dll
    2011-02-03 00:19 . 2008-04-04 04:14 73728 ----a-w- d:\windows\system32\javacpl.cpl
    2011-02-02 22:11 . 2009-10-03 06:06 222080 ------w- d:\windows\system32\MpSigStub.exe
    2004-09-11 01:18 . 2004-09-11 01:18 5923328 ------r- d:\program files\PRO11.MSI
    2004-09-11 01:18 . 2004-09-11 01:18 604672 ------r- d:\program files\OWC11.MSI
    2004-09-11 01:18 . 2004-09-11 01:18 560128 ------r- d:\program files\OWC10.MSI
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-03-05_19.07.24 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-12 05:02 . 2009-07-12 05:02 51008 d:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 59728 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 42832 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 43344 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 61264 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 62800 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 61760 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 61776 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 53568 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 63296 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 36688 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 35648 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2009-07-12 05:05 . 2009-07-12 05:05 59904 d:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    + 2009-07-12 05:05 . 2009-07-12 05:05 59904 d:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    + 2011-04-14 04:36 . 2011-04-14 04:36 16384 d:\windows\Temp\Perflib_Perfdata_518.dat
    + 2004-08-04 00:07 . 2011-03-18 16:50 67864 d:\windows\system32\perfc009.dat
    - 2004-08-04 00:07 . 2010-11-10 06:26 67864 d:\windows\system32\perfc009.dat
    + 2011-03-27 17:10 . 2011-02-18 20:36 41984 d:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaapl.sys
    + 2011-03-09 19:03 . 2010-06-17 19:27 28520 d:\windows\system32\drivers\ssmdrv.sys
    + 2011-03-09 19:03 . 2010-06-17 19:27 22360 d:\windows\system32\drivers\avgntmgr.sys
    + 2011-03-09 19:03 . 2011-01-10 19:23 61960 d:\windows\system32\drivers\avgntflt.sys
    + 2011-03-09 19:03 . 2010-06-17 19:27 45416 d:\windows\system32\drivers\avgntdd.sys
    + 2008-09-12 23:22 . 2007-04-02 18:26 19456 d:\windows\system32\dllcache\agt040d.dll
    + 2008-09-12 23:22 . 2007-04-02 18:25 19456 d:\windows\system32\dllcache\agt0401.dll
    + 2008-09-12 23:22 . 2007-04-02 18:26 19456 d:\windows\msagent\intl\agt040d.dll
    + 2008-09-12 23:22 . 2007-04-02 18:25 19456 d:\windows\msagent\intl\agt0401.dll
    + 2008-09-12 23:23 . 2008-04-14 00:09 6144 d:\windows\system32\dllcache\kbdpash.dll
    + 2008-09-12 23:23 . 2008-04-14 00:09 6144 d:\windows\system32\dllcache\kbdnepr.dll
    + 2004-08-04 00:07 . 2008-04-14 00:09 6656 d:\windows\system32\dllcache\kbdinmal.dll
    + 2004-08-04 00:07 . 2008-04-14 00:09 6144 d:\windows\system32\dllcache\kbdinben.dll
    + 2004-08-04 00:07 . 2008-04-14 00:09 6144 d:\windows\system32\dllcache\kbdinbe1.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 653120 d:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 569664 d:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    + 2009-07-12 05:05 . 2009-07-12 05:05 225280 d:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 159032 d:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
    + 2004-08-04 00:07 . 2011-03-18 16:50 433018 d:\windows\system32\perfh009.dat
    - 2004-08-04 00:07 . 2010-11-10 06:26 433018 d:\windows\system32\perfh009.dat
    + 2011-03-09 19:02 . 2011-03-09 19:02 219648 d:\windows\Installer\2d8789.msi
    + 2011-03-27 17:08 . 2011-03-27 17:08 811520 d:\windows\Installer\1d7c06.msi
    + 2011-03-27 17:17 . 2011-03-27 17:17 380928 d:\windows\Installer\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}\iTunesIco.exe
    + 2009-07-12 05:02 . 2009-07-12 05:02 3780424 d:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
    + 2009-07-12 05:02 . 2009-07-12 05:02 3765048 d:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
    + 2011-03-27 17:10 . 2011-02-18 20:36 4184352 d:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaaplrc.dll
    + 2011-03-27 17:17 . 2011-03-27 17:17 5448704 d:\windows\Installer\1d84f8.msi
    + 2011-03-27 17:10 . 2011-03-27 17:10 3085312 d:\windows\Installer\1d7c53.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer "= "d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "SandboxieControl "= "d:\program files\Sandboxie\SbieCtrl.exe" [2011-01-12 405736]
    "msnmsgr "= "d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "ComcastAntispyClient "= "d:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
    "FileHippo.com "= "d:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "d:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
    "HP Software Update "= "d:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
    "Adobe Reader Speed Launcher "= "d:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM "= "d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "MSN Toolbar "= "d:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
    "Microsoft Default Manager "= "d:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "jswtrayutil "= "d:\program files\NETGEAR\WN111v2\jswtrayutil.exe" [BU]
    "ZoneAlarm Client "= "d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
    "QuickTime Task "= "d:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "avgnt "= "d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
    "iTunesHelper "= "d:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "d:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3 "= "advpack.dll" [2009-06-29 124928]
    .
    d:\documents and settings\Nelson Ramon Arucas\Start Menu\Programs\Startup\
    OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
    Xfire.lnk - d:\program files\Xfire\xfire.exe [2011-4-8 3510160]
    .
    d:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - d:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
    hp psc 2000 Series.lnk - d:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646]
    Launch Profile Launcher.lnk - d:\program files\Saitek\Software\ProfilerU.exe [2008-4-8 163840]
    Logitech Desktop Messenger.lnk - d:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-4-3 169472]
    McAfee Security Scan Plus.lnk - d:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    NETGEAR WN111v2 Smart Wizard.lnk - d:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-11-4 1507431]
    officejet 6100.lnk - d:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456]
    Secunia PSI Tray.lnk - d:\program files\Secunia\PSI\psi_tray.exe [2011-1-5 291896]
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel "= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate "= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast "= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "d:\program files\Gameforge4D\AirRivals\Launcher.atm "= d:\program files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2
    "d:\program files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe "= d:\program files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
    "d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
    "d:\\WINDOWS\\system32\\sessmgr.exe "=
    "d:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "d:\\Program Files\\Xfire\\xfire.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe "=
    "d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "d:\\Program Files\\Ventrilo\\Ventrilo.exe "=
    "d:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
    "d:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
    "d:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "=
    "d:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "d:\\Program Files\\iTunes\\iTunes.exe "=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "56143:TCP "= 56143:TCP:pando Media Booster
    "56143:UDP "= 56143:UDP:pando Media Booster
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [3/9/2011 3:03 PM 135336]
    R2 PEDRV;P&E Microcomputer System PCI Driver.;d:\windows\system32\drivers\pedrv.sys [8/3/2000 2:25 PM 23296]
    R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [11/3/2006 11:19 PM 13592]
    R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;d:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]
    R3 EagleXNt;EagleXNt;\??\d:\windows\system32\drivers\EagleXNt.sys --> d:\windows\system32\drivers\EagleXNt.sys [?]
    R3 JSWSCIMD;jswscimd Service;d:\windows\system32\drivers\jswscimd.sys [10/1/2008 5:45 PM 57440]
    R3 PSI;PSI;d:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
    R3 SaiH5F0D;SaiH5F0D;d:\windows\system32\drivers\SaiH5F0D.sys [4/4/2008 2:15 AM 176640]
    R3 SaiU5F0D;SaiU5F0D;d:\windows\system32\drivers\SaiU5F0D.sys [4/4/2008 2:15 AM 27264]
    R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;d:\windows\system32\drivers\WN111v2.sys [1/14/2009 3:23 AM 458752]
    S2 AntiSpywareService;Comcast AntiSpyware;d:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 1:49 PM 616408]
    S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [1/10/2011 2:51 AM 136176]
    S2 Secunia PSI Agent;Secunia PSI Agent;d:\program files\Secunia\PSI\psia.exe [1/5/2011 6:31 AM 988216]
    S2 Secunia Update Agent;Secunia Update Agent;d:\program files\Secunia\PSI\sua.exe [1/5/2011 6:31 AM 399416]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;d:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 12:54 PM 360547]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;d:\windows\System32\svchost.exe -k nosGetPlusHelper [8/3/2004 8:07 PM 14336]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - kwecyfod
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-12 d:\windows\Tasks\AppleSoftwareUpdate.job
    - d:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
    .
    2008-07-08 d:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF207566146.job
    - d:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 08:46]
    .
    2011-04-14 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - d:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 06:51]
    .
    2011-04-14 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - d:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 06:51]
    .
    2011-04-14 d:\windows\Tasks\MP Scheduled Scan.job
    - d:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-14 15:49
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-343818398-813497703-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1484)
    d:\program files\CA\PPRT\bin\CACheck.dll
    d:\program files\CA\PPRT\bin\CAHook.dll
    d:\program files\CA\PPRT\bin\CAServer.dll
    .
    Completion time: 2011-04-14 15:53:24
    ComboFix-quarantined-files.txt 2011-04-14 19:53
    ComboFix2.txt 2011-04-14 17:33
    ComboFix3.txt 2011-03-05 19:11
    ComboFix4.txt 2011-01-08 18:44
    .
    Pre-Run: 22,958,481,408 bytes free
    Post-Run: 22,945,918,976 bytes free
    .
    - - End Of File - - 6965468AC5C39FF7FFF2E1D68404EB50
     
    Forsaken Knight,
    #22


  3. to hide this advert.

  4. 2011/04/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)

    See, if you can run MBAM now.
     
    broni,
    #23
  5. 2011/04/15
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    This is being done through my laptop. I have a problem with my room desktop pc. During the early morning, there was a poweroutage, I did not find this out till now. Now, my room pc doesn't do the three beeps as it usually does when I press the power button. No grind sound, just an idle sound. I started the malewarebytes scan at about 2 am. The power outage was during the early morning, around 9 am. I would think that, if the scan ran normally, that it would have finished then.

    Plz help me fix my pc.
     
    Forsaken Knight,
    #24
  6. 2011/04/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That would be out of my department.
    Please, create new topic in Windows XP forum to get some help on it.

    Once, you have your computer working again, feel free to return back here.
     
    broni,
    #25
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...