[Resolved] Browsers Won't Connect After Using MalWareBytes
#1
Posted 28 September 2009 - 01:09 PM
Register to Remove
#2
Posted 28 September 2009 - 06:42 PM
Open Malwarebytes and at the top, select Logs.
Open the log from the scan you ran and post the scan results here.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#3
Posted 28 September 2009 - 11:36 PM
#4
Posted 29 September 2009 - 05:46 AM
These are always very hard to remove without the infection corrupting system files.
Download ComboFix from one of these locations:
You can save it to a thumb drive and transfer it to the infected PC.
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
- Double click on ComboFix.exe & follow the prompts.
Note: Combofix will run without the Recovery Console installed.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it atleast 20-30 minutes to finish if needed.
Also please describe how your computer behaves at the moment.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#5
Posted 29 September 2009 - 10:04 AM
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it atleast 20-30 minutes to finish if needed.
Also please describe how your computer behaves at the moment.
#3 is going to be an issue for me and it says to alert you if that's the case. Also, I have newly acquired softwares for malware removal, so I don't want my system automatically running anything each time I reboot. Can I run combofix.exe without those 2 things happening? Or is there another way to reinstate my browsers' connection with the internet?
#6
Posted 29 September 2009 - 12:35 PM
I suggest you read this:
http://windowssecret...Autorun-attacks
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#7
Posted 29 September 2009 - 12:53 PM
#8
Posted 30 September 2009 - 05:29 AM
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#9
Posted 30 September 2009 - 08:31 AM
#10
Posted 30 September 2009 - 09:15 AM
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.758.266 [GMT -4:00]
Running from: c:\documents and settings\Infamy\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\bmk2x0bt.2hu
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\jkvbe0fh.vpk
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\pgorjmvo.i55
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\vwegfdvw.iur
c:\documents and settings\Infamy\Start Menu\Programs\Uninstall.lnk
c:\windows\Downloaded Program Files\RdxIE.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_rotscxtyxcbeuk
-------\Service_rotscxtyxcbeuk
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.
2009-09-28 15:49 . 2009-09-28 15:49 -------- d-----w- c:\documents and settings\Infamy\Application Data\Malwarebytes
2009-09-28 15:15 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 15:15 . 2009-09-28 15:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 15:15 . 2009-09-28 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-28 15:15 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 03:19 . 2009-09-28 12:59 -------- d-----w- C:\$AVG8.VAULT$
2009-09-28 03:10 . 2009-09-28 03:10 -------- d-----w- c:\program files\AVG
2009-09-28 03:10 . 2009-09-28 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-28 03:03 . 2009-09-28 03:03 -------- d-----w- c:\documents and settings\Infamy\Application Data\AVG8
2009-09-28 02:41 . 2009-09-28 17:29 -------- d-----w- c:\program files\wwgpfs
2009-09-24 03:28 . 2009-09-24 03:28 -------- d-----w- c:\program files\iPod
2009-09-23 08:46 . 2009-09-23 08:46 -------- d-----w- c:\documents and settings\Infamy\Application Data\Antares
2009-09-23 07:06 . 2009-09-23 09:00 -------- d-----w- c:\program files\Antares Audio Technologies
2009-09-23 06:58 . 2003-06-20 17:28 1777664 ----a-w- c:\windows\system32\gdiplus.dll
2009-09-23 06:52 . 2009-09-23 06:52 -------- d-----w- c:\program files\Common Files\reFX
2009-09-14 23:22 . 2009-09-16 16:07 -------- d-----w- c:\documents and settings\Infamy\Local Settings\Application Data\Yahoo!
2009-09-12 05:40 . 2009-09-12 05:40 -------- d-----w- c:\documents and settings\Infamy\TruePianos Settings
2009-09-12 05:37 . 2009-09-12 05:39 -------- d-----w- c:\documents and settings\Infamy\Application Data\Cakewalk
2009-09-12 05:24 . 2009-09-12 05:24 -------- d-----w- c:\program files\Common Files\Native Instruments
2009-09-12 04:33 . 2006-02-24 14:00 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2009-09-12 04:32 . 2009-09-23 09:01 -------- d-----w- C:\Cakewalk Projects
2009-09-12 04:32 . 2009-09-12 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Cakewalk
2009-09-12 04:32 . 2009-09-12 05:19 -------- d-----w- c:\program files\Cakewalk
2009-09-11 00:25 . 2009-09-11 00:25 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-09 19:29 . 2009-09-09 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-08 02:04 . 2005-06-04 13:09 72704 ----a-w- c:\windows\system32\ra3228_8.dll
2009-09-08 02:04 . 2005-06-04 13:09 21504 ----a-w- c:\windows\system32\ra32dnet.dll
2009-09-08 02:04 . 2005-06-04 13:08 87040 ----a-w- c:\windows\system32\ra32sipr.dll
2009-09-08 02:04 . 2005-06-04 13:08 487936 ----a-w- c:\windows\system32\rmbe3260.dll
2009-09-08 02:04 . 2005-06-04 13:09 131072 ----a-w- c:\windows\system32\pneng50.dll
2009-09-08 02:04 . 2005-06-04 13:09 352768 ----a-w- c:\windows\system32\pngu3263.dll
2009-09-08 02:04 . 2005-06-04 13:09 81920 ----a-w- c:\windows\system32\ra3214_4.dll
2009-09-08 02:04 . 2005-06-04 13:11 85504 ----a-w- c:\windows\system32\encdnet.dll
2009-09-08 02:04 . 2005-06-04 13:09 61952 ----a-w- c:\windows\system32\decdnet.dll
2009-09-08 02:04 . 2005-06-04 13:09 130560 ----a-w- c:\windows\system32\pnc3250.dll
2009-09-08 02:00 . 2005-05-10 00:08 33792 ----a-w- c:\windows\system32\drivers\cledx.sys
2009-09-08 02:00 . 2002-11-25 18:46 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2009-09-08 02:00 . 2009-09-08 02:00 -------- d-----w- c:\program files\Syncrosoft
2009-09-08 01:36 . 2009-09-08 01:36 368640 ----a-w- c:\windows\system32\ReWire.dll
2009-09-08 01:36 . 2009-09-08 01:36 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-09-08 01:12 . 2009-09-08 01:12 -------- d-----w- c:\documents and settings\Infamy\Local Settings\Application Data\Tech_Coderz
2009-09-05 12:14 . 2009-09-05 12:14 -------- d-----w- c:\windows\system32\custom matrices
2009-09-05 12:14 . 2009-09-05 12:15 -------- d-----w- c:\windows\system32\C2MP
2009-09-05 12:14 . 2009-09-05 12:14 -------- d-----w- c:\windows\system32\QuickTime
2009-09-05 12:13 . 2009-09-05 14:39 -------- d-----w- c:\documents and settings\Infamy\Application Data\vlc
2009-09-05 12:03 . 2009-09-05 12:03 -------- d-----w- c:\program files\VideoLAN
2009-09-03 21:54 . 2009-09-03 21:54 -------- d-----w- c:\documents and settings\All Users\CyberLink
2009-09-03 21:35 . 2009-09-03 21:35 -------- d-----w- c:\documents and settings\Infamy\Application Data\CyberLink
2009-09-03 21:33 . 2009-09-03 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-03 21:24 . 2009-09-08 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-09-03 21:24 . 2009-09-03 21:24 -------- d-----w- c:\program files\SmartSound Software
2009-09-03 21:15 . 2009-09-03 21:27 -------- d-----w- c:\program files\CyberLink
2009-09-03 21:12 . 2009-09-03 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 03:29 . 2007-06-30 21:07 -------- d-----w- c:\program files\iTunes
2009-09-24 03:28 . 2007-10-25 17:11 -------- d-----w- c:\program files\Common Files\Apple
2009-09-23 07:31 . 2006-05-15 05:58 -------- d-----w- c:\program files\Steinberg
2009-09-16 16:08 . 2009-08-29 16:45 -------- d-----w- c:\program files\Free FLV Converter
2009-09-12 06:28 . 2006-05-18 00:30 85008 ----a-w- c:\documents and settings\Infamy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 05:23 . 2006-05-22 23:47 -------- d-----w- c:\program files\Native Instruments
2009-09-12 03:26 . 2006-05-15 21:37 -------- d-----w- c:\program files\Java
2009-09-12 03:03 . 2006-05-15 05:50 -------- d-----w- c:\program files\Image-Line
2009-09-11 15:39 . 2006-05-15 06:07 -------- d-----w- c:\program files\Google
2009-09-11 14:21 . 2006-05-22 03:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-09 21:24 . 2006-05-16 05:34 -------- d-----w- c:\documents and settings\Infamy\Application Data\Apple Computer
2009-09-09 21:07 . 2009-07-30 03:26 -------- d-----w- c:\program files\QuickTime
2009-09-09 20:38 . 2009-08-24 10:12 -------- d-----w- c:\documents and settings\Infamy\Application Data\Lala Music Mover
2009-09-08 02:14 . 2007-12-22 18:23 -------- d-----w- c:\documents and settings\Infamy\Application Data\Steinberg
2009-09-08 02:12 . 2006-05-17 19:32 -------- d-----w- c:\program files\Lx_cats
2009-09-08 01:39 . 2006-09-19 01:16 -------- d-----w- c:\documents and settings\Infamy\Application Data\Propellerhead Software
2009-09-08 01:36 . 2006-09-18 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-09-03 21:32 . 2006-05-15 07:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 23:42 . 2009-07-30 03:20 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2007-10-25 17:12 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-19 07:36 . 2009-08-29 16:46 299008 ----a-w- c:\windows\system32\TubeFinder.exe
2009-08-11 20:21 . 2009-08-11 20:21 87552 ----a-w- c:\windows\system32\ac3config.exe
2009-08-04 15:58 . 2009-08-04 15:58 802603 ----a-w- c:\windows\system32\ff_x264.dll
2009-08-04 15:57 . 2009-08-04 15:57 557003 ----a-w- c:\windows\system32\libmplayer.dll
2009-08-04 13:07 . 2009-08-04 13:07 4455179 ----a-w- c:\windows\system32\libavcodec.dll
2009-07-29 23:10 . 2009-07-29 23:10 829781 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-14 13:19 . 2009-07-14 13:19 425040 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-07-14 12:31 . 2009-07-14 12:31 146098 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2005-07-14 19:31 . 2006-05-24 17:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2005-06-26 22:32 . 2006-05-08 18:07 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 05:37 . 2006-05-24 17:37 45568 --sha-r- c:\windows\system32\cygz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-02-22 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-02-22 126976]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-04-27 69632]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-10 185896]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
"iLike"="c:\program files\iLike\1.2.14\ilikesidebar.exe" [2008-09-11 63024]
c:\documents and settings\Infamy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
M-Audio Ozone Control Panel Launcher.lnk - c:\program files\M-Audio Ozone\OZTask.exe [2003-1-31 98304]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-5-15 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-01-18 16:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=usbnz1x1.dll
"midi3"=usbnz1x1.dll
"midi5"=usbnz1x1.dll
"midi7"=usbnz1x1.dll
"midi9"=usbnz1x1.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153132310\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153132310\\ee\\aim6.exe"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Infamy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Infamy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 6:26 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 ma763008;M-Audio Ozone;c:\windows\system32\drivers\MA763008.sys [5/15/2006 2:05 AM 30464]
R3 USBNZ1X1;M-Audio Ozone Midi;c:\windows\system32\drivers\usbnz1x1.sys [5/15/2006 2:05 AM 22272]
S2 gupdate1c8c87fc3a3c1b0;Google Update Service (gupdate1c8c87fc3a3c1b0);c:\program files\Google\Update\GoogleUpdate.exe [7/10/2008 5:29 PM 133104]
S3 MADFU008;MADFU008;c:\windows\system32\drivers\MADFU008.sys [5/15/2006 2:05 AM 16640]
.
Contents of the 'Scheduled Tasks' folder
2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-10 22:07]
2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-10 22:07]
2009-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-261478967-725345543-1003Core.job
- c:\documents and settings\Infamy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-22 19:14]
2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-261478967-725345543-1003UA.job
- c:\documents and settings\Infamy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-22 19:14]
2009-09-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - d:\unmatc~1\Other\Programs\MI31D0~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Infamy\Application Data\Mozilla\Firefox\Profiles\v8qpepxc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\Infamy\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Infamy\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint_.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{6AA8684D-86B4-4022-9E3D-3C045823FE73} - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE
ShellExecuteHooks-{F89688C0-370E-4E5D-A473-299B383A41E5} - (no file)
ShellExecuteHooks-{BD804BDD-9A9E-45F5-B9CD-99832A48603C} - c:\windows\system32\WMDima.dll
AddRemove-Reason Adapted M-Audio Express_is1 - d:\unmatched productions library\Producing Files\Programs\Reason Adapted M-Audio Express\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 10:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
c:\windows\TEMP\TMP00000032E2853191E094636F 524288 bytes executable
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\Ê:âëüMpªê **]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\VESWinlogon.dll
- - - - - - - > 'explorer.exe'(2040)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\M-Audio Ozone\Install\ozinst.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\igfxext.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-30 11:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-30 15:07
Pre-Run: 28,076,912,640 bytes free
Post-Run: 29,974,691,840 bytes free
310
Register to Remove
#11
Posted 30 September 2009 - 05:00 PM
Edited by Infam247, 30 September 2009 - 05:14 PM.
#12
Posted 30 September 2009 - 06:42 PM
Combofix didn't find autorun.inf or it would be shown in what it removed.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\bmk2x0bt.2hu
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\jkvbe0fh.vpk
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\pgorjmvo.i55
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\vwegfdvw.iur
c:\documents and settings\Infamy\Start Menu\Programs\Uninstall.lnk
c:\windows\Downloaded Program Files\RdxIE.dll
That sounds more like a USB driver is missing. We can deal with that later.2. My computer no longer recognizes my external hard drive, and when I go to explore I can't find it.
Do you know what this program is?
c:\program files\wwgpfs
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#13
Posted 30 September 2009 - 07:10 PM
#14
Posted 30 September 2009 - 07:16 PM
Do a file search for autorun.inf
This should repair autoplay
Autoplay Repair Wizard
http://www.microsoft...;DisplayLang=en
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#15
Posted 30 September 2009 - 07:57 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users