 |  |  |  |  |  |  |  |
iexplore.exe opening in background
Thread Solved |
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
It will. If it returned once.... Okay, there are files there that I cannot see, to protect and regenerate malware. I suspect a rootkit, and this tool will flush out most problems:
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : disconnect from the web, turn off your Antivirus, Antispyware and Firewall for the duration of this scan. Don't forget to reset them before you go back on the web!
- to run it dclick the Combofix.exe icon and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : disconnect from the web, turn off your Antivirus, Antispyware and Firewall for the duration of this scan. Don't forget to reset them before you go back on the web!
- to run it dclick the Combofix.exe icon and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Deep, deep in the woods, but walking about.
Just before starting the scan I was told to install that recovery console system but accidentally hit 'okay' before my net could reconnect 
Wasn't sure if I should do another scan with the recovery console system installed... anyway, here is the scan report:
ComboFix 09-07-12.03 - User 13/07/2009 18:06.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1574 [GMT 10:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.
2009-07-11 12:13 . 2009-06-17 01:27 38160 ----a-r- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 12:13 . 2009-07-11 12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 12:13 . 2009-06-17 01:27 19096 ----a-r- c:\windows\system32\drivers\mbam.sys
2009-07-10 12:57 . 2009-07-11 01:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 18:17 . 2009-06-26 00:36 1008896 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-07 17:15 . 2009-07-07 17:15 -------- d-----w- c:\documents and settings\User\Application Data\GlarySoft
2009-07-07 17:09 . 2009-07-07 17:09 -------- d-----w- c:\program files\Glary Utilities
2009-07-05 11:06 . 2009-07-05 11:06 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PunkBuster
2009-07-05 04:59 . 2009-07-05 04:58 2054424 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcorex.dll
2009-07-05 04:59 . 2009-07-05 04:58 2167576 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgresf.dll
2009-07-05 04:59 . 2009-06-24 06:45 327688 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgldx86.sys
2009-07-05 04:59 . 2009-06-24 06:45 906520 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgemc.exe
2009-07-05 04:59 . 2009-06-24 06:45 3402008 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgui.exe
2009-07-05 04:59 . 2009-06-24 06:45 1204504 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgabout.dll
2009-07-05 04:59 . 2009-06-24 06:45 337176 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avglogx.dll
2009-07-05 04:59 . 2009-06-24 06:45 829208 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcfgx.dll
2009-07-05 04:59 . 2009-06-24 06:45 3298072 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\setup.exe
2009-07-05 04:57 . 2009-06-24 06:12 1454360 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgupd.dll
2009-07-05 04:57 . 2009-06-24 06:12 1085208 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgupd.exe
2009-06-26 13:31 . 2009-06-26 13:31 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AVG Security Toolbar
2009-06-24 06:46 . 2009-06-24 06:45 832144 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\AVGToolbarInstall.exe
2009-06-24 06:45 . 2009-07-07 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-24 06:45 . 2009-06-24 06:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-16 17:03 . 2009-07-13 05:42 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-16 14:26 . 2009-06-16 14:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 02:23 . 2007-12-25 09:57 138736 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-13 02:22 . 2007-12-25 09:57 188968 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-13 01:22 . 2006-12-31 15:22 16608 ----a-w- c:\windows\gdrv.sys
2009-07-12 09:56 . 2008-11-02 08:11 -------- d-----w- c:\program files\Warcraft III
2009-07-10 13:07 . 2008-02-28 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-05 11:06 . 2007-12-25 09:57 75064 ----a-r- c:\windows\system32\PnkBstrA.exe
2009-07-05 04:58 . 2009-04-21 05:00 335752 ----a-r- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 06:45 . 2009-04-21 05:00 11952 ----a-r- c:\windows\system32\avgrsstx.dll
2009-06-24 06:45 . 2009-04-21 05:00 27784 ----a-r- c:\windows\system32\drivers\avgmfx86.sys
2009-06-08 01:23 . 2007-09-25 18:31 -------- d-----w- c:\documents and settings\User\Application Data\Azureus
2009-06-06 00:02 . 2009-06-06 00:02 -------- d-----w- c:\program files\Ubisoft
2009-06-06 00:02 . 2006-12-31 15:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-05 08:07 . 2006-12-31 16:17 -------- d-----w- c:\program files\World of Warcraft
2009-05-29 18:55 . 2007-09-25 17:30 -------- d-----w- c:\program files\Azureus
2009-05-04 01:55 . 2009-04-21 05:00 108552 ----a-r- c:\windows\system32\drivers\avgtdix.sys
2009-05-02 11:13 . 2007-09-26 10:22 107888 ----a-r- c:\windows\system32\CmdLineExt.dll
2009-04-22 18:56 . 2006-12-31 23:32 19376 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 00:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 136600]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13680640]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-27 16875008]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-14 1657376]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 06:45 11952 ----a-r- c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\NetMeter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"4000:TCP"= 4000:TCP
iablo 2
"6112:TCP"= 6112:TCP:Blizzard Downloader: 6112
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/04/2009 3:00 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/04/2009 3:00 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [21/04/2009 3:00 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/04/2009 3:00 PM 298776]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [23/01/2009 1:06 PM 80392]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [3/02/2009 12:39 AM 13225]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PNKBSTRB
*NewlyCreated* - PNKBSTRK
.
Contents of the 'Scheduled Tasks' folder
2009-07-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 00:20]
2009-07-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-07-07 06:55]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://www.bigpond.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xzjvews6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/webhp?sourceid=navclient-ff&ie=UTF-8&rlz=1B3DVFC_enAU242AU243
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 18:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-1383384898-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:07,5f,3c,ce,f9,50,ed,01,52,a8,77,37,1f,80,e2,dd,82,ec,0c,0c,f7,a7,26,
45,b5,75,bd,a4,90,27,74,7c,80,36,e8,b6,5d,3e,66,6a,a4,bf,97,4d,3b,a4,82,74,\
"??"=hex:25,65,bb,27,8b,92,55,34,10,3f,d9,49,2f,0e,31,37
[HKEY_USERS\S-1-5-21-1659004503-1383384898-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e2,60,37,54,a4,90,e1,42,bf,ea,6d,3b,3a,32,a6,a2,f0,24,e6,6e,26,
9a,62,5c,0a,a6,62,8a,0d,55,f8,27,ae,53,07,e8,1e,be,d6,3e,3f,0a,83,02,27,71,\
"rkeysecu"=hex:e0,54,41,8e,97,1f,4c,69,53,47,06,ea,08,ba,32,11
.
Completion time: 2009-07-13 18:12
ComboFix-quarantined-files.txt 2009-07-13 08:12
Pre-Run: 122,519,105,536 bytes free
Post-Run: 122,553,536,512 bytes free
232 --- E O F --- 2008-11-02 16:53
Wasn't sure if I should do another scan with the recovery console system installed... anyway, here is the scan report:
ComboFix 09-07-12.03 - User 13/07/2009 18:06.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1574 [GMT 10:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.
2009-07-11 12:13 . 2009-06-17 01:27 38160 ----a-r- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 12:13 . 2009-07-11 12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 12:13 . 2009-06-17 01:27 19096 ----a-r- c:\windows\system32\drivers\mbam.sys
2009-07-10 12:57 . 2009-07-11 01:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 18:17 . 2009-06-26 00:36 1008896 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-07 17:15 . 2009-07-07 17:15 -------- d-----w- c:\documents and settings\User\Application Data\GlarySoft
2009-07-07 17:09 . 2009-07-07 17:09 -------- d-----w- c:\program files\Glary Utilities
2009-07-05 11:06 . 2009-07-05 11:06 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PunkBuster
2009-07-05 04:59 . 2009-07-05 04:58 2054424 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcorex.dll
2009-07-05 04:59 . 2009-07-05 04:58 2167576 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgresf.dll
2009-07-05 04:59 . 2009-06-24 06:45 327688 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgldx86.sys
2009-07-05 04:59 . 2009-06-24 06:45 906520 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgemc.exe
2009-07-05 04:59 . 2009-06-24 06:45 3402008 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgui.exe
2009-07-05 04:59 . 2009-06-24 06:45 1204504 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgabout.dll
2009-07-05 04:59 . 2009-06-24 06:45 337176 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avglogx.dll
2009-07-05 04:59 . 2009-06-24 06:45 829208 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcfgx.dll
2009-07-05 04:59 . 2009-06-24 06:45 3298072 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\setup.exe
2009-07-05 04:57 . 2009-06-24 06:12 1454360 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgupd.dll
2009-07-05 04:57 . 2009-06-24 06:12 1085208 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgupd.exe
2009-06-26 13:31 . 2009-06-26 13:31 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AVG Security Toolbar
2009-06-24 06:46 . 2009-06-24 06:45 832144 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\AVGToolbarInstall.exe
2009-06-24 06:45 . 2009-07-07 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-24 06:45 . 2009-06-24 06:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-16 17:03 . 2009-07-13 05:42 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-16 14:26 . 2009-06-16 14:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 02:23 . 2007-12-25 09:57 138736 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-13 02:22 . 2007-12-25 09:57 188968 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-13 01:22 . 2006-12-31 15:22 16608 ----a-w- c:\windows\gdrv.sys
2009-07-12 09:56 . 2008-11-02 08:11 -------- d-----w- c:\program files\Warcraft III
2009-07-10 13:07 . 2008-02-28 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-05 11:06 . 2007-12-25 09:57 75064 ----a-r- c:\windows\system32\PnkBstrA.exe
2009-07-05 04:58 . 2009-04-21 05:00 335752 ----a-r- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 06:45 . 2009-04-21 05:00 11952 ----a-r- c:\windows\system32\avgrsstx.dll
2009-06-24 06:45 . 2009-04-21 05:00 27784 ----a-r- c:\windows\system32\drivers\avgmfx86.sys
2009-06-08 01:23 . 2007-09-25 18:31 -------- d-----w- c:\documents and settings\User\Application Data\Azureus
2009-06-06 00:02 . 2009-06-06 00:02 -------- d-----w- c:\program files\Ubisoft
2009-06-06 00:02 . 2006-12-31 15:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-05 08:07 . 2006-12-31 16:17 -------- d-----w- c:\program files\World of Warcraft
2009-05-29 18:55 . 2007-09-25 17:30 -------- d-----w- c:\program files\Azureus
2009-05-04 01:55 . 2009-04-21 05:00 108552 ----a-r- c:\windows\system32\drivers\avgtdix.sys
2009-05-02 11:13 . 2007-09-26 10:22 107888 ----a-r- c:\windows\system32\CmdLineExt.dll
2009-04-22 18:56 . 2006-12-31 23:32 19376 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 00:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 136600]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13680640]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-27 16875008]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-14 1657376]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 06:45 11952 ----a-r- c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\NetMeter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"4000:TCP"= 4000:TCP
iablo 2"6112:TCP"= 6112:TCP:Blizzard Downloader: 6112
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/04/2009 3:00 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/04/2009 3:00 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [21/04/2009 3:00 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/04/2009 3:00 PM 298776]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [23/01/2009 1:06 PM 80392]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [3/02/2009 12:39 AM 13225]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PNKBSTRB
*NewlyCreated* - PNKBSTRK
.
Contents of the 'Scheduled Tasks' folder
2009-07-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 00:20]
2009-07-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-07-07 06:55]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://www.bigpond.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xzjvews6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/webhp?sourceid=navclient-ff&ie=UTF-8&rlz=1B3DVFC_enAU242AU243
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 18:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-1383384898-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:07,5f,3c,ce,f9,50,ed,01,52,a8,77,37,1f,80,e2,dd,82,ec,0c,0c,f7,a7,26,
45,b5,75,bd,a4,90,27,74,7c,80,36,e8,b6,5d,3e,66,6a,a4,bf,97,4d,3b,a4,82,74,\
"??"=hex:25,65,bb,27,8b,92,55,34,10,3f,d9,49,2f,0e,31,37
[HKEY_USERS\S-1-5-21-1659004503-1383384898-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e2,60,37,54,a4,90,e1,42,bf,ea,6d,3b,3a,32,a6,a2,f0,24,e6,6e,26,
9a,62,5c,0a,a6,62,8a,0d,55,f8,27,ae,53,07,e8,1e,be,d6,3e,3f,0a,83,02,27,71,\
"rkeysecu"=hex:e0,54,41,8e,97,1f,4c,69,53,47,06,ea,08,ba,32,11
.
Completion time: 2009-07-13 18:12
ComboFix-quarantined-files.txt 2009-07-13 08:12
Pre-Run: 122,519,105,536 bytes free
Post-Run: 122,553,536,512 bytes free
232 --- E O F --- 2008-11-02 16:53
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Good morning.
Installing Recovery Console is a precaution in case Combofix breaks your sys. If you have a bootable XP cd you do not need it on your hard drive- it is then just a convenience.
This one, c:\windows\OPTIONS\CABS\_desktop.ini is associated with various worms, virii. The other deletions were of SMitfraudfix files.
I see no other problems there.... you certainly threw some stuff at it..
You can remove that AVG8 browser toolbar if you so wish... a space waste.
Tell me how things are, please.
Installing Recovery Console is a precaution in case Combofix breaks your sys. If you have a bootable XP cd you do not need it on your hard drive- it is then just a convenience.
This one, c:\windows\OPTIONS\CABS\_desktop.ini is associated with various worms, virii. The other deletions were of SMitfraudfix files.
I see no other problems there.... you certainly threw some stuff at it..
You can remove that AVG8 browser toolbar if you so wish... a space waste.
Tell me how things are, please.
Deep, deep in the woods, but walking about.
 |
Similar Threads
- iexplore.exe (Viruses, Spyware and other Nasties)
- Iexplore.exe keeps opening by itself (Viruses, Spyware and other Nasties)
- iexplore.exe (Viruses, Spyware and other Nasties)
- Multiple iexplore.exe and multiple symantec email proxy warnings (Viruses, Spyware and other Nasties)
- unclosable process firefox.exe or iexplore.exe (Viruses, Spyware and other Nasties)
- Help in error:IEXPLORE.EXE - Application Error (Web Browsers)
- iexplore.exe; rundll32.exe; HiJackThis Log Posted - Please help (Viruses, Spyware and other Nasties)
- Iexplore.exe application failed?? (Web Browsers)
Other Threads in the Windows NT / 2000 / XP Forum
- Previous Thread: Any Other Solution Except Reinstalling
- Next Thread: Winxp installation question
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Windows NT / 2000 / XP Posts
- Today's Posts
- Unanswered Threads
.net 3.5 3daccelertion 2007 2010 activedirectory alaris android apache application arm auto automatically black blue book cellphones chinese collaboration computer computerfreezes crash desktop desktops dns domain dotnetnuke drive error errors explorer features folder fontmanagers fonts gadgets intel killprocess laptop laptops latitude linux load login mac markshuttleworth microsoft minimalizes mobile monitor netbooks novell nvidia opensource operatingsystems oracle osinstallationproblem osx outlook partition patch port product proxy raid rds remotedesktopconnection repair replacingraiddrive screen server. simplifiedchinese sp1 sp3 spyware studios ubuntu unreadable update upgrade usb verizon videogames virtual virus vista visual vulnerability wab webos weecam win win32/heur window windows windows7 windowsxp windowsxpnotstartingup. worm xp
