|
| ||
| Just like in high school i remember having to take a test and not knowing anything about the subject and just like then, now my combo fix report ComboFix 08-09-05.05 - booker 2008-09-07 0:45:44.1 - NTFSx86 Running from: C:\Documents and Settings\booker.HOME-5214237687\Desktop\ddddaannniiwwweeebb\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . The following files were disabled during the run: C:\Program Files\iolo\Common\Lib\sguard.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\booker.HOME-5214237687\ResErrors.log C:\WINDOWS\Downloaded Program Files\Quarantine C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\keyboard1.dat C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\tdgdrs33.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_DHLP -------\Legacy_IPRIP -------\Service_6to4 -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-10-06 18:51 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WERe9e6.dir00 2008-10-06 18:48 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WER6ac8.dir00 2008-09-23 07:09 . 2008-08-23 00:45 <DIR> d-------- C:\temp\QuickCam_11.80.1065 2008-09-23 03:06 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WERf0b7.dir00 2008-09-23 01:06 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WER8778.dir00 2008-09-07 00:55 . 2008-09-07 00:55 53,248 --a------ C:\temp\catchme.dll 2008-09-07 00:54 . 2008-09-07 00:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-07 00:54 . 2008-09-07 00:54 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-07 00:53 . 2008-09-07 00:53 <DIR> d-------- C:\temp\WPDNSE 2008-09-07 00:51 . 2008-09-07 00:51 16,384 --a----t- C:\temp\Perflib_Perfdata_32c.dat 2008-09-06 19:45 . 2008-09-07 00:54 <DIR> d-------- C:\temp\{C90C518C-0720-4961-B9B5-B579B33311AB} 2008-09-06 15:18 . 2008-09-07 00:52 <DIR> d-------- C:\temp\nsb6.tmp 2008-09-06 15:07 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WER5e41.dir00 2008-09-06 14:55 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WERad76.dir00 2008-09-05 08:38 . 2008-09-05 08:38 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS 2008-09-05 08:38 . 2008-09-05 08:38 <DIR> d-------- C:\temp\Picasa3 2008-09-05 08:38 . 2008-09-07 00:52 <DIR> d-------- C:\temp\nsu7D.tmp 2008-09-04 20:44 . 2008-09-04 20:44 <DIR> d-------- C:\temp\Google Gadget Cache 2008-08-30 22:19 . 2008-08-30 22:41 <DIR> d-------- C:\Program Files\EsetOnlineScanner 2008-08-30 15:44 . 2008-09-04 21:06 <DIR> d-------- C:\temp\wzf3e4 2008-08-30 15:42 . 2008-09-04 21:06 <DIR> d-------- C:\temp\wz0a83 2008-08-30 07:57 . 2008-08-30 07:57 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-30 07:57 . 2008-08-30 07:57 <DIR> d-------- C:\Documents and Settings\booker.HOME-5214237687\Application Data\Malwarebytes 2008-08-30 07:57 . 2008-08-30 07:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-08-30 07:57 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-30 07:57 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-23 01:24 . 2008-08-23 01:24 <DIR> d-------- C:\temp\{ECAB36B7-1453-4DA2-8308-CCA67D1DA735} 2008-08-23 01:24 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{8F5E9A50-4A68-43F2-86D4-A696B7E2A532} 2008-08-23 01:20 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{D9C5206A-F48C-443C-84FE-F673674A4322} 2008-08-23 01:20 . 2008-08-23 01:20 <DIR> d-------- C:\temp\{A3516346-06FD-4EB7-93D1-803542A697C1} 2008-08-23 00:47 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{A90AA336-24E8-4F06-9977-29ED693FC233} 2008-08-23 00:35 . 2008-09-23 03:03 <DIR> d-------- C:\temp\~nsu.tmp 2008-08-23 00:08 . 2008-08-23 00:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ascentive 2008-08-23 00:05 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{6E58355A-6911-4A35-8A3B-808AB3A22FA7} 2008-08-23 00:05 . 2008-08-23 00:05 <DIR> d-------- C:\temp\{3EC28456-29D6-40AB-B438-41CF3CCAD4CF} 2008-08-23 00:05 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{2A89E315-2DEC-42E4-934C-C94533E628E1} 2008-08-23 00:05 . 2007-07-03 11:48 20,480 --a------ C:\WINDOWS\system32\SysRestore.dll 2008-08-23 00:03 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{CCDC7478-97CC-4933-92F4-B836890DEFCB} 2008-08-23 00:01 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{2FAFDCAB-0E6C-4547-BB5E-96367B673B4C} 2008-08-22 23:59 . 2008-09-06 19:46 <DIR> d-------- C:\Program Files\Ascentive 2008-08-22 23:59 . 2007-08-10 12:56 303,104 --a------ C:\WINDOWS\system32\ciplListBar.ocx 2008-08-22 23:59 . 2007-08-10 12:56 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx 2008-08-22 23:59 . 2008-04-29 13:14 208,896 --a------ C:\WINDOWS\system32\ConTest.dll 2008-08-22 23:59 . 2007-08-10 12:56 155,648 --a------ C:\WINDOWS\system32\ciplImageList.ocx 2008-08-22 23:58 . 2008-08-22 23:59 <DIR> d-------- C:\temp\{C36080B7-84C3-4839-8B16-973DBC1CA2D7} 2008-08-22 23:58 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{408419FF-C461-4DCE-814D-8CD1C398DE23} 2008-08-22 22:41 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WERf713.dir00 2008-08-22 16:45 . 2008-08-22 16:48 <DIR> d-------- C:\temp\plugtmp-6 2008-08-21 01:02 . 2008-08-21 01:03 <DIR> d-------- C:\temp\iss33.tmp 2008-08-21 01:00 . 2008-08-21 01:00 <DIR> d-------- C:\temp\iss17.tmp 2008-08-20 21:53 . 2008-08-21 16:20 <DIR> d-------- C:\temp\WER2ba3.dir00 2008-08-20 19:38 . 2008-08-21 16:20 <DIR> d-------- C:\temp\WER2a7a.dir00 2008-08-20 04:31 . 2008-08-20 04:31 53,365 --a------ C:\WINDOWS\system32\COMPROHESIVE 2008-08-19 20:22 . 2008-08-22 21:07 <DIR> d-------- C:\temp\plugtmp-5 2008-08-19 17:12 . 2008-08-19 17:12 <DIR> d-------- C:\Program Files\Solitaire.Com 2008-08-19 13:59 . 2008-08-19 22:13 <DIR> d-------- C:\temp\WERe465.dir00 2008-08-19 05:22 . 2008-08-21 09:38 <DIR> d-------- C:\Program Files\Steam 2008-08-18 21:41 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERb528.dir00 2008-08-18 21:34 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERf5a3.dir00 2008-08-18 21:33 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERdc43.dir00 2008-08-18 21:17 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER8a9e.dir00 2008-08-18 20:43 . 2008-08-18 20:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-17 15:10 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER43b3.dir00 2008-08-17 15:05 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERadbd.dir00 2008-08-14 03:06 . 2008-09-07 00:52 <DIR> d--h----- C:\temp\Temporary Directory 3 for OpticalMouse-MicroInnovations-.zip 2008-08-14 03:05 . 2008-09-07 00:52 <DIR> d--h----- C:\temp\Temporary Directory 2 for OpticalMouse-MicroInnovations-.zip 2008-08-14 01:02 . 2008-08-21 16:55 <DIR> d-------- C:\WINDOWS\Logs 2008-08-12 20:30 . 2008-08-19 12:47 <DIR> d-------- C:\temp\plugtmp-4 2008-08-12 18:29 . 2008-08-12 18:29 <DIR> d-------- C:\temp\MCA6D.tmp 2008-08-12 18:29 . 2002-03-13 08:50 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys 2008-08-12 18:28 . 2008-09-04 21:06 <DIR> d-------- C:\temp\vsoaol8026.tmp 2008-08-12 17:18 . 2008-08-12 17:19 <DIR> d-------- C:\temp\CDM 2008-08-12 11:19 . 2008-08-31 08:48 <DIR> d-------- C:\Program Files\PowerArchiver 2008-08-12 11:19 . 2008-08-12 11:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ConeXware 2008-08-12 09:49 . 2008-09-07 00:52 <DIR> d--h----- C:\temp\Temporary Directory 1 for OpticalMouse-MicroInnovations-.zip 2008-08-12 09:49 . 2008-08-12 09:49 <DIR> d-------- C:\Program Files\Browser Mouse 2008-08-12 09:49 . 2000-05-09 22:29 6,205 --a------ C:\WINDOWS\system32\LWBHMVXD.VXD 2008-08-12 05:27 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER6d96.dir00 2008-08-12 05:23 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERfd71.dir00 2008-08-12 05:22 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER3812.dir00 2008-08-10 17:18 . 2008-08-19 12:47 <DIR> d-------- C:\temp\pftA.tmp 2008-08-10 16:31 . 2008-08-19 12:46 <DIR> d-------- C:\temp\pft13.tmp 2008-08-10 03:29 . 2008-08-10 03:29 6,656 --ahs---- C:\Thumbs.db 2008-08-09 03:23 . 2008-08-09 03:24 <DIR> d-------- C:\temp\plugtmp-3 2008-08-07 20:12 . 2008-09-07 00:56 <DIR> d-------- C:\Documents and Settings\booker.HOME-5214237687\Application Data\OpenOffice.org2 2008-08-07 20:10 . 2008-08-07 20:10 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-07 02:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-06 22:18 --------- d-----w C:\Program Files\Google 2008-08-31 15:35 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs 2008-08-31 01:11 --------- d-----w C:\Program Files\NovaLogic 2008-08-30 15:56 --------- d-----w C:\Program Files\PremierOpinion 2008-08-21 18:49 --------- d-----w C:\Program Files\GPL 2004 DEMO 2008-08-21 18:39 --------- d-----w C:\Program Files\SpaceHaste 2008-08-21 12:04 --------- d-----w C:\Program Files\Common Files\Logitech 2008-08-21 08:03 --------- d-----w C:\Program Files\Logitech 2008-08-21 08:01 --------- d-----w C:\Program Files\DivX 2008-08-21 08:00 --------- d-----w C:\Program Files\Creative 2008-08-21 07:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech 2008-08-21 07:54 --------- d-----w C:\Program Files\GedSmart 2008-08-20 00:12 --------- d-----w C:\Documents and Settings\booker.HOME-5214237687\Application Data\Solitaire.Com 2008-08-19 12:56 --------- d-----w C:\Program Files\Java 2008-08-13 01:29 --------- d-----w C:\Program Files\McAfee.com 2008-08-12 22:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip 2008-08-12 18:46 --------- d-----w C:\Program Files\WinAce 2008-08-11 00:20 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-08-07 18:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2008-07-23 03:28 --------- d-----w C:\Documents and Settings\booker.HOME-5214237687\Application Data\ErrorSmart 2008-07-22 23:06 --------- d-----w C:\Program Files\NOS 2008-07-22 23:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS 2008-07-22 05:54 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-07-22 05:53 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-20 20:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MumboJumbo 2008-07-14 11:04 --------- d-----w C:\Program Files\EZ Emoticons 2008-05-01 09:54 784 ----a-w C:\Documents and Settings\booker.HOME-5214237687\Application Data\mpauth.dat 1998-10-24 07:00 700 -csha-w C:\WINDOWS\dv11mxv_0$1_783482.drv . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856] "SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 557056] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 267048] "VirusScannerPro"="C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe" [2008-02-01 173312] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-04 29744] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024] "P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\WINDOWS\KHALMNPR.Exe] "nwiz"="nwiz.exe" [2008-05-02 C:\WINDOWS\system32\nwiz.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "SetDefaultMIDI"="MIDIDef.exe" [2002-12-02 C:\WINDOWS\MIDIDEF.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544] "RunNarrator"="Narrator.exe" [2008-04-14 C:\WINDOWS\system32\narrator.exe] "DefaultP17MIDI"="MIDIDEF.EXE" [2002-12-02 C:\WINDOWS\MIDIDEF.EXE] "DefaultP17"="P17Def.Exe" [2005-05-02 C:\WINDOWS\P17DEF.EXE] C:\Documents and Settings\booker.HOME-5214237687\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216] QuickLink Mobile.lnk - C:\Program Files\Verizon Wireless\QuickLink Mobile\QuickLink Mobile.exe [2006-06-27 917504] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 fasttrak;fasttrak;C:\WINDOWS\system32\DRIVERS\fasttrak.sys [2002-04-23 73856] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728] R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 KFilter;KFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys [2008-01-31 53329] R3 TFilter;TFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\TFilter.sys [2008-01-31 20225] S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-04 29744] S3 lgatbus;LG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\lgatbus.sys [2002-10-15 43024] S3 lgatmdm;LG CDMA USB Modem Drivers;C:\WINDOWS\system32\DRIVERS\lgatmdm.sys [2002-10-15 77104] S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\lgatserd.sys [2002-10-15 60816] S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\MailScan.sys [2008-02-01 20464] S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032] S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-03-04 7936] S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys [2007-05-01 132232] S3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys [2007-05-01 28416] S4 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2007-08-10 69120] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\setup.exe . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl HKU-Default-Run-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe SharedTaskScheduler-{588599f4-de26-4c28-ba14-f4eb17e33481} - (no file) SharedTaskScheduler-{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0} - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\booker.HOME-5214237687\Application Data\Mozilla\Firefox\Profiles\k0zmzvbx.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin9.dll FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin9.dll FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll . . ------- File Associations (Beta) ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-07 00:55:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\TEMP\sv9l5.tmp C:\TEMP\sv9l5.tmp scan completed successfully hidden files: 2 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Program Files\iolo\Common\Lib\sguard.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\iolo\Common\Lib\sguard.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\iolo\Common\Lib\sguard.dll PROCESS: C:\WINDOWS\system32\csrss.exe -> C:\Program Files\iolo\Common\Lib\sguard.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\snmp.exe C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2008-09-07 1:09:47 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-07 08:09:37 Pre-Run: 38,670,258,176 bytes free Post-Run: 38,901,612,544 bytes free 292 --- E O F --- 2008-09-07 07:58:14 |
| ||
| Re: Just like in high school Can you tell us the reason you ran combofix in the first place? You really shouldn't run that unless directed to do so after running the steps in the link below. You need to go HERE and complete the steps given there. Including ATF-Cleaner, to get rid of all those temp files...this should always be a FIRST Step. Then run Malwarebytes' Anti-Malware and allow it to fix what it finds. Do the online ESET Scan and SKIP the DSS program as it is not available at this time. Following that please run HiJackThis on a full system scan and save the log. Post back here with the MBA-M log and the HiJackThis log. Judy |
| ||
| Re: Just like in high school i assure you i didnt just run combofix by just dreaming up the name and then luckily finding a program that actually matched the dreamt up name. I was sent there. well j holland, theres a problem with my computer and its me. i have been trying to do what you have asked. j let me say i'll start anew again if thats what you would like me to do.I have no problem with that let me try to type what i think i mean to say i.m starting off with a computer that has no partiton and it tells me to reboot. I also have a lot of files im trying to give a name too. i have many files with the name new file. i have many files that r named 1 2 3 4 5 6 etc . I also trying to copy alll these files onto a another harddrive but for sure as cats meow i get blue screened this is of course all not my biggest problem its the fact i either have to change the month ahead a month right after starting so that when im told that my comp is going to shut down in 59 sec i change the calender back to the correct month and i get 30 days and 59 seconds r i use the abort command. I hope you understand and will be willing to put up with my ignorance im not even to sure how to put or where to put my scans after i get them but heres one that i was able to copy its the files in my add and remove list in which theres alot i cant get rid of ty booker Acrobat.com AcroChallenge 2.86 Adobe AIR Adobe Flash Player ActiveX Adobe Reader 9 Adobe Reader Chinese Traditional Fonts Adobe Shockwave Player Apple Software Update Bird Hunter 2003 Demo CCleaner (remove only) DivX Codec Double Solitaire 2.00 Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14 ebgcInfra ebgcRes ebgcSDK ESET Online Scanner FasType Typing Tutorial 6 FlatOut Demo FLV Player 2.0, build 24 FoxyTunes for Firefox Google Desktop Google Earth Google Photos Screensaver Google SketchUp 6 Google Toolbar for Internet Explorer Half-Life 2: Deathmatch Half-Life 2: Lost Coast HijackThis 2.0.2 iTunes J2SE Runtime Environment 5.0 Update 9 Java(TM) 6 Update 2 Java(TM) 6 Update 4 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Logitech Audio Echo Cancellation Component Logitech QuickCam Logitech Video Enumerator Macromedia Shockwave Player Malwarebytes' Anti-Malware Math Logic 4.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 3.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual C++ 2005 Redistributable Microsoft Windows Journal Viewer Mozilla Firefox (3.0.1) MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) MVision Norton Security Scan NVIDIA Drivers OpenOffice.org 2.4 Peggle Extreme Platform Portal: The First Slice PowerArchiver 2007 QuickTime Rhapsody Player Engine Security Update for CAPICOM (KB931906) SmartFTP Client 2.0 Sound Blaster Audigy Sportsbook.com Poker Steam Stickman 4 SystemSuite 8 Professional URGE VIA Rhine-Family Fast Ethernet Adapter VideoLAN VLC media player 0.8.6c WebFldrs XP WinAce Archiver 2.0 Windows Communication Foundation Windows Live installer Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows Workflow Foundation Windows XP Service Pack 3 WinZip 11.1 |
| ||
| Re: Just like in high school hers the ones i cant get rid of Adobe Reader Chinese Traditional Fonts Bird Hunter 2003 Demo Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14 ebgcInfra ebgcRes ebgcSDK FasType Typing Tutorial 6 FlatOut Demo Google Photos Screensaver Google Toolbar for Internet Explorer J2SE Runtime Environment 5.0 Update 9 Java(TM) 6 Update 2 Logitech Audio Echo Cancellation Component Logitech QuickCam Logitech Video Enumerator Microsoft .NET Framework 1.1 Microsoft .NET Framework 3.0 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft Windows Journal Viewer MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MVision Norton Security Scan Platform Rhapsody Player Engine Security Update for CAPICOM (KB931906) SmartFTP Client 2.0 Stickman 4 URGE WebFldrs XP Windows Communication Foundation Windows Presentation Foundation Windows Workflow Foundation |
| ||
| Re: Just like in high school Quote:
Combofix wouldn't remove those programs you note, those are legitimate programs. Combofix is a scanner used to scan for malware and hopefully will remove the malware it finds. But it isn't generally going to remove legitimate programs, especially those which came installed on the computer having to do with the operating system or updates to that system or to those programs. When you say "Here's the ones I can't get rid of" do you mean they will not uninstall? How did you try to uninstall them and WHY? Many of the items you show are Security Updates for various Microsoft programs and shouldn't be removed. You have not told us what operating system you are running, though I have to assume, based on the Add/Remove list is that it is XPSP3 WHy do you want to get rid of Dr. Watson? To pick some others at random...your Add/Remove list shows the following Java versions in the list; J2SE Runtime Environment 5.0 Update 9 Java(TM) 6 Update 2 Java(TM) 6 Update 4 Java(TM) 6 Update 5 Java(TM) 6 Update 7 But you state you "can't get rid of" only J2SE Runtime Environment 5.0 Update 9 Java(TM) 6 Update 2. If the others are on the list then they aren't removed either. The only one you need is Java(TM) 6 Update 7. All of the listings for Office are a part of the Microsoft Office program or updates to Microsoft Office. Do you want to Uninstall the Office Program? If you Uninstall the Microsoft Office program entirely then generally all of those would be uninstalled also. The way to Uninstall is first to go through the Add/Remove in the Control Panel and remove them that way. If they aren't listed then go into the Start, All Programs menu and see if there is an Uninstall Option on the various programs you note. You have to look in each program. If they aren't listed there then search on the computer for the program folder and see if there is an uninstall option within that program folder. We need actual information about the computer and the operating system installed. Do you feel your computer is infected with something? If so, what are the symptoms? |
| All times are GMT -4. The time now is 12:49 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC