1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

logs using ComboFix

Discussion in 'Windows - Virus and spyware problems' started by xaznboitx, Aug 26, 2010.

  1. xaznboitx

    xaznboitx Regular member

    Joined:
    Feb 5, 2006
    Messages:
    394
    Likes Received:
    0
    Trophy Points:
    26
    ComboFix 10-08-26.02 - Tony08/26/2010 21:53:06.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.332 [GMT -5:00]
    Running from: c:\users\Tony\Downloads\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\cabs\D00805-001-001\_desktop.ini
    c:\users\Tony\AppData\Local\ynagnmpss
    c:\users\Tony\AppData\Local\ynagnmpss\fempwonshdw.exe
    c:\windows\system32\netjr32.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
    .

    2010-08-27 03:02 . 2010-08-27 03:03 -------- d-----w- c:\users\Tony\AppData\Local\temp
    2010-08-27 03:02 . 2010-08-27 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-08-26 04:28 . 1999-12-17 15:13 86016 ------w- c:\windows\unvise32.exe
    2010-08-26 04:27 . 2010-08-26 04:31 -------- d-----w- c:\program files\Satellite TV PC Master
    2010-08-25 03:07 . 2008-11-26 16:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-08-25 03:07 . 2008-11-26 16:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-08-25 03:07 . 2008-11-26 16:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2010-08-25 03:07 . 2008-11-26 16:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-08-25 03:07 . 2008-11-26 16:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-08-25 03:06 . 2008-11-26 16:21 1236208 ----a-w- c:\windows\system32\aswBoot.exe
    2010-08-25 03:06 . 2008-11-26 16:17 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-08-25 02:17 . 2010-08-25 02:20 -------- d-----w- c:\program files\Ask.com
    2010-08-24 09:40 . 2010-08-24 09:40 -------- d-----w- c:\program files\Bing Bar Installer
    2010-08-24 09:39 . 2010-08-24 09:39 -------- d-----w- c:\users\Tony\AppData\Roaming\Win7codecs
    2010-08-24 07:47 . 2010-08-24 07:46 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-08-24 07:46 . 2010-08-24 07:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-08-24 07:45 . 2010-08-24 07:46 -------- d-----w- c:\users\Tony\AppData\Local\Adobe
    2010-08-24 07:45 . 2010-08-24 07:45 77184 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
    2010-08-24 07:35 . 2010-08-25 03:12 -------- d-----w- c:\programdata\NOS
    2010-08-24 04:12 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-24 04:12 . 2010-08-24 04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-24 04:12 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-22 03:19 . 2010-08-23 23:01 -------- d-----w- c:\users\Tony\AppData\Local\Super Internet TV
    2010-08-22 03:07 . 2010-08-22 07:39 -------- d-----w- c:\programdata\BitDefender
    2010-08-22 03:07 . 2010-08-22 03:08 -------- d-----w- c:\users\Tony\AppData\Roaming\BitDefender
    2010-08-22 03:03 . 2010-08-22 07:39 -------- d-----w- c:\program files\Common Files\BitDefender
    2010-08-21 18:13 . 2010-08-21 18:13 -------- d-----w- c:\users\Tony\AppData\Roaming\TuneUp Software
    2010-08-21 18:12 . 2010-08-22 02:40 -------- d-----w- c:\programdata\TuneUp Software
    2010-08-21 18:12 . 2010-08-21 18:12 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    2010-08-21 08:04 . 2010-08-21 08:07 -------- d-----w- c:\programdata\SuperHideIP
    2010-08-21 08:04 . 2010-08-21 08:04 -------- d-----w- c:\users\Tony\AppData\Roaming\SuperHideIP
    2010-08-21 05:22 . 2010-08-21 05:22 -------- d-----w- c:\users\Tony\AppData\Local\TechSmith
    2010-08-21 05:18 . 2010-08-21 05:18 -------- d-----w- c:\windows\system32\Flash
    2010-08-21 05:17 . 2010-08-21 05:20 -------- d-----w- c:\programdata\TechSmith
    2010-08-21 05:17 . 2010-08-21 05:17 -------- d-----w- c:\program files\QuickTime
    2010-08-21 05:17 . 2010-08-21 05:17 -------- d-----w- c:\program files\Common Files\TechSmith Shared
    2010-08-21 05:17 . 2010-08-21 05:17 -------- d-----w- c:\program files\TechSmith
    2010-08-21 04:55 . 2010-08-12 22:26 371200 ------w- c:\windows\system32\MC15.exe
    2010-08-21 04:55 . 2010-03-05 16:33 585728 ------w- c:\windows\system32\AReadyLB.dll
    2010-08-21 04:55 . 2010-03-05 16:33 229376 ------w- c:\windows\system32\AudDevicePlugin.dll
    2010-08-21 04:55 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2010-08-21 04:54 . 2010-08-21 04:54 -------- d-----w- c:\program files\J River
    2010-08-21 04:53 . 2010-08-21 04:53 -------- d-----w- c:\users\Tony\AppData\Roaming\J River
    2010-08-20 23:45 . 2010-08-20 23:45 -------- d-----w- c:\program files\FDRLab
    2010-08-20 23:45 . 2010-08-20 23:45 -------- d-----w- c:\windows\system32\weber
    2010-08-20 23:04 . 2010-08-23 02:36 -------- d-----w- c:\programdata\AutoHideIP
    2010-08-20 23:04 . 2010-08-20 23:04 -------- d-----w- c:\users\Tony\AppData\Roaming\AutoHideIP
    2010-08-20 22:22 . 2010-06-15 23:27 282928 ----a-w- c:\windows\system32\HMIPCore.dll
    2010-08-20 22:22 . 2010-08-20 22:22 -------- d-----w- c:\users\Tony\AppData\Roaming\Cerberus
    2010-08-14 17:45 . 2010-08-14 17:45 -------- d-----w- c:\program files\MSXML 4.0
    2010-08-14 08:52 . 2006-04-17 16:56 1207808 ----a-w- c:\windows\system32\PhoenixDll.dll
    2010-08-14 08:52 . 2004-10-17 02:46 178176 ----a-w- c:\windows\system32\StellarProfile.dll
    2010-08-14 08:49 . 2010-08-14 08:49 4 ----a-w- c:\windows\vx86036.dat
    2010-08-14 08:48 . 2010-08-14 08:48 -------- d-----w- c:\programdata\CrypKey
    2010-08-14 08:43 . 2010-08-14 08:43 -------- d-----w- C:\Log
    2010-08-14 08:43 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe
    2010-08-14 08:43 . 2008-03-17 16:45 19584 ----a-w- c:\windows\system32\Ckldrv.sys
    2010-08-14 08:43 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe
    2010-08-14 08:43 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe
    2010-08-14 08:43 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll
    2010-08-14 08:43 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe
    2010-08-14 08:43 . 2010-08-14 08:52 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery
    2010-08-14 08:11 . 2010-08-14 08:11 -------- d-----w- c:\program files\Gateway
    2010-08-14 07:54 . 2010-08-14 07:54 84480 ----a-w- c:\users\Tony\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4.1.66.0B.dll
    2010-08-14 07:46 . 2010-08-14 07:46 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-08-14 07:46 . 2010-08-14 07:54 -------- d-----w- c:\users\Tony\AppData\Roaming\SystemRequirementsLab
    2010-08-14 07:46 . 2010-08-14 07:46 84480 ----a-w- c:\users\Tony\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
    2010-08-14 04:50 . 2010-08-14 08:09 -------- d-----w- c:\program files\ATI Technologies
    2010-08-14 04:50 . 2010-08-14 04:50 -------- d-----w- c:\program files\ATI
    2010-08-14 04:44 . 2010-08-14 04:44 -------- d-----w- c:\program files\Intel
    2010-08-14 04:44 . 2009-08-18 18:44 53248 ----a-w- c:\windows\system32\CSVer.dll
    2010-08-14 04:42 . 2010-08-14 04:42 -------- d-----w- c:\users\Tony\AppData\Roaming\DeviceDoctorSoftware
    2010-08-14 03:19 . 2010-08-14 03:19 -------- d-----w- c:\program files\Motorola
    2010-08-14 03:19 . 2010-08-14 03:19 -------- d-----w- c:\program files\Common Files\Motorola Shared
    2010-08-14 03:17 . 2010-08-14 03:17 -------- d-----w- c:\users\Tony/AppData\Roaming\Carambis
    2010-08-14 02:50 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
    2010-08-14 02:50 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2010-08-14 02:42 . 2010-08-14 03:48 -------- d-----w- c:\users\Tony\AppData\Local\Microsoft Help
    2010-08-14 02:42 . 2010-08-14 04:53 -------- d-----w- c:\programdata\Microsoft Help
    2010-08-11 23:26 . 2010-08-11 23:26 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
    2010-08-11 23:26 . 2010-08-11 23:26 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-08-10 18:29 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll
    2010-08-10 18:29 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys
    2010-08-08 07:48 . 2010-08-08 07:48 -------- d-----w- c:\programdata\Trymedia
    2010-08-08 07:45 . 2010-08-08 07:45 -------- d-----w- c:\users\Tony\AppData\Roaming\SEGA
    2010-08-08 07:44 . 2010-08-08 07:44 -------- d-----w- c:\program files\SpongeBob SquarePants Bubble Rush
    2010-08-08 07:44 . 2010-08-08 07:44 -------- d-----w- c:\windows\SpongeBob SquarePants Bubble Rush
    2010-08-08 07:18 . 2010-08-08 07:18 4096 ----a-w- c:\windows\d3dx.dat
    2010-08-08 07:17 . 2010-08-08 07:18 -------- d-----w- c:\users\Tony\AppData\Roaming\Wildfire
    2010-08-08 07:17 . 2010-08-08 07:17 -------- d-----w- c:\program files\GameHouse
    2010-08-07 08:30 . 2010-08-07 08:30 -------- d-----w- c:\programdata\ZA_PreservedFiles
    2010-08-07 08:22 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
    2010-08-07 08:20 . 2010-08-07 08:20 -------- d-----w- c:\programdata\CheckPoint
    2010-08-07 08:20 . 2010-08-07 08:41 -------- d-----w- c:\windows\Internet Logs
    2010-08-06 07:53 . 2010-08-06 07:53 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
    2010-08-06 07:52 . 2010-08-06 07:52 -------- d-----w- c:\programdata\Malwarebytes
    2010-08-05 20:15 . 2010-08-05 20:27 -------- d-----w- c:\program files\Unlocker
    2010-08-03 18:40 . 2010-08-03 18:40 217127 ----a-w- c:\windows\drv43260.dll
    2010-08-03 18:40 . 2010-08-03 18:40 208935 ----a-w- c:\windows\drv33260.dll
    2010-08-02 16:26 . 2010-08-02 16:28 -------- d-----w- c:\users\TonyAppData\Roaming\NETGEAR Live Parental Controls
    2010-08-02 16:26 . 2010-08-02 16:26 -------- d-----w- c:\users\TonyAppData\Local\NETGEAR Live Parental Controls
    2010-08-01 02:07 . 2010-08-01 02:15 -------- d-----w- c:\program files\RegistryFix8
    2010-07-31 19:00 . 2010-07-31 19:00 -------- d-----w- c:\program files\MSN Toolbar
    2010-07-31 18:42 . 2010-07-31 18:42 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2010-07-31 18:42 . 2010-07-31 18:42 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2010-07-31 18:42 . 2010-07-31 18:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2010-07-31 18:42 . 2010-07-31 18:42 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-07-31 17:56 . 2010-08-27 03:03 -------- d-----w- c:\program files\PeerBlock
    2010-07-31 07:45 . 2010-08-14 03:12 -------- d-----w- c:\users\Tony\AppData\Local\ElevatedDiagnostics
    2010-07-29 21:09 . 2010-07-31 08:52 -------- d-----w- c:\users\Tony\AppData\Roaming\vlc
    2010-07-29 21:08 . 2010-07-29 21:08 -------- d-----w- c:\program files\VideoLAN
    2010-07-29 21:05 . 2010-07-31 19:28 -------- d-----w- c:\users\Tony\AppData\Roaming\Media Player Classic
    2010-07-29 20:41 . 2010-07-31 08:52 -------- d-----w- c:\program files\Essentials Codec Pack
    2010-07-29 20:09 . 2010-07-29 20:09 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
    2010-07-29 20:09 . 2010-07-29 20:09 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
    2010-07-29 20:09 . 2010-07-29 20:09 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
    2010-07-28 10:59 . 2010-07-28 10:59 -------- d-----w- c:\users\Tony\AppData\Roaming\DivX
    2010-07-28 08:34 . 2010-07-28 08:34 -------- d-----w- c:\program files\Veoh Networks
    2010-07-28 08:29 . 2007-08-31 17:52 56496 ----a-w- c:\windows\system32\wbhelp2.dll
    2010-07-28 08:29 . 2004-12-07 15:11 258352 ----a-w- c:\windows\system32\unicows.dll
    2010-07-28 08:29 . 2007-08-31 17:52 33968 ----a-w- c:\windows\system32\anim.dll
    2010-07-28 08:29 . 1999-11-22 20:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL
    2010-07-28 08:29 . 1999-11-22 20:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-27 01:50 . 2010-07-19 04:55 -------- d-----w- c:\users\Tony\AppData\Roaming\FrostWire
    2010-08-26 20:10 . 2010-07-09 09:54 -------- d-----w- c:\program files\Replay Media Catcher
    2010-08-26 19:07 . 2010-07-09 09:57 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
    2010-08-26 19:07 . 2010-07-09 09:57 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
    2010-08-24 09:39 . 2010-07-08 16:06 -------- d-----w- c:\program files\Win7codecs
    2010-08-24 09:39 . 2010-07-08 16:04 -------- d-----w- c:\programdata\Win7codecs
    2010-08-23 02:16 . 2010-08-23 02:20 362 ----a-w- c:\programdata\Setting.dat
    2010-08-22 07:17 . 2010-07-19 04:54 -------- d-----w- c:\program files\FrostWire
    2010-08-22 03:18 . 2010-08-22 03:18 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-08-22 03:18 . 2010-08-22 03:18 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-08-22 03:18 . 2010-08-22 03:18 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-08-22 03:18 . 2010-08-22 03:18 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-08-22 03:18 . 2010-08-22 03:18 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-08-22 03:18 . 2010-08-22 03:18 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-08-22 03:18 . 2010-08-22 03:18 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-08-22 03:18 . 2010-08-22 03:18 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-08-22 03:18 . 2010-08-22 03:18 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-08-22 03:18 . 2010-08-22 03:17 -------- d-----w- c:\program files\Common Files\Real
    2010-08-22 03:18 . 2010-08-22 03:17 -------- d-----w- c:\program files\Real
    2010-08-22 03:18 . 2010-08-22 03:18 -------- d-----w- c:\program files\Common Files\xing shared
    2010-08-22 03:17 . 2010-03-15 20:20 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-08-22 03:17 . 2010-03-15 20:20 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-08-21 00:15 . 2010-07-25 15:47 30332270 ----a-w- c:\users\Tony/AppData\Roaming\Xilisoft\Video Converter Ultimate 6\x-video-converter-ultimate6.exe
    2010-08-20 18:04 . 2010-07-22 22:04 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-14 07:37 . 2010-07-08 16:09 106808 ----a-w- c:\users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-08-14 04:53 . 2010-07-08 17:48 -------- d-----w- c:\program files\Microsoft.NET
    2010-08-14 04:52 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
    2010-08-14 03:21 . 2010-08-14 03:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
    2010-08-12 07:40 . 2010-07-08 16:02 -------- d-----w- c:\program files\DivX
    2010-08-11 23:26 . 2010-07-08 16:45 -------- d-----w- c:\programdata\DivX
    2010-08-11 23:26 . 2010-07-08 16:48 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-08-11 23:24 . 2010-07-08 16:46 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
    2010-08-11 23:24 . 2010-07-08 16:46 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
    2010-08-08 03:27 . 2010-07-09 03:48 -------- d-----w- c:\program files\softendo.com
    2010-07-31 08:27 . 2010-07-08 16:08 -------- d-----w- c:\program files\Microsoft
    2010-07-29 06:30 . 2010-08-10 18:31 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30 . 2010-08-10 18:31 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-07-28 08:26 . 2010-07-22 22:04 -------- d--h--w- c:\program files\Temp
    2010-07-28 08:25 . 2010-07-09 12:28 -------- d-----w- c:\program files\CCleaner
    2010-07-26 15:13 . 2010-07-26 15:13 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-07-22 22:04 . 2010-07-22 22:04 -------- d-----w- c:\program files\Realtek
    2010-07-22 22:04 . 2010-07-22 22:04 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-07-20 19:53 . 2010-07-20 19:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2010-07-20 19:53 . 2010-07-20 19:53 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2010-07-20 19:52 . 2010-07-20 19:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2010-07-20 19:52 . 2010-07-20 19:52 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-07-20 13:36 . 2010-07-08 16:08 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-07-20 04:38 . 2010-07-20 04:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf
    2010-07-19 05:11 . 2010-07-19 05:11 0 ----a-w- c:\users\Tony\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
    2010-07-16 21:28 . 2010-07-16 21:06 -------- d-----w- c:\users\Tony\AppData\Roaming\ooVoo Details
    2010-07-16 18:30 . 2010-07-16 18:30 -------- d-----w- c:\program files\Alwil Software
    2010-07-16 01:08 . 2010-07-16 01:08 -------- d-----w- c:\program files\Common Files\Java
    2010-07-16 01:07 . 2010-07-08 17:21 -------- d-----w- c:\program files\Java
    2010-07-16 00:59 . 2010-07-16 00:59 -------- d-----w- c:\programdata\Sunbelt
    2010-07-15 22:49 . 2010-07-15 22:49 -------- d-----w- c:\users\Tony\AppData\Roaming\Apple Computer
    2010-07-15 22:48 . 2010-07-15 22:48 -------- d-----w- c:\programdata\Apple Computer
    2010-07-15 22:47 . 2010-07-15 22:47 -------- d-----w- c:\programdata\Apple
    2010-07-10 07:07 . 2010-07-10 07:07 -------- d-----w- c:\users\Tony\AppData\Roaming\Xilisoft
    2010-07-10 07:05 . 2010-07-10 07:05 -------- d-----w- c:\program files\Xilisoft
    2010-07-09 03:49 . 2010-07-09 03:49 -------- d-----w- c:\program files\Conduit
    2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\users\Tony\AppData\Roaming\Namco
    2010-07-08 20:34 . 2010-07-08 20:34 -------- d-----w- c:\programdata\XBCDSU
    2010-07-08 20:34 . 2010-07-08 20:34 -------- d-----w- c:\program files\XBCD
    2010-07-08 17:59 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
    2010-07-08 17:54 . 2010-07-08 17:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
    2010-07-08 15:43 . 2010-07-08 15:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
    2010-06-30 06:25 . 2010-08-10 18:31 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-06-28 09:00 . 2010-06-28 09:00 1003520 ----a-w- c:\windows\system32\VSFilter.dll
    2010-06-24 16:13 . 2010-07-22 22:04 1251944 ----a-w- c:\windows\RtlExUpd.dll
    2010-06-23 17:35 . 2010-06-23 17:35 790528 ----a-w- c:\windows\system32\xvidcore.dll
    2010-06-23 17:35 . 2010-06-23 17:35 134144 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-06-23 03:30 . 2010-06-23 03:30 411480 ----a-w- c:\windows\system32\tsccvid.dll
    2010-06-22 09:36 . 2010-07-08 17:21 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-22 02:47 . 2010-08-10 18:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-22 02:47 . 2010-08-10 18:31 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-06-22 02:47 . 2010-08-10 18:31 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-06-19 06:33 . 2010-08-10 18:31 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-06-19 06:33 . 2010-08-10 18:31 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-06-19 06:23 . 2010-08-10 18:31 37376 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-14 06:12 . 2010-08-10 18:31 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-06-08 06:02 . 2010-08-10 18:31 1233920 ----a-w- c:\windows\system32\msxml3.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ------- Sigcheck -------

    [-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-07-01 03:51 1390984 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-07-01 1390984]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-07-01 1390984]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-06-10 1842800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoThumbnailCache"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux4"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
    2009-09-22 18:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
    2010-03-24 21:26 243544 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Media Center 15 Service;Media Center 15 Service;c:\program files\J River\Media Center 15\JRService.exe [2010-08-12 382976]
    S1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2008-10-09 202928]
    S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
    S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-06-10 19568]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - PBFILTER
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    IE: E&xport to Microsoft Excel
    FF - ProfilePath - c:\users\TonyAppData\Roaming\Mozilla\Firefox\Profiles\13it5sq0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
    FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc -
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-cxqeuufp - c:\users\Tony\AppData\Local\ynagnmpss\fempwonshdw.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-08-26 22:06:00
    ComboFix-quarantined-files.txt 2010-08-27 03:06

    Pre-Run: 218,754,088,960 bytes free
    Post-Run: 219,831,152,640 bytes free

    - - End Of File - - 670AE354A4DB40EF8FC1374F04C66D43
     
  2. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,724
    Likes Received:
    42
    Trophy Points:
    78
    what prompted you to use combofix in the first place?what was the underlying problem with your pc? combofix should only be used under the guidance of a professional.you can permanently screw up your computer with this program.post back with symptoms and a hijack this log for starters.
     

Share This Page