Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Wednesday 22.1.2025 / 03:09
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > logs using combofix
Show topics
 
Forums
Forums
logs using ComboFix
  Jump to:
 
Posted Message
xaznboitx
Senior Member
_ 		26. August 2010 @ 23:18 _ Link to this message    Send private message to this user   
ComboFix 10-08-26.02 - Tony08/26/2010 21:53:06.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.332 [GMT -5:00]
Running from: c:\users\Tony\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\cabs\D00805-001-001\_desktop.ini
c:\users\Tony\AppData\Local\ynagnmpss
c:\users\Tony\AppData\Local\ynagnmpss\fempwonshdw.exe
c:\windows\system32\netjr32.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.

2010-08-27 03:02 . 2010-08-27 03:03 -------- d-----w- c:\users\Tony\AppData\Local\temp
2010-08-27 03:02 . 2010-08-27 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-26 04:28 . 1999-12-17 15:13 86016 ------w- c:\windows\unvise32.exe
2010-08-26 04:27 . 2010-08-26 04:31 -------- d-----w- c:\program files\Satellite TV PC Master
2010-08-25 03:07 . 2008-11-26 16:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-25 03:07 . 2008-11-26 16:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-25 03:07 . 2008-11-26 16:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-08-25 03:07 . 2008-11-26 16:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-25 03:07 . 2008-11-26 16:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-25 03:06 . 2008-11-26 16:21 1236208 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-25 03:06 . 2008-11-26 16:17 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-25 02:17 . 2010-08-25 02:20 -------- d-----w- c:\program files\Ask.com
2010-08-24 09:40 . 2010-08-24 09:40 -------- d-----w- c:\program files\Bing Bar Installer
2010-08-24 09:39 . 2010-08-24 09:39 -------- d-----w- c:\users\Tony\AppData\Roaming\Win7codecs
2010-08-24 07:47 . 2010-08-24 07:46 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-24 07:46 . 2010-08-24 07:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-24 07:45 . 2010-08-24 07:46 -------- d-----w- c:\users\Tony\AppData\Local\Adobe
2010-08-24 07:45 . 2010-08-24 07:45 77184 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-08-24 07:35 . 2010-08-25 03:12 -------- d-----w- c:\programdata\NOS
2010-08-24 04:12 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-24 04:12 . 2010-08-24 04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 04:12 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 03:19 . 2010-08-23 23:01 -------- d-----w- c:\users\Tony\AppData\Local\Super Internet TV
2010-08-22 03:07 . 2010-08-22 07:39 -------- d-----w- c:\programdata\BitDefender
2010-08-22 03:07 . 2010-08-22 03:08 -------- d-----w- c:\users\Tony\AppData\Roaming\BitDefender
2010-08-22 03:03 . 2010-08-22 07:39 -------- d-----w- c:\program files\Common Files\BitDefender
2010-08-21 18:13 . 2010-08-21 18:13 -------- d-----w- c:\users\Tony\AppData\Roaming\TuneUp Software
2010-08-21 18:12 . 2010-08-22 02:40 -------- d-----w- c:\programdata\TuneUp Software
2010-08-21 18:12 . 2010-08-21 18:12 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-08-21 08:04 . 2010-08-21 08:07 -------- d-----w- c:\programdata\SuperHideIP
2010-08-21 08:04 . 2010-08-21 08:04 -------- d-----w- c:\users\Tony\AppData\Roaming\SuperHideIP
2010-08-21 05:22 . 2010-08-21 05:22 -------- d-----w- c:\users\Tony\AppData\Local\TechSmith
2010-08-21 05:18 . 2010-08-21 05:18 -------- d-----w- c:\windows\system32\Flash
2010-08-21 05:17 . 2010-08-21 05:20 -------- d-----w- c:\programdata\TechSmith
2010-08-21 05:17 . 2010-08-21 05:17 -------- d-----w- c:\program files\QuickTime
2010-08-21 05:17 . 2010-08-21 05:17 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-08-21 05:17 . 2010-08-21 05:17 -------- d-----w- c:\program files\TechSmith
2010-08-21 04:55 . 2010-08-12 22:26 371200 ------w- c:\windows\system32\MC15.exe
2010-08-21 04:55 . 2010-03-05 16:33 585728 ------w- c:\windows\system32\AReadyLB.dll
2010-08-21 04:55 . 2010-03-05 16:33 229376 ------w- c:\windows\system32\AudDevicePlugin.dll
2010-08-21 04:55 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-08-21 04:54 . 2010-08-21 04:54 -------- d-----w- c:\program files\J River
2010-08-21 04:53 . 2010-08-21 04:53 -------- d-----w- c:\users\Tony\AppData\Roaming\J River
2010-08-20 23:45 . 2010-08-20 23:45 -------- d-----w- c:\program files\FDRLab
2010-08-20 23:45 . 2010-08-20 23:45 -------- d-----w- c:\windows\system32\weber
2010-08-20 23:04 . 2010-08-23 02:36 -------- d-----w- c:\programdata\AutoHideIP
2010-08-20 23:04 . 2010-08-20 23:04 -------- d-----w- c:\users\Tony\AppData\Roaming\AutoHideIP
2010-08-20 22:22 . 2010-06-15 23:27 282928 ----a-w- c:\windows\system32\HMIPCore.dll
2010-08-20 22:22 . 2010-08-20 22:22 -------- d-----w- c:\users\Tony\AppData\Roaming\Cerberus
2010-08-14 17:45 . 2010-08-14 17:45 -------- d-----w- c:\program files\MSXML 4.0
2010-08-14 08:52 . 2006-04-17 16:56 1207808 ----a-w- c:\windows\system32\PhoenixDll.dll
2010-08-14 08:52 . 2004-10-17 02:46 178176 ----a-w- c:\windows\system32\StellarProfile.dll
2010-08-14 08:49 . 2010-08-14 08:49 4 ----a-w- c:\windows\vx86036.dat
2010-08-14 08:48 . 2010-08-14 08:48 -------- d-----w- c:\programdata\CrypKey
2010-08-14 08:43 . 2010-08-14 08:43 -------- d-----w- C:\Log
2010-08-14 08:43 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe
2010-08-14 08:43 . 2008-03-17 16:45 19584 ----a-w- c:\windows\system32\Ckldrv.sys
2010-08-14 08:43 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe
2010-08-14 08:43 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe
2010-08-14 08:43 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll
2010-08-14 08:43 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe
2010-08-14 08:43 . 2010-08-14 08:52 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery
2010-08-14 08:11 . 2010-08-14 08:11 -------- d-----w- c:\program files\Gateway
2010-08-14 07:54 . 2010-08-14 07:54 84480 ----a-w- c:\users\Tony\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4.1.66.0B.dll
2010-08-14 07:46 . 2010-08-14 07:46 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-14 07:46 . 2010-08-14 07:54 -------- d-----w- c:\users\Tony\AppData\Roaming\SystemRequirementsLab
2010-08-14 07:46 . 2010-08-14 07:46 84480 ----a-w- c:\users\Tony\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-08-14 04:50 . 2010-08-14 08:09 -------- d-----w- c:\program files\ATI Technologies
2010-08-14 04:50 . 2010-08-14 04:50 -------- d-----w- c:\program files\ATI
2010-08-14 04:44 . 2010-08-14 04:44 -------- d-----w- c:\program files\Intel
2010-08-14 04:44 . 2009-08-18 18:44 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-08-14 04:42 . 2010-08-14 04:42 -------- d-----w- c:\users\Tony\AppData\Roaming\DeviceDoctorSoftware
2010-08-14 03:19 . 2010-08-14 03:19 -------- d-----w- c:\program files\Motorola
2010-08-14 03:19 . 2010-08-14 03:19 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-08-14 03:17 . 2010-08-14 03:17 -------- d-----w- c:\users\Tony/AppData\Roaming\Carambis
2010-08-14 02:50 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-08-14 02:50 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-08-14 02:42 . 2010-08-14 03:48 -------- d-----w- c:\users\Tony\AppData\Local\Microsoft Help
2010-08-14 02:42 . 2010-08-14 04:53 -------- d-----w- c:\programdata\Microsoft Help
2010-08-11 23:26 . 2010-08-11 23:26 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-11 23:26 . 2010-08-11 23:26 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-10 18:29 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-10 18:29 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-08 07:48 . 2010-08-08 07:48 -------- d-----w- c:\programdata\Trymedia
2010-08-08 07:45 . 2010-08-08 07:45 -------- d-----w- c:\users\Tony\AppData\Roaming\SEGA
2010-08-08 07:44 . 2010-08-08 07:44 -------- d-----w- c:\program files\SpongeBob SquarePants Bubble Rush
2010-08-08 07:44 . 2010-08-08 07:44 -------- d-----w- c:\windows\SpongeBob SquarePants Bubble Rush
2010-08-08 07:18 . 2010-08-08 07:18 4096 ----a-w- c:\windows\d3dx.dat
2010-08-08 07:17 . 2010-08-08 07:18 -------- d-----w- c:\users\Tony\AppData\Roaming\Wildfire
2010-08-08 07:17 . 2010-08-08 07:17 -------- d-----w- c:\program files\GameHouse
2010-08-07 08:30 . 2010-08-07 08:30 -------- d-----w- c:\programdata\ZA_PreservedFiles
2010-08-07 08:22 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2010-08-07 08:20 . 2010-08-07 08:20 -------- d-----w- c:\programdata\CheckPoint
2010-08-07 08:20 . 2010-08-07 08:41 -------- d-----w- c:\windows\Internet Logs
2010-08-06 07:53 . 2010-08-06 07:53 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2010-08-06 07:52 . 2010-08-06 07:52 -------- d-----w- c:\programdata\Malwarebytes
2010-08-05 20:15 . 2010-08-05 20:27 -------- d-----w- c:\program files\Unlocker
2010-08-03 18:40 . 2010-08-03 18:40 217127 ----a-w- c:\windows\drv43260.dll
2010-08-03 18:40 . 2010-08-03 18:40 208935 ----a-w- c:\windows\drv33260.dll
2010-08-02 16:26 . 2010-08-02 16:28 -------- d-----w- c:\users\TonyAppData\Roaming\NETGEAR Live Parental Controls
2010-08-02 16:26 . 2010-08-02 16:26 -------- d-----w- c:\users\TonyAppData\Local\NETGEAR Live Parental Controls
2010-08-01 02:07 . 2010-08-01 02:15 -------- d-----w- c:\program files\RegistryFix8
2010-07-31 19:00 . 2010-07-31 19:00 -------- d-----w- c:\program files\MSN Toolbar
2010-07-31 18:42 . 2010-07-31 18:42 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-07-31 18:42 . 2010-07-31 18:42 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-07-31 18:42 . 2010-07-31 18:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-07-31 18:42 . 2010-07-31 18:42 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-07-31 17:56 . 2010-08-27 03:03 -------- d-----w- c:\program files\PeerBlock
2010-07-31 07:45 . 2010-08-14 03:12 -------- d-----w- c:\users\Tony\AppData\Local\ElevatedDiagnostics
2010-07-29 21:09 . 2010-07-31 08:52 -------- d-----w- c:\users\Tony\AppData\Roaming\vlc
2010-07-29 21:08 . 2010-07-29 21:08 -------- d-----w- c:\program files\VideoLAN
2010-07-29 21:05 . 2010-07-31 19:28 -------- d-----w- c:\users\Tony\AppData\Roaming\Media Player Classic
2010-07-29 20:41 . 2010-07-31 08:52 -------- d-----w- c:\program files\Essentials Codec Pack
2010-07-29 20:09 . 2010-07-29 20:09 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-29 20:09 . 2010-07-29 20:09 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-29 20:09 . 2010-07-29 20:09 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-28 10:59 . 2010-07-28 10:59 -------- d-----w- c:\users\Tony\AppData\Roaming\DivX
2010-07-28 08:34 . 2010-07-28 08:34 -------- d-----w- c:\program files\Veoh Networks
2010-07-28 08:29 . 2007-08-31 17:52 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-07-28 08:29 . 2004-12-07 15:11 258352 ----a-w- c:\windows\system32\unicows.dll
2010-07-28 08:29 . 2007-08-31 17:52 33968 ----a-w- c:\windows\system32\anim.dll
2010-07-28 08:29 . 1999-11-22 20:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-07-28 08:29 . 1999-11-22 20:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 01:50 . 2010-07-19 04:55 -------- d-----w- c:\users\Tony\AppData\Roaming\FrostWire
2010-08-26 20:10 . 2010-07-09 09:54 -------- d-----w- c:\program files\Replay Media Catcher
2010-08-26 19:07 . 2010-07-09 09:57 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-08-26 19:07 . 2010-07-09 09:57 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-08-24 09:39 . 2010-07-08 16:06 -------- d-----w- c:\program files\Win7codecs
2010-08-24 09:39 . 2010-07-08 16:04 -------- d-----w- c:\programdata\Win7codecs
2010-08-23 02:16 . 2010-08-23 02:20 362 ----a-w- c:\programdata\Setting.dat
2010-08-22 07:17 . 2010-07-19 04:54 -------- d-----w- c:\program files\FrostWire
2010-08-22 03:18 . 2010-08-22 03:18 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-08-22 03:18 . 2010-08-22 03:18 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-08-22 03:18 . 2010-08-22 03:18 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-08-22 03:18 . 2010-08-22 03:18 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-08-22 03:18 . 2010-08-22 03:18 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-08-22 03:18 . 2010-08-22 03:18 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-08-22 03:18 . 2010-08-22 03:18 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-08-22 03:18 . 2010-08-22 03:18 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-08-22 03:18 . 2010-08-22 03:18 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-08-22 03:18 . 2010-08-22 03:17 -------- d-----w- c:\program files\Common Files\Real
2010-08-22 03:18 . 2010-08-22 03:17 -------- d-----w- c:\program files\Real
2010-08-22 03:18 . 2010-08-22 03:18 -------- d-----w- c:\program files\Common Files\xing shared
2010-08-22 03:17 . 2010-03-15 20:20 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-22 03:17 . 2010-03-15 20:20 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-21 00:15 . 2010-07-25 15:47 30332270 ----a-w- c:\users\Tony/AppData\Roaming\Xilisoft\Video Converter Ultimate 6\x-video-converter-ultimate6.exe
2010-08-20 18:04 . 2010-07-22 22:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-14 07:37 . 2010-07-08 16:09 106808 ----a-w- c:\users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-14 04:53 . 2010-07-08 17:48 -------- d-----w- c:\program files\Microsoft.NET
2010-08-14 04:52 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-08-14 03:21 . 2010-08-14 03:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2010-08-12 07:40 . 2010-07-08 16:02 -------- d-----w- c:\program files\DivX
2010-08-11 23:26 . 2010-07-08 16:45 -------- d-----w- c:\programdata\DivX
2010-08-11 23:26 . 2010-07-08 16:48 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-11 23:24 . 2010-07-08 16:46 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-08-11 23:24 . 2010-07-08 16:46 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-08-08 03:27 . 2010-07-09 03:48 -------- d-----w- c:\program files\softendo.com
2010-07-31 08:27 . 2010-07-08 16:08 -------- d-----w- c:\program files\Microsoft
2010-07-29 06:30 . 2010-08-10 18:31 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-10 18:31 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 08:26 . 2010-07-22 22:04 -------- d--h--w- c:\program files\Temp
2010-07-28 08:25 . 2010-07-09 12:28 -------- d-----w- c:\program files\CCleaner
2010-07-26 15:13 . 2010-07-26 15:13 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-22 22:04 . 2010-07-22 22:04 -------- d-----w- c:\program files\Realtek
2010-07-22 22:04 . 2010-07-22 22:04 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-20 19:53 . 2010-07-20 19:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-07-20 19:53 . 2010-07-20 19:53 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-07-20 19:52 . 2010-07-20 19:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-07-20 19:52 . 2010-07-20 19:52 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-20 13:36 . 2010-07-08 16:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-20 04:38 . 2010-07-20 04:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf
2010-07-19 05:11 . 2010-07-19 05:11 0 ----a-w- c:\users\Tony\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-07-16 21:28 . 2010-07-16 21:06 -------- d-----w- c:\users\Tony\AppData\Roaming\ooVoo Details
2010-07-16 18:30 . 2010-07-16 18:30 -------- d-----w- c:\program files\Alwil Software
2010-07-16 01:08 . 2010-07-16 01:08 -------- d-----w- c:\program files\Common Files\Java
2010-07-16 01:07 . 2010-07-08 17:21 -------- d-----w- c:\program files\Java
2010-07-16 00:59 . 2010-07-16 00:59 -------- d-----w- c:\programdata\Sunbelt
2010-07-15 22:49 . 2010-07-15 22:49 -------- d-----w- c:\users\Tony\AppData\Roaming\Apple Computer
2010-07-15 22:48 . 2010-07-15 22:48 -------- d-----w- c:\programdata\Apple Computer
2010-07-15 22:47 . 2010-07-15 22:47 -------- d-----w- c:\programdata\Apple
2010-07-10 07:07 . 2010-07-10 07:07 -------- d-----w- c:\users\Tony\AppData\Roaming\Xilisoft
2010-07-10 07:05 . 2010-07-10 07:05 -------- d-----w- c:\program files\Xilisoft
2010-07-09 03:49 . 2010-07-09 03:49 -------- d-----w- c:\program files\Conduit
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\users\Tony\AppData\Roaming\Namco
2010-07-08 20:34 . 2010-07-08 20:34 -------- d-----w- c:\programdata\XBCDSU
2010-07-08 20:34 . 2010-07-08 20:34 -------- d-----w- c:\program files\XBCD
2010-07-08 17:59 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-07-08 17:54 . 2010-07-08 17:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2010-07-08 15:43 . 2010-07-08 15:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-30 06:25 . 2010-08-10 18:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 09:00 . 2010-06-28 09:00 1003520 ----a-w- c:\windows\system32\VSFilter.dll
2010-06-24 16:13 . 2010-07-22 22:04 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-06-23 17:35 . 2010-06-23 17:35 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-23 17:35 . 2010-06-23 17:35 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-23 03:30 . 2010-06-23 03:30 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-06-22 09:36 . 2010-07-08 17:21 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-22 02:47 . 2010-08-10 18:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-10 18:31 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-10 18:31 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-10 18:31 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-10 18:31 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-10 18:31 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-14 06:12 . 2010-08-10 18:31 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-08 06:02 . 2010-08-10 18:31 1233920 ----a-w- c:\windows\system32\msxml3.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-07-01 03:51 1390984 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-07-01 1390984]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-07-01 1390984]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-06-10 1842800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 18:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-03-24 21:26 243544 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Media Center 15 Service;Media Center 15 Service;c:\program files\J River\Media Center 15\JRService.exe [2010-08-12 382976]
S1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2008-10-09 202928]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-06-10 19568]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - PBFILTER
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: E&xport to Microsoft Excel
FF - ProfilePath - c:\users\TonyAppData\Roaming\Mozilla\Firefox\Profiles\13it5sq0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-cxqeuufp - c:\users\Tony\AppData\Local\ynagnmpss\fempwonshdw.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-08-26 22:06:00
ComboFix-quarantined-files.txt 2010-08-27 03:06

Pre-Run: 218,754,088,960 bytes free
Post-Run: 219,831,152,640 bytes free

- - End Of File - - 670AE354A4DB40EF8FC1374F04C66D43
[ + quote]
aldan
Senior Member
_ 		27. August 2010 @ 23:07 _ Link to this message    Send private message to this user   
what prompted you to use combofix in the first place?what was the underlying problem with your pc? combofix should only be used under the guidance of a professional.you can permanently screw up your computer with this program.post back with symptoms and a hijack this log for starters.
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > logs using combofix
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork