Thread: ITT: You help me with a bugger of a computer problem.
View Single Post
Old 11.14.2010, 02:26 PM   #9
Derek
invito al cielo
 
Derek's Avatar
 
Join Date: Jan 2007
Posts: 8,095
Derek kicks all y'all's assesDerek kicks all y'all's assesDerek kicks all y'all's assesDerek kicks all y'all's assesDerek kicks all y'all's assesDerek kicks all y'all's assesDerek kicks all y'all's assesDerek kicks all y'all's assesDerek kicks all y'all's assesDerek kicks all y'all's assesDerek kicks all y'all's asses
I couldn't uninstall firefox as internet explorer was shitting out..

It seems to be fixed for now but I have a feeling that'll appear again in a few. Here's the combofix log:

ComboFix 10-11-13.01 - Derek 14/11/2010 19:01:54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.292 [GMT 0:00]
Running from: c:\documents and settings\Derek\My Documents\Downloads\ComboFix.exe
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Derek\Application Data\inst.exe
c:\documents and settings\Derek\Local Settings\Application Data\{EC7EDC04-B8CF-419D-A906-3A8FBE232080}
c:\documents and settings\Derek\Local Settings\Application Data\{EC7EDC04-B8CF-419D-A906-3A8FBE232080}\chrome.manifest
c:\documents and settings\Derek\Local Settings\Application Data\{EC7EDC04-B8CF-419D-A906-3A8FBE232080}\chrome\content\_cfg.js
c:\documents and settings\Derek\Local Settings\Application Data\{EC7EDC04-B8CF-419D-A906-3A8FBE232080}\chrome\content\overlay.xul
c:\documents and settings\Derek\Local Settings\Application Data\{EC7EDC04-B8CF-419D-A906-3A8FBE232080}\install.rdf
c:\program files\microsoft\watermark.exe
c:\windows\system32\dmlconf.dat

----- BITS: Possible infected sites -----

hxxp://au.download.windowj+|Cv+@J:NGD_DQ{zcxLJS@|{AoiWU Client DownloadS-1-5-18`HT4?? 6VwoQZCDHM6VwoQZCDHMXuJJJJJUcxLJS@GD...J:Nj+|Cvte.com
c:\windows\explorer.exe . . . is infected!!

c:\windows\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-12 22:13 . 2010-11-12 22:13 -------- d-----w- c:\windows\Internet Logs
2010-11-12 20:17 . 2010-11-14 19:07 -------- d-----w- c:\program files\Microsoft
2010-11-12 19:51 . 2010-11-12 20:16 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-12 19:49 . 2010-11-12 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-11-12 17:11 . 2010-11-12 17:11 -------- d-----w- c:\documents and settings\Derek\Application Data\CheckPoint
2010-11-12 17:09 . 2010-11-12 17:09 -------- d-----w- c:\program files\CheckPoint
2010-11-11 17:48 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-11 17:48 . 2010-11-11 17:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-11 17:48 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-11 13:54 . 2010-11-12 12:14 0 ----a-w- c:\windows\Esetumoy.bin
2010-11-11 11:12 . 2010-11-13 22:09 -------- d-----w- c:\program files\temp
2010-11-10 15:20 . 2010-11-12 20:13 -------- d-----w- c:\program files\MSN Messenger
2010-11-10 12:27 . 2010-11-14 17:33 -------- d-----w- c:\program files\tmp
2010-11-02 20:33 . 2010-11-02 20:33 -------- d-----w- c:\documents and settings\Derek\Application Data\fltk.org
2010-10-31 09:56 . 2010-11-12 15:58 -------- d-----w- c:\documents and settings\Derek\Application Data\Zaolum
2010-10-28 09:31 . 2010-11-12 17:51 -------- d-----w- c:\documents and settings\Derek\Application Data\Oryliz

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-18 11:23 . 2007-04-03 07:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 04:41 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 04:41 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:58 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2008-04-14 04:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:58 . 2008-04-14 04:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:51 . 2008-04-14 04:39 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2008-04-14 00:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2008-04-14 04:42 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2008-04-14 04:42 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2008-04-13 23:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-09-08 09:31 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2008-04-14 04:41 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 04:42 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"IDTSysTrayApp"="sttray.exe" [2007-09-05 405504]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-09-09 1655552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATIACE.EXE" [2005-02-08 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 492027]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [09/09/2009 18:04 64160]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [09/09/2009 18:04 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [09/09/2009 18:04 24208]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 14:49 1029456]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [12/11/2010 19:51 16968]
.
Contents of the 'Scheduled Tasks' folder

2010-11-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 18:04]
.
Derek is offline   |QUOTE AND REPLY|