|
Answer» i have the exact same problem however I have been able to run combofix. Here is the output file:
ComboFix 10-06-15.02 - Clivey 16/06/2010 10:37:39.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.544 [GMT 10:00]
Running from: c:\documents and settings\Clivey\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 100324-1] *On-access scanning DISABLED* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\clivey\local settings\application data\pdpdpdul\vatqmh.exe
c:\program files\Internet Explorer\SET14.tmp
c:\program files\Internet Explorer\SET15.tmp
.
((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))
.
2010-06-16 00:18 . 2010-06-16 00:18--------d-----w-c:\documents and settings\All Users\Application Data\SITEguard
2010-06-16 00:10 . 2010-06-16 00:10--------d-----w-c:\program files\STOPzilla!
2010-06-16 00:10 . 2010-06-16 00:10--------d-----w-c:\program files\Common Files\iS3
2010-06-16 00:10 . 2010-06-16 00:42--------d-----w-c:\documents and settings\All Users\Application Data\STOPzilla!
2010-06-15 12:51 . 2010-06-16 00:42--------d-----w-c:\documents and settings\Clivey\Local Settings\Application Data\pdpdpdul
2010-06-15 12:50 . 2010-06-15 12:50--------d-----w-c:\windows\Sun
2010-06-13 01:20 . 2010-05-06 10:41743424-c----w-c:\windows\system32\dllcache\iedvtool.dll
2010-06-02 06:21 . 2010-06-02 06:21503808----a-w-c:\documents and settings\Clivey\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5d161ea7-n\msvcp71.dll
2010-06-02 06:21 . 2010-06-02 06:21499712----a-w-c:\documents and settings\Clivey\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5d161ea7-n\jmc.dll
2010-06-02 06:21 . 2010-06-02 06:21348160----a-w-c:\documents and settings\Clivey\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5d161ea7-n\msvcr71.dll
2010-05-17 12:00 . 2010-05-17 12:00286720----a-w-c:\windows\iun506.exe
2010-05-17 12:00 . 2010-05-17 13:02--------d-----w-C:\Bridge BASE Online
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 00:37 . 2010-06-16 00:331504----a-w-c:\windows\system32\drivers\kgpcpy.cfg
2010-05-13 11:00 . 2010-05-13 11:00--------d-----w-c:\documents and settings\LocalService\Application Data\McAfee
2010-05-13 11:00 . 2009-09-29 13:31--------d-----w-c:\program files\McAfee Security Scan
2010-05-06 10:41 . 2008-04-15 03:00916480----a-w-c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-15 03:001851264----a-w-c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-15 03:00285696----a-w-c:\windows\system32\atmfd.dll
2010-03-24 15:41 . 2010-03-24 15:41411368----a-w-c:\windows\system32\deploytk.dll
2010-03-24 15:40 . 2010-03-24 15:40152576----a-w-c:\documents and settings\Clivey\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-21 08:03 . 2010-03-21 08:030----a-w-c:\windows\nsreg.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-29 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-24 149280]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Domino's Pizza ANZ VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Domino's Pizza ANZ VPN Client.lnk
backup=c:\windows\pss\Domino's Pizza ANZ VPN Client.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 15:0439792----a-w-c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:4369632----a-w-c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:4053248------w-c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2008-05-22 07:30425984----a-w-c:\acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-15 03:00208952----a-w-c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:421695232------w-c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-15 03:0059392----a-w-c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-15 03:00455168----a-w-c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-15 03:00455168----a-w-c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-05-16 06:3916862720----a-w-c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-25 01:321044480----a-w-c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [7/12/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [24/02/2010 3:06 PM 173328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/01/2009 12:51 PM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/01/2009 12:51 PM 20560]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [5/05/2008 5:01 PM 254976]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [7/12/2009 5:59 PM 61328]
S3 BCUMXMIDI;BCUMXMIDI;c:\windows\system32\drivers\bumxmidi.sys [12/01/2006 12:18 PM 22752]
S3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\Drivers\L6TPortGX.sys --> c:\windows\system32\Drivers\L6TPortGX.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 10:49 PM 227232]
.
.
------- SUPPLEMENTARY Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://en.au.acer.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:1034
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: line6.net
FF - ProfilePath - c:\documents and settings\Clivey\Application Data\Mozilla\Firefox\Profiles\o9an9j44.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 1034
FF - prefs.js: network.proxy.type - 1
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-vjnxhcmqetcuv - c:\documents and settings\clivey\local settings\application data\pdpdpdul\vatqmh.exe
HKLM-Run-vjnxhcmqetcuv - c:\documents and settings\clivey\local settings\application data\pdpdpdul\vatqmh.exe
Notify-TPSvc - TPSvc.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 10:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
Completion time: 2010-06-16 10:45:06
ComboFix-quarantined-files.txt 2010-06-16 00:45
Pre-Run: 103,741,587,456 bytes free
Post-Run: 103,943,630,848 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 6B44C3EE7D1AD9C6D935254EA02EC309
any help would be great thanksafter a restart it actually has resolved the issues. though it mentioned to enter the code anyway.Please run a free online scan with the ESET Online Scanner - Tick the box next to YES, I accept the Terms of Use
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options Remove found threats and the option Scan unwanted applications is checked
- Click Scan (This scan can take several hours, so please be patient)
- Once the scan is completed, you may close the window
- Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
|
