1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

AMHT.xfo virus

Discussion in 'Virus & Other Malware Removal' started by glamakidd, Mar 7, 2010.

Thread Status:
Not open for further replies.
  1. glamakidd

    glamakidd Thread Starter

    Joined:
    Mar 7, 2010
    Messages:
    1
    Hi i have an amht.xfo that keeps popping up on my computer, i have both threat fire and superantispyware running they are so far stopping trojan virus from taking control but i want rid of it permanetly. I am running abput two scans a day and they find and qurantine but they come back after i have rebooted. I have . below been following another thread and ran combo fix but it suggested i create my own thread. can anyone help pleas

    ComboFix 10-03-06.08 - Jonathan 07/03/2010 17:16:56.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.543 [GMT 0:00]
    Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Jonathan\Local Settings\Application Data\{9DF84681-8BB7-468E-828C-985712B3D46E}
    c:\documents and settings\Jonathan\Local Settings\Application Data\{9DF84681-8BB7-468E-828C-985712B3D46E}\chrome.manifest
    c:\documents and settings\Jonathan\Local Settings\Application Data\{9DF84681-8BB7-468E-828C-985712B3D46E}\chrome\content\_cfg.js
    c:\documents and settings\Jonathan\Local Settings\Application Data\{9DF84681-8BB7-468E-828C-985712B3D46E}\chrome\content\c.js
    c:\documents and settings\Jonathan\Local Settings\Application Data\{9DF84681-8BB7-468E-828C-985712B3D46E}\chrome\content\overlay.xul
    c:\documents and settings\Jonathan\Local Settings\Application Data\{9DF84681-8BB7-468E-828C-985712B3D46E}\install.rdf
    c:\documents and settings\Owner\Local Settings\Application Data\{C1D12661-352B-46FF-805A-DB79E893EF5A}
    c:\documents and settings\Owner\Local Settings\Application Data\{C1D12661-352B-46FF-805A-DB79E893EF5A}\chrome.manifest
    c:\documents and settings\Owner\Local Settings\Application Data\{C1D12661-352B-46FF-805A-DB79E893EF5A}\chrome\content\_cfg.js
    c:\documents and settings\Owner\Local Settings\Application Data\{C1D12661-352B-46FF-805A-DB79E893EF5A}\chrome\content\c.js
    c:\documents and settings\Owner\Local Settings\Application Data\{C1D12661-352B-46FF-805A-DB79E893EF5A}\chrome\content\overlay.xul
    c:\documents and settings\Owner\Local Settings\Application Data\{C1D12661-352B-46FF-805A-DB79E893EF5A}\install.rdf
    c:\windows\bemark2.dat
    c:\windows\f49f4daa.dat
    c:\windows\fmark2.dat
    c:\windows\run.log
    c:\windows\system32\adayufup.ini
    c:\windows\system32\ivahalak.ini
    c:\windows\system32\oyiladab.ini
    c:\windows\system32\tesawuzo.dll
    c:\windows\tmark2.dat

    .
    ((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
    .

    2010-03-07 11:10 . 2010-03-07 11:10 439816 ----a-w- c:\documents and settings\Jonathan\Application Data\Real\Update\setup3.10\setup.exe
    2010-03-04 23:27 . 2010-03-04 23:27 46592 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{E667B99D-E6BC-0B2E-B082-2B140F00012F}-4DW4R3TOREXvFIdg.sys
    2010-03-04 23:27 . 2010-03-04 23:27 46592 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{C2DD6AC7-5BC6-3C5B-B8FE-1A91CB8A0248}-4DW4R3pWCyatjqMV.sys
    2010-03-04 23:27 . 2010-03-04 23:27 46592 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9F6C1FBE-C5DD-D960-8A26-EC1EBB357CD6}-4DW4R3FGBGRpRnqY.sys
    2010-03-04 23:27 . 2010-03-04 23:27 46592 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{848C5C5B-4F54-C0D1-C3CA-25F8BB9406F0}-4DW4R3CQCTlpXHew.sys
    2010-03-04 23:27 . 2010-03-04 23:27 46592 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{78CDB648-EB4A-E8B3-8C2A-BC37919A4CF9}-4DW4R3qcrbQnTJqr.sys
    2010-03-04 23:27 . 2010-03-04 23:27 46592 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{6AD5CF82-48B6-C82F-586F-FF42E3D75216}-4DW4R3vFTIOdaxaC.sys
    2010-03-04 23:27 . 2010-03-04 23:27 46592 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{62EEF6AD-8754-2499-4D53-82B226B30513}-4DW4R3cQowljgDgL.sys
    2010-03-04 23:27 . 2010-03-04 23:27 46592 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{2F689E79-9743-D63E-3AA0-0CF17FF25062}-4DW4R3xaOUTvnahB.sys
    2010-03-04 23:27 . 2010-03-04 23:27 46592 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{02914D46-7C04-AF3D-B9D3-1793A4A0466D}-4DW4R3odBXvybbVr.sys
    2010-03-04 20:44 . 2010-03-04 20:44 -------- d-s---w- c:\documents and settings\LocalService\UserData
    2010-03-04 20:21 . 2010-03-04 20:21 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2010-03-01 01:16 . 2010-03-01 10:11 -------- d-----w- c:\program files\Spyware Doctor
    2010-03-01 01:05 . 2010-03-01 01:05 -------- d-----w- c:\documents and settings\Jonathan\Application Data\AVG8
    2010-02-28 23:51 . 2010-02-28 23:52 -------- d-----w- c:\program files\Microsoft Security Essentials
    2010-02-25 22:13 . 2010-02-25 22:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-02-24 19:05 . 2010-02-24 19:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
    2010-02-21 19:49 . 2010-01-14 16:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
    2010-02-21 19:49 . 2010-01-14 16:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
    2010-02-21 19:49 . 2010-01-14 16:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
    2010-02-21 19:49 . 2010-03-01 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2010-02-21 19:49 . 2010-02-21 19:49 -------- d-----w- c:\program files\ThreatFire
    2010-02-21 17:49 . 2010-02-21 17:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-02-21 16:54 . 2010-02-21 16:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-02-21 16:48 . 2010-02-21 16:48 52224 ----a-w- c:\documents and settings\Jonathan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-02-21 16:48 . 2010-03-04 20:30 117760 ----a-w- c:\documents and settings\Jonathan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-02-21 16:47 . 2010-02-21 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-02-21 16:46 . 2010-02-21 16:46 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-02-21 16:46 . 2010-02-21 16:46 -------- d-----w- c:\documents and settings\Jonathan\Application Data\SUPERAntiSpyware.com
    2010-02-21 16:45 . 2010-02-21 16:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-02-07 20:52 . 2010-02-07 20:52 -------- d-----w- c:\program files\iPod
    2010-02-07 20:52 . 2010-02-07 20:53 -------- d-----w- c:\program files\iTunes
    2010-02-07 20:49 . 2010-02-07 20:49 -------- d-----w- c:\program files\QuickTime
    2010-02-07 20:42 . 2010-02-07 20:42 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
    2010-02-07 20:30 . 2010-02-07 20:30 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-01 10:09 . 2007-12-14 13:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-02-28 23:43 . 2008-02-01 18:15 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Apple Computer
    2010-02-24 09:16 . 2009-10-04 14:24 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-02-21 21:16 . 2008-12-10 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2010-02-21 16:53 . 2007-12-14 13:26 -------- d-----w- c:\program files\Google
    2010-02-18 22:26 . 2008-12-10 19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-02-07 20:52 . 2007-12-23 11:44 -------- d-----w- c:\program files\Common Files\Apple
    2010-02-07 20:36 . 2008-08-15 10:57 -------- d-----w- c:\program files\Safari
    2010-01-30 23:01 . 2007-12-14 09:21 71624 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-27 22:39 . 2007-12-14 10:50 71624 ----a-w- c:\documents and settings\Jonathan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-27 01:14 . 2009-12-16 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-01-20 21:07 . 2009-11-04 19:16 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-12-31 16:53 . 2009-10-05 11:25 57772 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-12-31 16:14 . 2004-08-04 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-22 05:42 . 2004-09-29 18:47 662016 ----a-w- c:\windows\system32\wininet.dll
    2009-12-22 05:42 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-12-16 12:58 . 2007-11-05 12:34 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 12:54 . 2007-12-29 17:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-12-14 07:35 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-08 18:55 . 2004-08-04 12:00 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:19 . 2004-08-03 22:59 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2008-12-10 14:40 . 2008-12-10 14:40 215 --sh--w- c:\windows\system32\jukisoya.dll
    2008-09-10 14:39 . 2008-09-10 14:39 304 --sha-w- c:\windows\system32\merisemo.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-14 68856]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-12 7122944]
    "nwiz"="nwiz.exe" [2005-09-12 1519616]
    "SoundMan"="SOUNDMAN.EXE" [2005-03-10 90112]
    "AlcWzrd"="ALCWZRD.EXE" [2005-03-10 2803712]
    "SMSERIAL"="sm56hlpr.exe" [2005-05-26 544768]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]
    "SpeedTouch USB Diagnostics"="c:\program files\Virgin Net Broadband\Dragdiag.exe" [2004-01-26 866816]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
    "EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-28 198160]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
    "ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-12-14 13:26 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "ServiceLayer"=3 (0x3)
    "Bonjour Service"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
    "c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "c:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe"=
    "c:\\Program Files\\iPod\\bin\\iPodService.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
    "c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
    "c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/08/2008 23:52 717296]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [21/02/2010 19:49 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [21/02/2010 19:49 59664]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 66632]
    R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 12872]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [21/02/2010 19:49 33552]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2010 16:53 135664]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [28/06/2009 14:00 136704]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [28/06/2009 14:00 8320]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

    2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 16:53]

    2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 16:53]

    2010-03-07 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 18:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.sky.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
    FF - ProfilePath - c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\xt4pkmae.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
    FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
    FF - plugin: c:\program files\Picasa2\npPicasa2.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{42915af3-fbb1-4f66-acca-41bd1aff59b6} - c:\windows\system32\wawavara.dll
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
    MSConfigStartUp-CPM6f970aba - c:\windows\system32\tugojogu.dll
    MSConfigStartUp-Imoceriwe - c:\windows\Kjesecebezud.dll
    MSConfigStartUp-Qjesucegaqa - c:\windows\acunudajug.dll
    MSConfigStartUp-rotefavefi - c:\windows\system32\fulefoze.dll



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-07 17:36
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8736C1F8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf75d2fc3
    \Driver\ACPI -> ACPI.sys @ 0xf731dcb8
    \Driver\atapi -> 0x873da1f8
    IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
    NDIS: Intel(R) PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf71acba0
    PacketIndicateHandler -> NDIS.sys @ 0xf71b9b21
    SendHandler -> NDIS.sys @ 0xf719787b
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ThreatFire]
    "AlternateImagePath"=""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(856)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\program files\ThreatFire\TFWAH.dll
    c:\program files\ThreatFire\TFNI.dll
    c:\program files\ThreatFire\TFMon.dll
    c:\program files\ThreatFire\TFRK.dll

    - - - - - - - > 'lsass.exe'(916)
    c:\program files\ThreatFire\TFWAH.dll

    - - - - - - - > 'explorer.exe'(3160)
    c:\program files\ThreatFire\TfWah.dll
    c:\windows\system32\browselc.dll
    c:\program files\ThreatFire\TFNI.dll
    c:\program files\ThreatFire\TFMon.dll
    c:\program files\ThreatFire\TFRK.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Essentials\MsMpEng.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\ThreatFire\TFService.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\SOUNDMAN.EXE
    c:\windows\sm56hlpr.exe
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\PC Connectivity Solution\ServiceLayer.exe
    c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
    c:\program files\Internet Explorer\IEXPLORE.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-03-07 17:49:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-03-07 17:49

    Pre-Run: 18,064,474,112 bytes free
    Post-Run: 19,870,052,352 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

    Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - A30090A20D73AD813BB8ACFADD86932D
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/908365

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice