Combofix for Win32.Sirefef.O

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Mansoor11

Thread Starter
Joined
Nov 8, 2011
Messages
1
Dear Techguys,

I've had the most frightening 3 days with the trojan win32.sirefef.o that had hijacked nearly everything related to security and internet on my computer.

While reading posts in the forum, I found a few almost exactly similar problems and decided to take the risk of running TDSSKiller and Combofix, as was suggested in those posts, because I was already mentally prepared for getting my hard disc formatted.

The TDSSKiller did show two high-risk threats but was eventually unable to deal with them. Then as a last resort, I downloaded and ran Combofix. It took a long while but I think it has worked - earlier, the windows defender was constantly showing me the presence of the trojan whenever I ran a quick scan. But now it is giving me the message that my computer is running properly. My internet connection was lost and I had to take technical help to reset it. The endless series of admirablesearchsystem.com, marveloussearchsystem.com, spelndidsearchsystem.com...has also vanished from the browser.

I need your help in knowing how to interpret the Combofix log. Could you please help me with this? I only need to know if I can safely assume that my computer is totally clean now. Is it safe for me to access my email from this machine? Can there still be a danger of identity theft or theft of confidential data? I'd be really grateful for the information. Here is the Combofix log:

******************************************************************************

ComboFix 11-11-08.02 - Bill gates 11/08/2011 20:37:17.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.1978.1313 [GMT 5.5:30]
Running from: c:\users\Bill gates\Favorites\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Windows Searchqu Toolbar
c:\users\Bill gates\agent.exe
c:\users\Bill gates\AppData\Local\3145af8c\U
c:\users\Bill gates\AppData\Local\3145af8c\U\[email protected]
c:\users\Bill gates\AppData\Local\3145af8c\U\[email protected]
c:\users\Bill gates\AppData\Local\3145af8c\U\[email protected]
c:\users\Bill gates\AppData\Local\3145af8c\X
c:\users\Bill gates\DRTCP021.exe
c:\windows\$NtUninstallKB24886$
c:\windows\$NtUninstallKB24886$\2594879772
c:\windows\$NtUninstallKB24886$\826650508\@
c:\windows\$NtUninstallKB24886$\826650508\L\vhtmwbun
c:\windows\$NtUninstallKB24886$\826650508\U\@00000001
c:\windows\$NtUninstallKB24886$\826650508\U\@000000c0
c:\windows\$NtUninstallKB24886$\826650508\U\@000000cb
c:\windows\$NtUninstallKB24886$\826650508\U\@000000cf
c:\windows\$NtUninstallKB24886$\826650508\U\@80000000
c:\windows\$NtUninstallKB24886$\826650508\U\@800000c0
c:\windows\$NtUninstallKB24886$\826650508\U\@800000cb
c:\windows\$NtUninstallKB24886$\826650508\U\@800000cf
c:\windows\system32\c_58470.nl_
c:\windows\system32\c_58470.nls
c:\windows\system32\drivers\
.
Infected copy of c:\windows\system32\drivers\smb.sys was found and disinfected
Restored copy from - The cat found it :)
Infected copy of c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe was found and disinfected
Restored copy from - c:\program files\PC Tools\PC Tools Security\BDT\
.
Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected
Restored copy from - c:\program files\Google\Update\
.
Infected copy of c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe was found and disinfected
Restored copy from - c:\program files\Hewlett-Packard\Shared\
.
c:\program files\Airtel NetXpert\bin\sprtsvc.exe . . . is infected!!
c:\program files\Airtel NetXpert\bin\sprtsvc.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\Airtel NetXpert\bin\tgsrvc.exe was found and disinfected
Restored copy from - c:\program files\Airtel NetXpert\bin\
.
Infected copy of c:\windows\system32\DRIVERS\xaudio.exe was found and disinfected
Restored copy from - c:\windows\System32\DriverStore\FileRepository\hpqherzm.inf_8705e467\XAudio.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_3145af8c
.
.
((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 14:35 . 2011-11-08 14:35 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-07 05:39 . 2008-04-18 02:33 73216 ----a-w- c:\windows\system32\msiexec.exe
2011-11-07 05:39 . 2008-04-18 02:33 2560 ----a-w- c:\windows\system32\msimsg.dll
2011-11-07 05:39 . 2008-04-18 05:30 332800 ----a-w- c:\windows\system32\msihnd.dll
2011-11-07 05:39 . 2008-04-18 05:30 2241536 ----a-w- c:\windows\system32\msi.dll
2011-11-06 18:26 . 2011-10-25 08:08 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-06 18:26 . 2011-09-28 07:44 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2011-11-06 18:26 . 2011-10-25 08:08 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-06 18:26 . 2011-10-25 08:08 2291664 ----a-w- c:\windows\PCTBDCore.dll
2011-11-06 18:26 . 2011-10-25 08:08 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-06 18:26 . 2011-11-06 18:26 -------- d-----w- c:\program files\PC Tools
2011-11-06 18:12 . 2011-11-07 05:23 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-06 18:12 . 2011-10-28 05:32 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-06 18:11 . 2011-11-07 05:20 -------- d-----w- c:\programdata\PC Tools
2011-11-06 18:11 . 2011-11-06 18:11 -------- d-----w- c:\users\Bill gates\AppData\Roaming\TestApp
2011-11-06 17:39 . 2011-11-06 20:48 -------- d-----w- c:\program files\Norton PC Checkup
2011-11-06 15:06 . 2011-11-06 15:06 -------- d-----w- c:\program files\Emsisoft HiJackFree
2011-11-06 11:48 . 2011-11-06 11:48 -------- d-----w- c:\users\Bill gates\AppData\Local\Mozilla
2011-11-06 10:59 . 2011-11-06 10:59 -------- d-----w- c:\users\Bill gates\AppData\Roaming\Malwarebytes
2011-11-06 10:58 . 2011-11-06 10:58 -------- d-----w- c:\programdata\Malwarebytes
2011-11-06 10:58 . 2011-11-08 14:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-06 10:51 . 2011-11-06 10:51 -------- d-----w- c:\program files\Trend Micro
2011-11-06 07:26 . 2011-11-06 07:26 -------- d-----w- c:\users\Bill gates\AppData\Local\SupportSoft
2011-11-06 07:26 . 2011-11-06 07:26 -------- d-----w- c:\programdata\SupportSoft
2011-11-06 06:10 . 2011-11-06 07:08 -------- d-----w- c:\users\Bill gates\AppData\Roaming\IObit
2011-11-06 06:10 . 2011-11-06 06:10 -------- d-----w- c:\program files\IObit
2011-11-05 16:48 . 2011-11-05 16:48 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-05 16:02 . 2011-10-17 20:58 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{381FB97F-024F-4DA0-B121-3BFB328A369B}\mpengine.dll
2011-11-05 15:25 . 2011-11-05 15:25 -------- d-----w- c:\users\Bill gates\AppData\Roaming\F-Secure
2011-11-05 14:31 . 2011-11-05 14:31 -------- d-----w- c:\programdata\boost_interprocess
2011-11-05 14:20 . 2011-11-08 15:16 -------- d-sh--w- c:\users\Bill gates\AppData\Local\3145af8c
2011-11-05 13:24 . 2011-11-06 07:43 -------- d-----w- c:\users\Bill gates\AppData\Local\jZip
2011-11-05 13:24 . 2011-11-05 13:24 -------- d-----w- c:\program files\jZip
2011-11-03 17:35 . 2011-11-06 08:26 -------- d-----w- c:\users\Bill gates\AppData\Roaming\NCH Software
2011-11-03 14:22 . 2006-11-10 09:35 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-11-03 14:17 . 2002-01-20 02:03 131072 ----a-w- c:\windows\system\SP5X_32.DLL
2011-11-02 17:05 . 2011-11-05 16:32 25248 ----a-w- c:\windows\system32\drivers\AmgHips.sys
2011-10-29 18:25 . 2011-11-03 17:35 -------- d-----w- c:\programdata\NCH Software
2011-10-29 04:52 . 2011-10-29 04:52 -------- d-----w- c:\windows\CheckSur
2011-10-27 17:57 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-10-27 17:57 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2011-10-27 17:57 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-10-27 17:41 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2011-10-27 17:41 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-10-27 17:41 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-10-27 17:31 . 2011-10-27 17:31 -------- d-----w- C:\AI_RecycleBin
2011-10-27 17:27 . 2011-10-27 17:27 -------- d-----w- c:\users\Bill gates\AppData\Roaming\RegistryKeys
2011-10-27 16:59 . 2011-10-27 16:59 -------- d-----w- c:\users\Bill gates\AppData\Roaming\com.w3i.FlipToast
2011-10-27 16:58 . 2011-10-27 16:58 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-10-27 16:58 . 2011-10-27 17:30 -------- d-----w- c:\program files\fliptoast
2011-10-27 16:57 . 2011-10-27 17:31 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-10-27 16:56 . 2011-10-27 17:44 -------- d-----w- c:\program files\PC Speed Maximizer
2011-10-25 18:38 . 2011-05-24 13:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-24 14:21 . 2010-04-07 15:40 572592 ----a-w- c:\windows\system32\msvcp50.dll
2011-10-24 14:20 . 2011-11-05 16:56 -------- d-----w- c:\program files\airtel pc secure
2011-10-24 14:20 . 2011-11-05 14:57 -------- d-----w- c:\programdata\fssg
2011-10-24 14:18 . 2011-11-05 16:51 -------- d-----w- c:\programdata\f-secure
2011-10-23 14:52 . 2011-10-23 14:52 -------- d-----w- c:\program files\Common Files\Java
2011-10-23 12:56 . 2011-11-06 07:27 -------- d-----w- c:\program files\Common Files\SupportSoft
2011-10-23 12:56 . 2011-11-06 07:26 -------- d-----w- c:\program files\Airtel NetXpert
2011-10-23 12:54 . 2011-10-02 23:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-23 12:54 . 2011-10-23 14:52 -------- d-----w- c:\program files\Java
2011-10-17 07:03 . 2011-10-20 18:40 -------- d-----w- c:\users\Bill gates\AppData\Roaming\Sammsoft
2011-10-16 13:56 . 2009-11-08 05:25 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-16 13:56 . 2009-11-08 05:25 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-16 13:56 . 2009-11-08 05:25 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-16 13:56 . 2009-11-08 05:25 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-16 13:56 . 2009-11-08 05:25 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-16 12:41 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-10-16 12:41 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-10-16 12:41 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-10-16 12:41 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-10-16 12:41 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-10-16 12:41 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-10-16 12:31 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-10-16 12:31 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-10-16 06:57 . 2010-10-15 14:08 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-16 06:57 . 2010-10-15 14:08 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-16 06:57 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-10-16 06:57 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-10-16 06:45 . 2011-02-16 13:24 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-10-16 06:45 . 2010-06-16 15:12 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-10-16 06:45 . 2011-02-16 15:29 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-10-16 06:45 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-10-16 06:45 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-10-16 06:45 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-10-16 06:45 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-10-16 06:45 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-10-16 06:45 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-10-16 06:45 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-10-16 06:44 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-10-16 06:44 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-10-16 06:44 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-10-16 06:44 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2011-10-16 06:44 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-10-16 06:44 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-10-16 06:44 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-10-16 06:44 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-10-16 06:44 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2011-10-16 06:44 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-10-16 06:44 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-10-16 06:43 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2011-10-16 06:43 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2011-10-16 06:43 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2011-10-16 06:42 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2011-10-16 06:42 . 2011-04-29 12:49 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-16 06:42 . 2011-04-29 12:49 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-16 06:37 . 2010-08-31 15:41 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-10-16 06:37 . 2010-08-31 15:41 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-10-16 06:37 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2011-10-16 06:36 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-10-16 06:36 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-10-16 06:34 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2011-10-16 06:34 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-10-16 06:34 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-10-16 06:34 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-10-16 06:26 . 2011-02-22 12:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-10-16 06:26 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2011-10-16 06:26 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-10-16 06:26 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-10-16 06:26 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-10-16 06:26 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2011-10-16 06:26 . 2011-04-14 14:24 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-15 21:50 . 2008-04-30 05:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2011-10-15 21:35 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-08 14:31 . 2008-01-21 02:25 184320 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-09-29 07:09 . 2011-11-06 11:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-10 . 1E3FDB80E40A3CE645F229DFBDFB7694 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18287_none_cce0e39c1d282219\shsvcs.dll
[7] 2009-07-10 . 94285A002D2826D2FD1C0806455136E9 . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16883_none_caf6a3ce20052bcc\shsvcs.dll
[7] 2009-07-10 . 6898575E052CE7CB1CB87622EF187CDA . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.21081_none_cb7e18273924cc2a\shsvcs.dll
[7] 2009-07-10 . 6669714ACE90E9BB4E8C1D550C67B160 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.22467_none_cd80222536358728\shsvcs.dll
[7] 2009-07-10 . F0942394F642F5CE3D9A86474FA293FA . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_cf6894a1335a0efa\shsvcs.dll
[7] 2009-07-10 . C7230FBEE14437716701C15BE02C27B8 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18063_none_ced8f61a1a41d726\shsvcs.dll
[7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
[-] 2006-11-10 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[-] 2006-11-10 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"netxpert"="c:\program files\Airtel NetXpert\bin\sprtcmd.exe" [2010-05-10 206120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...1fe4-b0d4f81a8999f5981f04537c5ec8468fd5234593" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [x]
R2 sprtsvc_netxpert;SupportSoft Sprocket Service (netxpert);c:\program files\Airtel NetXpert\bin\sprtsvc.exe [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2011-09-28 56840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AmgHips;AmgHips;c:\windows\system32\Drivers\AmgHips.sys [2011-11-05 25248]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-11-08 542672]
S2 tgsrvc_netxpert;SupportSoft Repair Service (netxpert);c:\program files\Airtel NetXpert\bin\tgsrvc.exe [2011-11-08 185640]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-340964973-678269918-3303960693-1000Core.job
- c:\users\Bill gates\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 14:33]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-340964973-678269918-3303960693-1000UA.job
- c:\users\Bill gates\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 14:33]
.
2011-11-08 c:\windows\Tasks\User_Feed_Synchronization-{0D69AD46-DD8E-445B-8DF3-C055D8206A92}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.in/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{8EF00F45-E934-420E-B2F6-324AF75D0BCE}: NameServer = 59.179.243.70,203.94.243.70
FF - ProfilePath - c:\users\Bill gates\AppData\Roaming\Mozilla\Firefox\Profiles\n5ggmbk1.default\
FF - prefs.js: browser.search.selectedEngine - Search Defender
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
SafeBoot-36752470.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-08 20:51
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\TMP00000008F754D14B59A3D958 524288 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-11-08 20:55:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-08 15:25
.
Pre-Run: 21,511,729,152 bytes free
Post-Run: 21,682,405,376 bytes free
.
- - End Of File - - D647079BEEF0A6723E882FC6E72580BC

***************************************************************************

Thanking you in advance for your help,
Sincerely,
Mansoor Nazeer
New Delhi
India
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top