Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

help me to solved this log by COMBOFIX

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

help me to solved this log by COMBOFIX

Unread postby akio90takeshi » September 19th, 2010, 9:09 am

ComboFix 10-09-17.04 - kambeng busuk 09/19/2010 11:27:14.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2909.1975 [GMT 8:00]
Running from: c:\users\kambeng busuk\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\UNWISE.EXE

.
((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.

2010-09-19 03:34 . 2010-09-19 03:34 -------- d-----w- c:\users\kambeng busuk\AppData\Local\temp
2010-09-19 03:34 . 2010-09-19 03:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-18 09:43 . 2010-09-01 07:52 66112 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlus_Helper_3004.dll
2010-09-18 09:43 . 2010-09-01 07:52 35136 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-09-18 09:43 . 2010-09-01 07:52 328080 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe.exe
2010-09-18 09:43 . 2010-09-01 07:52 32032 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-09-17 22:54 . 2010-09-17 22:54 -------- d-----w- c:\program files\MSXML 4.0
2010-09-17 22:53 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-17 22:36 . 2010-09-17 22:36 0 ----a-w- c:\windows\system32\wsbl.dat
2010-09-17 22:36 . 2010-09-17 22:36 0 ----a-w- c:\windows\system32\ph_white.dat
2010-09-17 22:36 . 2010-09-17 22:36 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-09-17 22:36 . 2010-09-17 22:36 0 ----a-w- c:\windows\system32\ph_black.dat
2010-09-17 22:36 . 2010-09-17 22:36 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-09-17 22:36 . 2010-09-17 22:36 0 ----a-w- c:\windows\system32\pcwords.dat
2010-09-13 08:11 . 2010-09-18 14:17 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-09-13 00:06 . 2010-09-13 00:06 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\BitDefender
2010-09-13 00:06 . 2010-09-13 00:06 -------- d-----w- C:\Binaries
2010-09-13 00:06 . 2010-09-13 00:10 -------- d-----w- c:\programdata\BitDefender
2010-09-13 00:06 . 2010-09-13 00:06 -------- d-----w- c:\program files\BitDefender
2010-09-13 00:04 . 2010-09-13 00:04 -------- d-----w- c:\windows\system32\URTTEMP
2010-09-13 00:04 . 2010-09-13 00:06 -------- d-----w- c:\program files\Common Files\BitDefender
2010-09-12 14:49 . 2010-09-12 14:49 -------- d-----w- c:\users\kambeng busuk\AppData\Local\ElevatedDiagnostics
2010-09-12 14:44 . 2007-08-08 04:07 101504 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-09-12 14:44 . 2007-08-08 04:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-09-12 14:43 . 2010-09-12 14:43 -------- d-----w- c:\program files\Huawei technologies
2010-09-12 14:43 . 2010-09-12 14:43 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-05 01:39 . 2010-09-05 01:40 1212416 ----a-w- c:\windows\system32\ActivaCOM.dll
2010-09-05 01:39 . 2008-04-27 20:06 192000 ----a-w- c:\windows\system32\Patch(symbianzone.co.cc).exe
2010-09-05 01:39 . 2007-08-26 12:23 1602456 ----a-w- c:\windows\system32\SWFScout.dll
2010-09-05 01:39 . 2007-03-08 14:39 1777664 ----a-w- c:\windows\system32\gdiplus.dll
2010-09-04 09:16 . 2010-09-05 07:07 -------- d-----w- c:\program files\All-into-One Flash Mixer
2010-09-03 04:56 . 2010-09-03 04:56 -------- d-----w- c:\programdata\KONAMI
2010-09-03 04:56 . 2010-09-03 04:56 -------- d-----w- c:\program files\KONAMI
2010-09-02 07:12 . 2010-09-02 07:12 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-08-30 18:41 . 2010-08-30 18:41 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-30 18:41 . 2010-08-30 18:41 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\Adobe Mini Bridge CS5
2010-08-30 12:03 . 2010-08-30 12:03 -------- d-----w- c:\programdata\Apple Computer
2010-08-30 12:01 . 2010-08-30 12:01 -------- d-----w- c:\program files\Common Files\Apple
2010-08-30 11:42 . 2010-08-30 11:42 -------- d-----w- c:\users\kambeng busuk\AppData\Local\CAPCOM
2010-08-30 11:08 . 2009-03-09 07:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-08-30 11:08 . 2009-03-09 07:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-08-30 11:08 . 2009-03-09 07:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-08-30 11:08 . 2009-03-16 06:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-08-30 11:08 . 2009-03-16 06:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-08-30 11:08 . 2009-03-16 06:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-08-30 11:07 . 2010-08-30 11:08 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-08-30 11:07 . 2010-08-30 11:07 -------- d-----w- c:\windows\system32\xlive
2010-08-25 19:24 . 2010-08-25 19:38 30332270 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Xilisoft\Video Converter Ultimate 6\x-video-converter-ultimate6.exe
2010-08-25 19:18 . 2010-08-25 19:18 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\Xilisoft
2010-08-25 18:57 . 2010-08-25 19:17 -------- d-----w- c:\program files\Xilisoft
2010-08-25 18:12 . 2010-08-25 18:12 -------- d-----w- c:\program files\Common Files\xing shared
2010-08-25 14:05 . 2010-08-25 14:05 10134 ----a-r- c:\users\kambeng busuk\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
2010-08-25 14:05 . 2010-08-25 14:05 -------- d-----w- c:\program files\My Company Name
2010-08-25 14:05 . 2010-08-25 14:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-25 13:13 . 2010-08-25 16:59 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-25 13:10 . 2010-08-25 13:10 -------- d-----w- c:\program files\Adobe Media Player
2010-08-25 13:09 . 2010-08-25 13:09 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-25 13:09 . 2010-08-25 13:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-23 23:29 . 2010-08-23 23:29 -------- d-----w- c:\users\kambeng busuk\AppData\Local\Conduit
2010-08-23 23:28 . 2010-06-08 03:28 52224 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-08-23 23:28 . 2010-06-08 03:28 101376 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-08-23 22:54 . 2010-08-23 22:57 -------- d-----w- c:\programdata\AutoHideIP
2010-08-23 22:54 . 2010-08-23 22:54 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\AutoHideIP
2010-08-22 18:05 . 2010-08-18 09:11 52224 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\components\FFExternalAlert.dll
2010-08-22 18:05 . 2010-08-18 09:11 101376 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\components\RadioWMPCore.dll
2010-08-22 18:05 . 2010-08-18 09:09 52224 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\FFExternalAlert.dll
2010-08-22 18:05 . 2010-08-18 09:09 101376 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 03:22 . 2010-04-27 07:43 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\IDM
2010-09-19 03:04 . 2010-04-27 07:43 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\DMCache
2010-09-13 01:37 . 2010-04-27 04:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-12 23:59 . 2010-04-27 00:30 -------- d-----w- c:\programdata\Kaspersky Lab
2010-09-12 14:43 . 2010-06-22 16:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-07 11:53 . 2010-07-30 20:16 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\vlc
2010-09-04 05:41 . 2010-04-27 13:10 -------- d-----w- c:\program files\Common Files\Nokia
2010-08-30 12:03 . 2010-04-27 10:21 -------- d-----w- c:\program files\QuickTime
2010-08-25 18:13 . 2010-04-27 03:49 -------- d-----w- c:\program files\Common Files\Real
2010-08-25 16:56 . 2010-04-27 02:32 109800 ----a-w- c:\users\kambeng busuk\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-25 13:09 . 2010-05-22 10:22 38784 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-24 11:42 . 2010-04-27 02:36 -------- d-----w- c:\programdata\Microsoft Help
2010-08-24 09:35 . 2010-04-27 09:21 -------- d-----w- c:\program files\Common Files\Stardock
2010-08-24 09:35 . 2010-06-07 00:28 -------- d-----w- c:\program files\7-Zip
2010-08-24 03:29 . 2010-06-29 12:12 -------- d-----w- c:\program files\CONEXANT
2010-08-24 03:27 . 2010-04-27 05:18 -------- d-----w- c:\program files\Folder Lock 6
2010-08-24 03:27 . 2010-08-09 00:51 -------- d-----w- c:\program files\Winamp
2010-08-24 03:27 . 2010-07-02 03:42 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-24 03:27 . 2010-06-10 23:12 -------- d-----w- c:\program files\JDownloader
2010-08-24 03:27 . 2010-08-09 21:16 -------- d-----w- c:\program files\Google
2010-08-21 18:50 . 2010-06-06 22:37 -------- d-----w- c:\program files\Minilyrics
2010-08-14 17:38 . 2010-04-27 04:24 -------- d-----w- c:\programdata\FLEXnet
2010-08-11 21:15 . 2010-05-30 09:45 -------- d-----w- c:\program files\Flash Movie Player
2010-08-09 00:57 . 2010-08-09 00:51 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\Winamp
2010-08-09 00:53 . 2010-08-09 00:53 -------- d-----w- c:\program files\Winamp Toolbar
2010-08-09 00:53 . 2010-08-09 00:53 -------- d-----w- c:\programdata\Winamp Toolbar
2010-07-31 20:16 . 2010-07-31 20:16 657217 ----a-w- c:\windows\Condition Zero Uninstaller.exe
2010-07-31 19:48 . 2010-07-31 19:48 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-31 19:48 . 2010-07-31 19:48 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-31 19:48 . 2010-07-31 19:48 -------- d-----w- c:\program files\OpenAL
2010-07-31 11:24 . 2010-07-31 11:24 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2010-07-31 11:24 . 2010-07-31 11:24 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2010-07-31 11:24 . 2010-07-31 11:24 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2010-07-31 11:24 . 2010-07-31 11:24 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2010-07-31 11:24 . 2010-07-31 11:24 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2010-07-31 11:24 . 2010-07-31 11:24 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2010-07-31 11:24 . 2010-07-31 11:24 -------- d-----w- c:\programdata\NexonEU
2010-07-29 06:30 . 2010-08-11 11:06 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 11:06 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 15:36 . 2010-07-28 15:36 180224 ----a-w- c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\winamptbres.dll
2010-07-06 04:31 . 2010-07-06 04:31 2944904 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-06-30 06:25 . 2010-08-11 11:06 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 00:37 . 2010-06-19 17:31 12212040 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-06-23 00:37 . 2010-06-19 17:31 13930312 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-06-23 00:37 . 2010-06-19 17:31 77824 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-23 00:37 . 2010-06-19 17:31 61440 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-06-23 00:37 . 2010-06-19 17:31 58880 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-06-23 00:37 . 2010-06-19 17:31 50000 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-06-22 02:47 . 2010-08-11 11:06 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 11:06 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 11:06 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-01 20:30 . 2010-06-01 20:06 615 ----a-w- c:\program files\New folder.lnk
2009-10-19 10:59 . 2010-09-13 00:10 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-13 09:25 1438520 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-04-29 3220912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-31 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-31 169496]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-25 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-09 421888]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-10-22 1118144]

c:\users\kambeng busuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-4-27 3450608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-24 2684256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 09:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-08-19 01:27 5137648 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2010-05-28 05:46 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-24 13:17 385928 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 02:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-09 21:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-25 18:12 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-27 1343400]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2009-10-19 72200]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2009-10-19 79368]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2009-09-22 83208]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2009-11-10 152456]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-05-20 314368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2405280
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\idmmbc.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {7CF3E7C4-6112-4D72-A0CD-D0AD7EEB5467} - hxxp://www.packetix.net/en/special/file ... vpnweb.cab
FF - ProfilePath - c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT24052 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... n_dtid=&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\users\kambeng busuk\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
URLSearchHooks-{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\Brothersoft\tbBro1.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\Brothersoft\tbBro1.dll
Toolbar-{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\Brothersoft\tbBro1.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - c:\program files\Brothersoft\tbBro1.dll
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-cAudioFilterAgent - c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
HKLM-Run-Camera Assistant Software - c:\program files\Camera Assistant Software for Toshiba\traybar.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
MSConfigStartUp-Raptr - c:\progra~1\Raptr\raptrstub.exe
MSConfigStartUp-StormCodec_Helper - c:\program files\Ringz Studio\Storm Codec\StormSet.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-0B753AE04CCFC1E067940973C1BEDEEE62CADDC9 - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-504244733D18C8F63FF584AEB290E3904E791693 - c:\progra~1\DIFX\B4723E9A0713E5B1\dpinst.exe
AddRemove-6CD143D10D52B656CB6E8E90D7932A476DA16F6A - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-7-Zip - c:\program files\7-Zip\Uninstall.exe
AddRemove-84BA15BD1DFEAA8A233F801B29BDC48DEE17B71F - c:\progra~1\DIFX\270581355A767BF1\DPInst.exe
AddRemove-9CD348AE9C64C4B939B624E8E24F3903EFDFC82B - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-Brothersoft Toolbar - c:\progra~1\BROTHE~1\UNWISE.EXE
AddRemove-C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-cAudioFilterAgent - c:\program files\CONEXANT\cAudioFilterAgent\SETUP.EXE
AddRemove-CNXT_AUDIO_HDA - c:\program files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe
AddRemove-InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B} - c:\progra~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe
AddRemove-SmartAudio - c:\program files\Conexant\SmartAudio\SETUP.EXE


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="

[HKEY_USERS\S-1-5-21-2301115776-1775670167-4112141697-1000_Classes\CLSID\{052bfeb4-07c6-42dd-b556-44a4e6f4f0d2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000095
"Therad"=dword:00000022
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,68,65,b2,30,91,64,71,96,7a,c1,e8,64,a5,60,2c,06,dd,db,4f,80,65,4c,\

[HKEY_USERS\S-1-5-21-2301115776-1775670167-4112141697-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):9c,41,ef,35,53,47,61,17,38,f7,3f,a6,9a,c9,fb,9e,e4,ad,b8,b0,f2,
60,dc,09,f1,48,c4,09,af,57,b2,00,e1,44,e2,d9,64,15,38,7a,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2301115776-1775670167-4112141697-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ce,4c,ed,83,29,c7,71,86,5c,0c,7f,c1,0f,78,50,5f,c3,08,a6,f0,ae,
d6,ac,ee,58,bc,da,b2,8e,03,a1,71,04,2e,aa,5a,b2,ea,a0,6c,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2301115776-1775670167-4112141697-1000_Classes\CLSID\{8ca23c4c-01b6-48f6-aac4-4fb991c2b741}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000c7
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-19 11:36:45
ComboFix-quarantined-files.txt 2010-09-19 03:36

Pre-Run: 92,183,605,248 bytes free
Post-Run: 92,115,181,568 bytes free

- - End Of File - - BDC9475A98462DDF355FF4ED45377760
akio90takeshi
Active Member
 
Posts: 1
Joined: September 19th, 2010, 8:56 am
Top
Advertisement
Register to Remove

Re: help me to solved this log by COMBOFIX

Unread postby NonSuch » September 19th, 2010, 10:59 pm

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log. Also include your ComboFix log in the same post.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 439 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index