Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can any good samaritans help me read my combofix report?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can any good samaritans help me read my combofix report?

Unread postby xxgambinoxx » November 22nd, 2010, 9:41 pm

TL;DR: I infected my gf's computer and if i dont fix it i will hear about it for the rest of my life. Please help me.


ComboFix 10-11-21.01 - Jenny 22/11/2010 21:38:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1014.262 [GMT -3.5:30]
Running from: c:\users\Jenny\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-23 01:19 . 2010-11-23 01:19 -------- d-----w- c:\users\Jenny\AppData\Local\temp
2010-11-23 01:19 . 2010-11-23 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-20 20:29 . 2010-11-20 21:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-20 20:29 . 2010-11-20 20:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-20 14:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B76FC96-87B0-4128-B5A4-8AF7384DD5BB}\mpengine.dll
2010-11-19 23:37 . 2010-11-21 23:58 -------- d-----w- c:\programdata\PrevxCSI
2010-11-19 23:11 . 2010-11-19 23:11 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-19 23:11 . 2010-11-19 23:11 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-11-19 22:47 . 2010-11-19 22:47 -------- d-----w- c:\users\Jenny\AppData\Roaming\Malwarebytes
2010-11-19 22:47 . 2010-04-29 19:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-19 22:47 . 2010-11-19 22:47 -------- d-----w- c:\programdata\Malwarebytes
2010-11-19 22:47 . 2010-04-29 19:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-19 22:47 . 2010-11-19 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-19 18:26 . 2010-11-21 20:47 1461 ----a-w- c:\windows\system\viewed.dll
2010-11-19 01:36 . 2010-11-19 05:18 0 ----a-w- c:\users\Jenny\AppData\Local\Kcujub.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 14:11 . 2009-10-03 15:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-23 03:17 . 2010-09-23 03:17 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-13 13:56 . 2010-10-14 15:43 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:23 . 2010-10-14 15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07 . 2010-10-14 15:26 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 15:23 . 2010-10-14 15:26 389632 ----a-w- c:\windows\system32\html.iec
2010-09-06 16:20 . 2010-10-14 15:41 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 15:41 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 15:41 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 15:41 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 15:41 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 15:28 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 15:28 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 15:27 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 15:44 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-14 15:29 157184 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"TOSCDSPD"="TOSCDSPD.EXE" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"NDSTray.exe"="NDSTray.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-11-17 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-11-16 5120]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-23 c:\windows\Tasks\User_Feed_Synchronization-{C4473F5B-4EB1-44FC-93B5-A7508BE532E0}.job
- c:\windows\system32\msfeedssync.exe [2008-10-01 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\j4uzfzmr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UT ... f-divxb&p=
FF - component: c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\j4uzfzmr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-LvehhfngMx0cny\AppData\Local\Temp\1405116560.exe - c:\users\Jenny\AppData\Local\Temp\1405116560.exe
HKCU-Run-LvehhfngM01cny\AppData\Local\Temp\2469039806.exe - c:\users\Jenny\AppData\Local\Temp\2469039806.exe
HKCU-Run-LvehhfngLzzcny\AppData\Local\Temp\3042600366.exe - c:\users\Jenny\AppData\Local\Temp\3042600366.exe
HKCU-Run-LvehhfngN0ycny\AppData\Local\Temp\3756323070.exe - c:\users\Jenny\AppData\Local\Temp\3756323070.exe
HKCU-Run-LvehhfngN1zcny\AppData\Local\Temp\2790932416.exe - c:\users\Jenny\AppData\Local\Temp\2790932416.exe
HKCU-Run-LvehhfngNzycny\AppData\Local\Temp\3533245120.exe - c:\users\Jenny\AppData\Local\Temp\3533245120.exe
HKCU-Run-LvehhfngM22cny\AppData\Local\Temp\3362882976.exe - c:\users\Jenny\AppData\Local\Temp\3362882976.exe
HKCU-Run-LvehhfngMzzcny\AppData\Local\Temp\4072607530.exe - c:\users\Jenny\AppData\Local\Temp\4072607530.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-11-22 21:53:30
ComboFix-quarantined-files.txt 2010-11-23 01:23
ComboFix2.txt 2010-11-23 00:58

Pre-Run: 90,623,737,856 bytes free
Post-Run: 90,593,837,056 bytes free

- - End Of File - - 1DACA61D0E01EB464B46462A83952FCE
xxgambinoxx
Active Member
 
Posts: 1
Joined: November 22nd, 2010, 9:39 pm
Advertisement
Register to Remove

Re: Can any good samaritans help me read my combofix report?

Unread postby NonSuch » November 24th, 2010, 5:02 am

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log. Also include your ComboFix log in the same post.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 332 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware