Jump to content

vasilina

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. vasilina
    ok. Thank you. do I consider myself clean if it does not?
  2. vasilina
    As far as behavior of my computer at the moment. nothing strange is happeing at the moment. There were no IPblocks today aso far. It still starts up quite slow. 2-d Combofix log: ComboFix 11-06-21.06 - Vasilina Mulyavina 06/22/2011 8:41.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.3062.2287 [GMT -7:00] Running from: c:\documents and settings\Vasilina Mulyavina\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Vasilina Mulyavina\Desktop\CFScript.txt AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . . ((((((((((((((((((((((((( Files Created from 2011-05-22 to 2011-06-22 ))))))))))))))))))))))))))))))) . . 2011-05-23 16:08 . 2011-05-23 16:10 -------- d-----w- c:\documents and settings\Vasilina Mulyavina\Application Data\ControlCenter4 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 16:11 . 2010-10-16 04:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11 . 2010-10-16 04:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-12-15 925696] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248] "Lingvo Launcher"="c:\program files\ABBYY Lingvo 10 Multilingual Dictionary\Lvagent.exe" [2004-10-09 110592] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-05-08 421888] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-27 139264] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-20 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\CNAB3RPK.EXE"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22463:TCP"= 22463:TCP:BitComet 22463 TCP "22463:UDP"= 22463:UDP:BitComet 22463 UDP "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/15/2010 9:06 PM 366640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/15/2011 12:26 PM 105592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/15/2010 9:06 PM 22712] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2010 7:33 PM 136176] S3 Apache2.2;Apache2.2;c:\program files\XAMPP\xampp\apache\bin\httpd.exe [9/25/2009 9:00 PM 24640] S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [5/18/2011 2:44 PM 245760] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 6:32 PM 23888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2010 7:33 PM 136176] S3 Mercury;Mercury;c:\program files\XAMPP\xampp\xampp_service_mercury.exe [9/25/2009 9:00 PM 73728] S3 Netioca;Netioca; [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/1/2010 2:44 PM 100560] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] . Contents of the 'Scheduled Tasks' folder . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 02:32] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 02:32] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: &
  3. vasilina
    These are just manually selected from my Malwarebytes logs. I can also attach full logs if you would find it helpful. First 9 Ip-addresses seem to hit me most often. There migght be more addresses, that I have missed. Thank you. 92.241.165.233 (Type: outgoing) 193.169.234.234 (Type: outgoing) 193.169.234.231 (Type: outgoing) 193.169.234.232 (Type: outgoing) 193.169.234.233 (Type: outgoing) 193.169.234.241 (Type: outgoing) 193.169.234.242 (Type: outgoing) 193.169.234.243 (Type: outgoing) 193.169.234.244 (Type: outgoing) 91.197.237.66 (Type: outgoing) 79.135.144.161 (Type: outgoing) 89.28.51.178 (Type: incoming) 89.28.123.9 (Type: incoming) 85.234.173.143 (Type: outgoing) 109.230.246.139 (Type: outgoing) 89.28.18.15 (Type: outgoing) 195.68.160.179 (Type: outgoing) 195.68.160.233 (Type: outgoing) 62.45.3.106 (Type: outgoing) 91.207.60.4 (Type: outgoing) 98.142.249.146 (Type: outgoing) 178.218.210.194 (Type: outgoing)
  4. vasilina
    For a while I hav my computer start up very slow!! , can take 5-10 minutes at times. Also ocosionally, stange exlplorer activity - can stop working. Alsi sicne installed Malwarebytes, have been getting these reports about outgoing IP-blocks - have now idea what that means. Thank you. Here is my ComboFix log: ComboFix 11-06-21.06 - Vasilina Mulyavina 06/21/2011 23:09:54.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.3062.2128 [GMT -7:00] Running from: c:\documents and settings\Vasilina Mulyavina\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\1.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\a.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\b.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\c.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\d.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\e.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\f.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\g.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\h.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\i.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\J.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\k.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\l.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\m.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\n.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\o.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\p.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\q.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\r.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\s.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\t.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\u.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\v.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\w.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\x.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\y.xml c:\documents and settings\Vasilina Mulyavina\Application Data\PriceGong\Data\z.xml c:\documents and settings\Vasilina Mulyavina\WINDOWS . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF . . ((((((((((((((((((((((((( Files Created from 2011-05-22 to 2011-06-22 ))))))))))))))))))))))))))))))) . . 2011-05-23 16:08 . 2011-05-23 16:10 -------- d-----w- c:\documents and settings\Vasilina Mulyavina\Application Data\ControlCenter4 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 16:11 . 2010-10-16 04:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11 . 2010-10-16 04:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-12-15 925696] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248] "Lingvo Launcher"="c:\program files\ABBYY Lingvo 10 Multilingual Dictionary\Lvagent.exe" [2004-10-09 110592] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-05-08 421888] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-27 139264] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-20 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\CNAB3RPK.EXE"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22463:TCP"= 22463:TCP:BitComet 22463 TCP "22463:UDP"= 22463:UDP:BitComet 22463 UDP "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/15/2010 9:06 PM 366640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/15/2011 12:26 PM 105592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/15/2010 9:06 PM 22712] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2010 7:33 PM 136176] S3 Apache2.2;Apache2.2;c:\program files\XAMPP\xampp\apache\bin\httpd.exe [9/25/2009 9:00 PM 24640] S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [5/18/2011 2:44 PM 245760] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 6:32 PM 23888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2010 7:33 PM 136176] S3 Mercury;Mercury;c:\program files\XAMPP\xampp\xampp_service_mercury.exe [9/25/2009 9:00 PM 73728] S3 Netioca;Netioca; [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/1/2010 2:44 PM 100560] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] . Contents of the 'Scheduled Tasks' folder . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 02:32] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-09 02:32] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: &??????? ? Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Translate with Lingvo - c:\program files\ABBYY Lingvo 10 Multilingual Dictionary\Lingvo.exe/3000 . - - - - ORPHANS REMOVED - - - - . Notify-NavLogon - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-21 23:35 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1260) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(2304) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\CNAB3RPK.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\ControlCenter4\BrCtrlCntr.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\TpKmpSVC.exe c:\program files\ControlCenter4\BrCcUxSys.exe c:\windows\system32\wscntfy.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2011-06-21 23:42:52 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-22 06:42 ComboFix2.txt 2010-10-16 18:56 . Pre-Run: 11,026,391,040 bytes free Post-Run: 11,342,311,424 bytes free . - - End Of File - - 2271242EFDBECD3891A05D40BB5D325A
  5. vasilina
    Please! Please!!! Take alook at my logs here!!!
  6. vasilina
    . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Vasilina Mulyavina at 20:27:00 on 2011-06-19 Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.3062.2314 [GMT -7:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\system32\CNAB3RPK.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\ABBYY Lingvo 10 Multilingual Dictionary\Lvagent.exe C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ControlCenter4\BrCtrlCntr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ControlCenter4\BrCcUxSys.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [Lingvo Launcher] "c:\program files\abbyy lingvo 10 multilingual dictionary\Lvagent.exe" /STARTUP mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: &??????? ? Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Translate with Lingvo - c:\program files\abbyy lingvo 10 multilingual dictionary\Lingvo.exe/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{EB7E6E2F-1B36-41F9-9E63-13FFE40D0DC0} : DhcpNameServer = 192.168.10.1 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-15 366640] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-9-11 2436536] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-15 105592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-15 22712] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110619.002\NAVENG.SYS [2011-6-19 86008] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110619.002\NAVEX15.SYS [2011-6-19 1542392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 136176] S3 Apache2.2;Apache2.2;c:\program files\xampp\xampp\apache\bin\httpd.exe [2009-9-25 24640] S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-5-18 245760] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 136176] S3 Mercury;Mercury;c:\program files\xampp\xampp\xampp_service_mercury.exe [2009-9-25 73728] S3 Netioca;Netioca; [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-12-1 100560] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-05-23 16:08:34 -------- d-----w- c:\documents and settings\vasilina mulyavina\application data\ControlCenter4 . ==================== Find3M ==================== . 2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 20:28:16.68 =============== attach.zip protection-log-2011-06-19.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.