[RESOLVED] W7 Machine w/ a lot of infected files - Page 3
Page 3 of 6 FirstFirst 12345 ... LastLast
Results 31 to 45 of 77

Thread: [RESOLVED] W7 Machine w/ a lot of infected files

  1. September 8th, 2010, 08:21 PM #31
    Waldos
    Waldos is offline Virtual Intern
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    ¿Can i run MRB & Combofix?
    Reply With Quote Reply With Quote
  2. September 9th, 2010, 10:30 AM #32
    Waldos
    Waldos is offline Virtual Intern
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    u.u i really need your help ...

    I downloaded MBRCheck & Combofix and are ready to run ._.
    Reply With Quote Reply With Quote
  3. September 11th, 2010, 02:50 PM #33
    Waldos
    Waldos is offline Virtual Intern
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    plis help me :'(
    Reply With Quote Reply With Quote
  4. September 13th, 2010, 10:23 AM #34
    Waldos
    Waldos is offline Virtual Intern
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    plix help me!! Y_Y
    Reply With Quote Reply With Quote
  6. September 14th, 2010, 08:18 PM #35
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Oh, I apologize
    I saw so many replies, that I thought Crunchie took it.
    Sorry for that.
    Let me see what's there.
    My Home Page
    Reply With Quote Reply With Quote
  7. September 14th, 2010, 08:24 PM #36
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ===============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    My Home Page
    Reply With Quote Reply With Quote
  8. September 15th, 2010, 10:33 AM #37
    Waldos
    Waldos is offline Virtual Intern
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    Dont worry Broni, thanks for your help !

    I upload the results in a couple of hours *-*
    Reply With Quote Reply With Quote
  9. September 15th, 2010, 11:57 AM #38
    Waldos
    Waldos is offline Virtual Intern
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    The MRBCheck succeded in the scan. But when the ComboFix ran, Windows made a messange with a legend "PEV.cfxxe Dejó de funcionar" or "PEV.cfxxe has stopped working" at the Completed_Stage2. I think this is correct becasue this is the virus or im wrong?

    Here is the logs :

    Only a question, only i have 1 virus, 2 or more. And what type of virus is?

    Thank you!!

    And sorry for my bad english jejeje
    Last edited by Waldos; September 15th, 2010 at 12:01 PM.
    Reply With Quote Reply With Quote
  11. September 15th, 2010, 12:03 PM #39
    Waldos
    Waldos is offline Virtual Intern
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Vostro 220s Series
    Logical Drives Mask: 0x0002001c

    Kernel Drivers (total 201):
    0x82C0D000 \SystemRoot\system32\ntkrnlpa.exe
    0x8301D000 \SystemRoot\system32\halmacpi.dll
    0x80B9C000 \SystemRoot\system32\kdcom.dll
    0x83237000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x832AF000 \SystemRoot\system32\PSHED.dll
    0x832C0000 \SystemRoot\system32\BOOTVID.dll
    0x832C8000 \SystemRoot\system32\CLFS.SYS
    0x8330A000 \SystemRoot\system32\CI.dll
    0x88A14000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x88A85000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x88A93000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x88ADB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x88AE4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x88AEC000 \SystemRoot\system32\DRIVERS\pci.sys
    0x88B16000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x88B21000 \SystemRoot\System32\drivers\partmgr.sys
    0x88B32000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x88B42000 \SystemRoot\System32\drivers\volmgrx.sys
    0x88B8D000 \SystemRoot\System32\drivers\mountmgr.sys
    0x88BA3000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x88BAC000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x88BCF000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x88BD9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x88BE7000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x833B5000 \SystemRoot\system32\drivers\fltmgr.sys
    0x88A00000 \SystemRoot\system32\drivers\fileinfo.sys
    0x88C2F000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x88D5E000 \SystemRoot\System32\Drivers\msrpc.sys
    0x88D89000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x88D9C000 \SystemRoot\System32\Drivers\cng.sys
    0x88C00000 \SystemRoot\System32\drivers\pcw.sys
    0x88C0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x88E01000 \SystemRoot\system32\drivers\ndis.sys
    0x88EB8000 \SystemRoot\system32\drivers\NETIO.SYS
    0x88EF6000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8902C000 \SystemRoot\System32\drivers\tcpip.sys
    0x89175000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x891A6000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x891AF000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x891EE000 \SystemRoot\System32\Drivers\spldr.sys
    0x88F1B000 \SystemRoot\System32\drivers\rdyboost.sys
    0x89000000 \SystemRoot\System32\Drivers\mup.sys
    0x89010000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x88F48000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x89018000 \SystemRoot\system32\DRIVERS\disk.sys
    0x88F7A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x88FC8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8DC22000 \SystemRoot\System32\Drivers\SRTSP.SYS
    0x8DDB9000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x8DDF2000 \SystemRoot\System32\Drivers\SRTSPX.SYS
    0x8DC00000 \SystemRoot\System32\Drivers\Null.SYS
    0x8DC07000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8DC0E000 \SystemRoot\System32\drivers\vga.sys
    0x83200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x88FE7000 \SystemRoot\System32\drivers\watchdog.sys
    0x8DC1A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x88FF4000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x88C17000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x88C1F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x88BF0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x833E9000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x83221000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x93E0C000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0x93E39000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys
    0x93E47000 \SystemRoot\system32\drivers\afd.sys
    0x93EA1000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x93ED3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x93EDA000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x93EF9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x93F0A000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x93F18000 \SystemRoot\system32\DRIVERS\serial.sys
    0x93F32000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x93F45000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x93F55000 \SystemRoot\SYSTEM32\Drivers\SysPlant.sys
    0x93F73000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0x94836000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x94877000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x94881000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x9488B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x948E9000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x94906000 \SystemRoot\System32\drivers\discache.sys
    0x94912000 \SystemRoot\system32\drivers\csc.sys
    0x94976000 \SystemRoot\System32\Drivers\dfsc.sys
    0x9498E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x9499C000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x949BD000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x95206000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x9571B000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x94C10000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x94C49000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x94C68000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x94C73000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x94CBE000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x94CCD000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
    0x94CFF000 \SystemRoot\system32\DRIVERS\VSTBS23.SYS
    0x94D4B000 \SystemRoot\system32\DRIVERS\ks.sys
    0x9802C000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
    0x9812E000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
    0x981E3000 \SystemRoot\system32\drivers\modem.sys
    0x981F0000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x98000000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x9800D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x94D7F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x9801F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x94D97000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x94DB9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x94DD1000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x94DE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x94C00000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x957D2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x957DF000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x949CF000 \SystemRoot\system32\DRIVERS\teefer2.sys
    0x9802A000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x957EC000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8242E000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x82472000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x82483000 \SystemRoot\system32\drivers\HdAudio.sys
    0x824D3000 \SystemRoot\system32\drivers\portcls.sys
    0x82502000 \SystemRoot\system32\drivers\drmk.sys
    0x98B30000 \SystemRoot\System32\win32k.sys
    0x8251B000 \SystemRoot\System32\drivers\Dxapi.sys
    0x82525000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x82532000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8253D000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x82547000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x89E38000 \SystemRoot\system32\DRIVERS\netr28u.sys
    0x89EF4000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x89EFE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x89F15000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x89F17000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x98D90000 \SystemRoot\System32\TSDDD.dll
    0x89F22000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x89F2D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x89F40000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x89F47000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x98DC0000 \SystemRoot\System32\cdd.dll
    0x89F53000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x89F5E000 \SystemRoot\system32\drivers\luafv.sys
    0x89F79000 \SystemRoot\system32\drivers\WudfPf.sys
    0x89F93000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x89FA3000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x89FE9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x89E00000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x89E13000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x82558000 \SystemRoot\system32\drivers\HTTP.sys
    0x89E1C000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x825DD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA2A2A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA2A65000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA2A98000 \SystemRoot\system32\drivers\peauth.sys
    0xA2B2F000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA2B39000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA2B5A000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA2B67000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA0206000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA0257000 \??\C:\Windows\system32\drivers\WpsHelper.sys
    0xA027E000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0xA0283000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xA028C000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100914.052\NAVEX15.SYS
    0xA03D8000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100914.052\NAVENG.SYS
    0xA2BB6000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xA2A00000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x771F0000 \Windows\System32\ntdll.dll
    0x47B30000 \Windows\System32\smss.exe
    0x77430000 \Windows\System32\apisetschema.dll
    0x00D50000 \Windows\System32\autochk.exe
    0x773E0000 \Windows\System32\ws2_32.dll
    0x773D0000 \Windows\System32\nsi.dll
    0x77120000 \Windows\System32\msctf.dll
    0x764D0000 \Windows\System32\shell32.dll
    0x773C0000 \Windows\System32\psapi.dll
    0x76330000 \Windows\System32\setupapi.dll
    0x77340000 \Windows\System32\comdlg32.dll
    0x76290000 \Windows\System32\usp10.dll
    0x76270000 \Windows\System32\imm32.dll
    0x761E0000 \Windows\System32\clbcatq.dll
    0x760E0000 \Windows\System32\wininet.dll
    0x76040000 \Windows\System32\advapi32.dll
    0x75F90000 \Windows\System32\rpcrt4.dll
    0x75F40000 \Windows\System32\Wldap32.dll
    0x77330000 \Windows\System32\lpk.dll
    0x75E70000 \Windows\System32\user32.dll
    0x75DE0000 \Windows\System32\oleaut32.dll
    0x75C80000 \Windows\System32\ole32.dll
    0x75BA0000 \Windows\System32\kernel32.dll
    0x75AF0000 \Windows\System32\msvcrt.dll
    0x75A90000 \Windows\System32\shlwapi.dll
    0x75890000 \Windows\System32\iertutil.dll
    0x75880000 \Windows\System32\normaliz.dll
    0x75830000 \Windows\System32\gdi32.dll
    0x757D0000 \Windows\System32\difxapi.dll
    0x757A0000 \Windows\System32\imagehlp.dll
    0x75660000 \Windows\System32\urlmon.dll
    0x75640000 \Windows\System32\sechost.dll
    0x75610000 \Windows\System32\cfgmgr32.dll
    0x75580000 \Windows\System32\comctl32.dll
    0x75560000 \Windows\System32\devobj.dll
    0x75510000 \Windows\System32\KernelBase.dll
    0x754E0000 \Windows\System32\wintrust.dll
    0x753C0000 \Windows\System32\crypt32.dll
    0x753B0000 \Windows\System32\msasn1.dll

    Processes (total 59):
    0 System Idle Process
    4 System
    280 C:\Windows\System32\smss.exe
    364 csrss.exe
    444 C:\Windows\System32\wininit.exe
    456 csrss.exe
    496 C:\Windows\System32\services.exe
    504 C:\Windows\System32\lsass.exe
    520 C:\Windows\System32\lsm.exe
    576 C:\Windows\System32\winlogon.exe
    664 C:\Windows\System32\svchost.exe
    744 C:\Windows\System32\svchost.exe
    836 C:\Windows\System32\atiesrxx.exe
    888 C:\Windows\System32\svchost.exe
    920 C:\Windows\System32\svchost.exe
    944 C:\Windows\System32\svchost.exe
    1136 C:\Windows\System32\svchost.exe
    1208 C:\Windows\System32\atieclxx.exe
    1332 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    1376 C:\Windows\System32\svchost.exe
    1468 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    1644 C:\Windows\System32\spoolsv.exe
    1672 C:\Windows\System32\svchost.exe
    1820 C:\Program Files\Cobian Backup 10\cbVSCService.exe
    1888 C:\Program Files\Cobian Backup 10\cbService.exe
    1960 C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
    2000 C:\Windows\System32\HPSIsvc.exe
    296 C:\Windows\System32\svchost.exe
    2408 C:\Windows\System32\taskhost.exe
    2504 C:\Windows\System32\dwm.exe
    2612 C:\Windows\explorer.exe
    2632 C:\Windows\System32\svchost.exe
    3060 C:\Windows\System32\rundll32.exe
    3164 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    3180 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    3292 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    3408 C:\Program Files\Cobian Backup 10\cbInterface.exe
    3520 C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
    3624 C:\Windows\System32\SearchIndexer.exe
    3996 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2172 C:\Windows\System32\svchost.exe
    3732 C:\Users\Bruno\AppData\Local\Temp\SolidWorksLicTemp.0001
    2252 C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    1292 C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    2620 C:\Windows\System32\svchost.exe
    3724 C:\Windows\System32\wuauclt.exe
    3968 C:\Program Files\Common Files\Symantec Shared\COH\COH32.exe
    2900 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    3468 C:\Windows\System32\audiodg.exe
    2240 C:\Windows\System32\SearchProtocolHost.exe
    1312 C:\Windows\System32\msiexec.exe
    1656 C:\Windows\System32\svchost.exe
    2984 WUDFHost.exe
    3752 C:\Windows\System32\SearchFilterHost.exe
    3480 C:\Windows\System32\wbem\WMIADAP.exe
    1024 WmiPrvSE.exe
    4008 C:\Users\Bruno\Desktop\MBRCheck.exe
    2380 C:\Windows\System32\conhost.exe
    1984 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\R: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: ST3160215SCE, Rev: 3.ACB
    PhysicalDrive1 Model Number: ST9160827AS, Rev:

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    149 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
    Reply With Quote Reply With Quote
  12. September 15th, 2010, 12:04 PM #40
    Waldos
    Waldos is offline Virtual Intern
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    ComboFix 10-09-14.04 - Bruno 15/09/2010 10:15:01.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.52.3082.18.2047.1240 [GMT -5:00]
    Running from: c:\users\Bruno\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Bruno\AppData\Local\Temp\SolidWorksLicTemp.0001.dir.0003\~deb294.tmp
    c:\users\Bruno\AppData\Local\Temp\SolidWorksLicTemp.0001.dir.0003\~df394b.tmp
    c:\windows\system32\Ijl11.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
    .

    2010-09-15 15:27 . 2010-09-15 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-09-15 15:27 . 2010-09-15 15:27 -------- d-----w- c:\users\Arturo\AppData\Local\temp
    2010-09-15 15:27 . 2010-09-15 15:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2010-09-15 15:27 . 2010-09-15 15:27 -------- d-----w- c:\users\Invitado\AppData\Local\temp
    2010-09-15 15:08 . 2010-09-15 15:09 -------- d-----w- C:\32788R22FWJFW
    2010-09-13 22:14 . 2010-09-13 22:14 -------- d-----w- c:\program files\LogoJet
    2010-09-13 19:09 . 2010-09-13 19:09 -------- d-----w- c:\windows\Downloaded Installations
    2010-09-08 23:30 . 2010-09-08 23:30 -------- d-----w- c:\users\Bruno\AppData\Roaming\InstallShield
    2010-08-28 21:16 . 2010-08-28 21:16 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2010-08-28 21:15 . 2010-08-28 21:15 -------- d-----w- c:\windows\PCHEALTH
    2010-08-28 21:15 . 2010-08-28 21:15 -------- d-----w- c:\program files\Microsoft Sync Framework
    2010-08-28 21:15 . 2010-08-28 21:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-08-28 19:19 . 2010-08-28 19:19 -------- d-----w- c:\program files\Microsoft Analysis Services
    2010-08-28 19:17 . 2010-08-28 19:17 -------- d-----r- C:\MSOCache
    2010-08-27 01:30 . 2010-08-27 02:01 -------- d-----w- C:\temp
    2010-08-26 15:01 . 2010-08-26 15:01 -------- d-----w- c:\users\Arturo\AppData\Roaming\Malwarebytes
    2010-08-23 15:51 . 2010-08-23 15:51 -------- d-----w- c:\users\Bruno\AppData\Roaming\Malwarebytes
    2010-08-23 15:50 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-23 15:50 . 2010-08-23 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-23 15:50 . 2010-08-23 15:50 -------- d-----w- c:\programdata\Malwarebytes
    2010-08-23 15:50 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-20 12:44 . 2010-08-20 12:44 -------- d-----w- c:\users\TEMP
    2010-08-19 22:36 . 2010-08-19 22:36 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
    2010-08-19 22:35 . 2010-08-19 22:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2010-08-19 22:34 . 2010-08-19 22:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\IM
    2010-08-19 22:09 . 2010-08-19 22:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SolidWorks 2009
    2010-08-19 22:09 . 2010-08-20 07:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SolidWorks
    2010-08-19 22:08 . 2010-08-19 22:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\AdobeUM
    2010-08-19 22:06 . 2010-08-19 22:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
    2010-08-19 22:05 . 2010-08-19 22:05 -------- d-----w- c:\users\Default\AppData\Local\Symantec

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ------- Sigcheck -------

    [-] 2010-07-17 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-07-19 115560]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
    "Cobian Backup 10 Interface"="c:\program files\Cobian Backup 10\cbInterface.exe" [2010-07-13 3152384]
    "HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

    c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Motor del Programador de tareas de SolidWorks.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000]

    c:\users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Motor del Programador de tareas de SolidWorks.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-7-30 25214]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-12 1343400]
    R3 WSDPrintDevice;Soporte de impresión WSD a través de UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
    R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
    S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-07-13 67584]
    S2 CobianBackup10;Cobian Backup 10;c:\program files\Cobian Backup 10\cbService.exe [2010-07-13 1125376]
    S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
    S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-10 99896]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-19 102448]
    S3 netr28u;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\netr28u.sys [2010-04-10 734208]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-19 189440]
    S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

    .
    .
    ------- Supplementary Scan -------
    .
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\wudjiduz.default\
    FF - prefs.js: network.proxy.http - 206.64.92.16
    FF - prefs.js: network.proxy.http_port - 8000
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-Symantec Antvirus


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(3736)
    c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\atieclxx.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\windows\system32\WUDFHost.exe
    c:\users\Bruno\AppData\Local\Temp\SolidWorksLicTemp.0001
    c:\program files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Common Files\Symantec Shared\COH\coh32.exe
    .
    **************************************************************************
    .
    Completion time: 2010-09-15 10:49:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-09-15 15:49

    Pre-Run: 105,762,582,528 bytes libres
    Post-Run: 106,812,751,872 bytes libres

    - - End Of File - - DD731E7ABBDE18E683DCA9C75B24F7FE
    Reply With Quote Reply With Quote
  13. September 15th, 2010, 12:45 PM #41
    Waldos
    Waldos is offline Virtual Intern
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    The computer moves so smooth! ComboFix is awsome!
    I not belive it. Thank you Broni!

    Whats the next step ? (let me guess... the ComboFix script?)

    I really wanna know how to do that (the ComboFix script and the OTL custom scan)
    Reply With Quote Reply With Quote
  14. September 15th, 2010, 07:57 PM #42
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.


    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DirLook::
C:\32788R22FWJFW

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    My Home Page
    Reply With Quote Reply With Quote
  15. September 16th, 2010, 07:08 PM #43
    Waldos
    Waldos is offline Virtual Intern
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    ComboFix 10-09-16.04 - Bruno 16/09/2010 17:28:18.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.52.3082.18.2047.1120 [GMT -5:00]
    Running from: c:\users\Bruno\Desktop\ComboFix.exe
    Command switches used :: c:\users\Bruno\Desktop\CFScript.txt
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Bruno\AppData\Local\Temp\SolidWorksLicTemp.0001.dir.0000\~deb294.tmp
    c:\users\Bruno\AppData\Local\Temp\SolidWorksLicTemp.0001.dir.0000\~df394b.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))
    .

    2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\users\TEMP\AppData\Local\temp
    2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\users\Invitado\AppData\Local\temp
    2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\users\CURRENT_USER\AppData\Local\temp
    2010-09-16 22:46 . 2010-09-16 22:46 -------- d-----w- c:\users\Arturo\AppData\Local\temp
    2010-09-13 22:14 . 2010-09-13 22:14 -------- d-----w- c:\program files\LogoJet
    2010-09-13 19:09 . 2010-09-13 19:09 -------- d-----w- c:\windows\Downloaded Installations
    2010-09-08 23:30 . 2010-09-08 23:30 -------- d-----w- c:\users\Bruno\AppData\Roaming\InstallShield
    2010-08-28 21:16 . 2010-08-28 21:16 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2010-08-28 21:15 . 2010-08-28 21:15 -------- d-----w- c:\windows\PCHEALTH
    2010-08-28 21:15 . 2010-08-28 21:15 -------- d-----w- c:\program files\Microsoft Sync Framework
    2010-08-28 21:15 . 2010-08-28 21:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-08-28 19:19 . 2010-08-28 19:19 -------- d-----w- c:\program files\Microsoft Analysis Services
    2010-08-28 19:17 . 2010-08-28 19:17 -------- d-----r- C:\MSOCache
    2010-08-27 01:30 . 2010-08-27 02:01 -------- d-----w- C:\temp
    2010-08-26 15:01 . 2010-08-26 15:01 -------- d-----w- c:\users\Arturo\AppData\Roaming\Malwarebytes
    2010-08-23 15:51 . 2010-08-23 15:51 -------- d-----w- c:\users\Bruno\AppData\Roaming\Malwarebytes
    2010-08-23 15:50 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-23 15:50 . 2010-08-23 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-23 15:50 . 2010-08-23 15:50 -------- d-----w- c:\programdata\Malwarebytes
    2010-08-23 15:50 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-20 12:44 . 2010-09-15 15:49 -------- d-----w- c:\users\TEMP
    2010-08-19 22:36 . 2010-08-19 22:36 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
    2010-08-19 22:35 . 2010-08-19 22:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2010-08-19 22:34 . 2010-08-19 22:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\IM
    2010-08-19 22:09 . 2010-08-19 22:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SolidWorks 2009
    2010-08-19 22:09 . 2010-08-20 07:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SolidWorks
    2010-08-19 22:08 . 2010-08-19 22:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\AdobeUM
    2010-08-19 22:06 . 2010-08-19 22:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
    2010-08-19 22:05 . 2010-08-19 22:05 -------- d-----w- c:\users\Default\AppData\Local\Symantec

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-16 22:06 . 2009-07-14 08:48 729666 ----a-w- c:\windows\system32\perfh00A.dat
    2010-09-16 22:06 . 2009-07-14 08:48 151724 ----a-w- c:\windows\system32\perfc00A.dat
    2010-09-16 19:47 . 2010-07-19 18:58 -------- d-----w- c:\users\Bruno\AppData\Roaming\SolidWorks
    2010-09-16 18:24 . 2010-07-19 20:47 -------- d-----w- c:\users\Bruno\AppData\Roaming\IM
    2010-09-07 17:31 . 2010-07-19 14:23 122088 ----a-w- c:\users\Bruno\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-09-07 17:13 . 2010-04-12 13:58 -------- d-----w- c:\programdata\Microsoft Help
    2010-09-07 17:09 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
    2010-08-13 15:36 . 2010-04-12 20:15 -------- d-----w- c:\users\Arturo\AppData\Roaming\SolidWorks
    2010-08-13 15:33 . 2010-04-10 20:18 -------- d-----w- c:\users\Arturo\AppData\Roaming\IM
    2010-08-12 13:57 . 2010-08-12 13:57 -------- d-----w- c:\users\Arturo\AppData\Roaming\AdobeUM
    2010-08-09 18:39 . 2010-08-09 18:39 -------- d-----w- c:\programdata\HP
    2010-08-09 18:39 . 2010-08-09 18:39 -------- d-----w- c:\programdata\Hewlett-Packard
    2010-08-09 18:37 . 2010-08-09 18:37 -------- d-----w- c:\programdata\HPSSUPPLY
    2010-08-09 18:37 . 2010-08-07 00:20 -------- d-----w- c:\program files\HP
    2010-08-07 00:20 . 2010-08-07 00:20 -------- d-----w- c:\users\Bruno\AppData\Roaming\HP
    2010-08-04 16:12 . 2010-08-04 16:12 -------- d-----w- c:\program files\Common Files\Rockwell
    2010-08-04 16:12 . 2010-08-04 14:12 -------- d-----w- c:\program files\Rockwell Software
    2010-08-03 19:24 . 2010-04-10 20:13 122088 ----a-w- c:\users\Arturo\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-08-03 15:46 . 2010-08-03 15:46 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-08-03 12:24 . 2010-08-03 12:24 -------- d-----w- c:\users\Bruno\AppData\Roaming\DassaultSystemes
    2010-08-03 12:24 . 2010-08-03 12:24 -------- d-----w- c:\programdata\DassaultSystemes
    2010-08-03 00:10 . 2010-08-03 00:10 -------- d-----w- c:\program files\Cobian Backup 10
    2010-07-30 16:35 . 2010-07-30 16:35 -------- d-----w- c:\users\Bruno\AppData\Roaming\AdobeUM
    2010-07-30 15:15 . 2010-07-30 15:15 -------- d-----w- c:\programdata\Adobe Systems
    2010-07-30 15:14 . 2010-07-30 15:14 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
    2010-07-30 15:14 . 2010-04-12 13:54 -------- d-----w- c:\program files\Common Files\Adobe
    2010-07-29 17:57 . 2010-07-29 17:57 -------- d-----w- c:\program files\TheLearningPit
    2010-07-27 21:12 . 2010-07-27 21:12 -------- d-----w- c:\users\Bruno\AppData\Roaming\SolidWorks 2009
    2010-07-20 13:55 . 2010-07-20 13:55 0 ----a-w- c:\windows\nsreg.dat
    2010-07-19 23:06 . 2010-07-19 23:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-07-19 23:05 . 2010-07-19 23:03 -------- d-----w- c:\programdata\Symantec
    2010-07-19 23:04 . 2010-07-19 23:03 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-07-19 23:04 . 2010-07-19 23:03 -------- d-----w- c:\program files\Symantec
    2010-07-19 23:04 . 2010-07-19 23:03 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-07-19 23:04 . 2010-07-19 23:03 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-07-19 18:22 . 2010-07-19 18:22 -------- d-----w- c:\users\Bruno\AppData\Roaming\DWGeditor
    2010-07-17 01:15 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
    2010-07-17 01:15 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of C:\32788R22FWJFW ----



    ------- Sigcheck -------

    [-] 2010-07-17 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-07-19 115560]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
    "Cobian Backup 10 Interface"="c:\program files\Cobian Backup 10\cbInterface.exe" [2010-07-13 3152384]
    "HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

    c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Motor del Programador de tareas de SolidWorks.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000]

    c:\users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Motor del Programador de tareas de SolidWorks.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-7-30 25214]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-12 1343400]
    R3 WSDPrintDevice;Soporte de impresión WSD a través de UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
    R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
    S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-07-13 67584]
    S2 CobianBackup10;Cobian Backup 10;c:\program files\Cobian Backup 10\cbService.exe [2010-07-13 1125376]
    S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
    S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-10 99896]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-19 102448]
    S3 netr28u;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\netr28u.sys [2010-04-10 734208]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-19 189440]
    S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

    .
    .
    ------- Supplementary Scan -------
    .
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\wudjiduz.default\
    FF - prefs.js: network.proxy.http - 206.64.92.16
    FF - prefs.js: network.proxy.http_port - 8000
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(1756)
    c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\atieclxx.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\windows\system32\conhost.exe
    c:\users\Bruno\AppData\Local\Temp\SolidWorksLicTemp.0001
    c:\program files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2010-09-16 18:03:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-09-16 23:03
    ComboFix2.txt 2010-09-15 15:49

    Pre-Run: 106,225,799,168 bytes libres
    Post-Run: 106,242,646,016 bytes libres

    - - End Of File - - 7E2266DC190DB51E2A894E8D58095901
    Reply With Quote Reply With Quote
  16. September 16th, 2010, 07:14 PM #44
    Waldos
    Waldos is offline Virtual Intern
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    Woow... how do you do that?
    I really wanna know jeje *-*

    And now the next step is the OTL? (jajaja im a big fan ._.)
    Reply With Quote Reply With Quote
  17. September 16th, 2010, 09:31 PM #45
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    how do you do that?
    I really wanna know jeje *-*
    Just years of practice

    And now the next step is the OTL? (jajaja im a big fan ._.)
    Hahaha....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:



    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
    My Home Page
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules