Solved Server error

heyhi · Dec 20, 2010

I erased the 3 things frm hijackthis, heres the log what are u seeing so far? I still havent removed bitcommt..cant find it

ComboFix 10-12-18.02 - KA 12/20/2010 0:36.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.786 [GMT -5:00]
Running from: c:\documents and settings\KA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\KA\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\KA\Application Data\PriceGong
c:\documents and settings\KA\Application Data\PriceGong\Data\1.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\a.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\b.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\c.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\d.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\e.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\f.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\g.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\h.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\i.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\J.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\k.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\l.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\m.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\n.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\o.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\p.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\q.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\r.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\s.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\t.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\u.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\v.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\w.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\x.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\y.xml
c:\documents and settings\KA\Application Data\PriceGong\Data\z.xml

.
((((((((((((((((((((((((( Files Created from 2010-11-20 to 2010-12-20 )))))))))))))))))))))))))))))))
.

2010-12-16 17:42 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-16 06:32 . 2010-12-17 04:14 -------- d-----w- C:\HijackThis
2010-12-16 06:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 00:37 . 2010-12-15 00:40 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar
2010-12-13 20:06 . 2010-12-13 20:06 -------- d-----w- c:\program files\Common Files\Java
2010-12-13 20:06 . 2010-11-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-13 20:06 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-09 00:48 . 2010-12-09 00:48 -------- d-----w- c:\program files\ESET
2010-12-07 12:49 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2010-12-07 12:49 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-12-07 12:49 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-12-07 12:49 . 2010-11-24 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-07 12:49 . 2010-06-08 17:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-07 12:49 . 2010-06-08 17:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-05 18:33 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-12-05 18:33 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-12-05 03:34 . 2010-12-05 03:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-03 05:05 . 2009-01-30 22:13 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
2010-12-01 11:56 . 2010-12-01 11:56 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Sunbelt Software
2010-11-30 02:13 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-11-30 02:13 . 2010-12-07 12:50 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-11-29 07:22 . 2010-11-30 07:47 -------- d-----w- c:\program files\Real
2010-11-26 22:26 . 2010-11-26 22:26 -------- d-----w- c:\program files\MPEGTOWAV
2010-11-26 05:50 . 2010-12-17 04:11 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Conduit
2010-11-26 05:47 . 2010-11-26 05:47 -------- d-----w- c:\documents and settings\All Users~

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 02:50 . 2010-03-27 13:22 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-29 22:42 . 2009-11-19 08:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2009-11-19 08:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2009-04-19 22:43 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 21:34 . 2009-06-22 16:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-05 05:05 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2009-08-16 02:48 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-10_02.54.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-19 21:36 . 2010-12-19 21:36 16384 c:\windows\temp\Perflib_Perfdata_5cc.dat
- 2008-10-22 09:47 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2004-08-04 12:00 . 2010-12-10 00:41 67714 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-12-17 04:57 67714 c:\windows\system32\perfc009.dat
+ 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
- 2009-08-16 02:48 . 2010-09-09 14:16 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-08-16 02:48 . 2010-11-05 05:05 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00 . 2010-11-05 05:05 629760 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-12-17 04:57 432924 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-12-10 00:41 432924 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2008-04-14 00:12 532480 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2010-11-05 05:05 532480 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2010-09-09 14:16 449024 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2010-11-05 05:05 449024 c:\windows\system32\mshtmled.dll
+ 2010-12-19 04:43 . 2010-11-12 23:53 157472 c:\windows\system32\javaws.exe
+ 2010-12-19 04:43 . 2010-11-12 23:53 145184 c:\windows\system32\javaw.exe
+ 2010-12-19 04:43 . 2010-11-12 23:53 145184 c:\windows\system32\java.exe
+ 2004-08-04 12:00 . 2010-11-05 05:05 251904 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-09-09 14:16 251904 c:\windows\system32\iepeers.dll
- 2009-04-19 18:31 . 2010-10-22 21:29 131688 c:\windows\system32\FNTCACHE.DAT
+ 2009-04-19 18:31 . 2010-12-16 17:39 131688 c:\windows\system32\FNTCACHE.DAT
+ 2009-02-20 08:10 . 2010-11-05 05:05 667136 c:\windows\system32\dllcache\wininet.dll
- 2009-02-20 08:10 . 2010-09-09 14:16 667136 c:\windows\system32\dllcache\wininet.dll
+ 2009-02-20 08:10 . 2010-11-05 05:05 629760 c:\windows\system32\dllcache\urlmon.dll
+ 2010-11-05 05:05 . 2010-11-05 05:05 532480 c:\windows\system32\dllcache\mstime.dll
+ 2010-09-09 14:16 . 2010-11-05 05:05 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2010-09-09 14:16 . 2010-09-09 14:16 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2010-09-09 14:16 . 2010-09-09 14:16 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2010-09-09 14:16 . 2010-11-05 05:05 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-12-13 20:06 . 2010-12-13 20:06 180224 c:\windows\Installer\88d9f0.msi
+ 2010-09-22 23:10 . 2010-09-22 23:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
- 2004-08-04 12:00 . 2010-09-09 14:16 1510400 c:\windows\system32\shdocvw.dll
+ 2004-08-04 12:00 . 2010-11-05 05:05 1510400 c:\windows\system32\shdocvw.dll
+ 2004-08-04 12:00 . 2010-11-05 05:05 3076096 c:\windows\system32\mshtml.dll
+ 2009-02-09 11:13 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys
+ 2009-03-02 23:04 . 2010-11-05 05:05 1510400 c:\windows\system32\dllcache\shdocvw.dll
- 2009-03-02 23:04 . 2010-09-09 14:16 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-02-20 08:11 . 2010-11-05 05:05 3076096 c:\windows\system32\dllcache\mshtml.dll
- 2010-09-09 14:16 . 2010-09-09 14:16 1025024 c:\windows\system32\dllcache\browseui.dll
+ 2010-09-09 14:16 . 2010-11-05 05:05 1025024 c:\windows\system32\dllcache\browseui.dll
- 2004-08-04 12:00 . 2010-09-09 14:16 1025024 c:\windows\system32\browseui.dll
+ 2004-08-04 12:00 . 2010-11-05 05:05 1025024 c:\windows\system32\browseui.dll
+ 2010-11-08 07:14 . 2010-11-08 07:14 3402752 c:\windows\Installer\6cdda2.msp
+ 2010-09-16 08:08 . 2010-09-16 08:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
+ 2009-04-22 13:31 . 2010-12-16 08:00 37366216 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2010-12-3 4562944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 16:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\aol\\1264685876\\ee\\aolsoftware.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13227:TCP"= 13227:TCP:BitComet 13227 TCP
"13227:UDP"= 13227:UDP:BitComet 13227 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/29/2009 8:36 PM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2010 6:26 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2010 6:26 PM 17744]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/12/2010 4:11 AM 10448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/20/2009 6:38 PM 88176]
R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [12/3/2010 12:04 AM 278528]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12/3/2010 12:04 AM 1710944]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/3/2010 12:04 AM 57440]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/17/2010 11:44 PM 136176]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [12/3/2010 12:04 AM 360529]
.
Contents of the 'Scheduled Tasks' folder

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/nfl/
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\KA\Application Data\Mozilla\Firefox\Profiles\ostsccu7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=01-05-2010&tb_mrud=01-05-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.netflix.com/WiHome?lnkctr=mhWN
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-20 00:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\athgina.dll
.
Completion time: 2010-12-20 00:45:54
ComboFix-quarantined-files.txt 2010-12-20 05:45
ComboFix2.txt 2010-12-13 20:34
ComboFix3.txt 2010-12-10 02:57

Pre-Run: 22,318,411,776 bytes free
Post-Run: 22,343,516,160 bytes free

- - End Of File - - 035979AA1DA9F4C02AA0F0AB8F3A0E50

Bobbye · Dec 21, 2010

The process that is still running is from uTorrent. Ports are open globally for BitTorrent and you still have LimeWare loading. Not a while lot of sense to try and clean with 3 active file sharing programs.

heyhi · Dec 21, 2010

Utorrent has already been uninstalled? I cant find bittorrent or utorrent under uninstall. How is limewire loading, I havent used it in a few weeks, I wanna try not to uninstal it but I will if i have to. As far as the other 2 how do i get rid of em? dont see them under uninstall !

Bobbye · Dec 21, 2010

I remove them with script you run through Combofix. They are loading through the Registry. It's you system. I'm just making the comment about the file sharing because:

P2P or 'file sharing' Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall the programs for the following reasons:

As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
Malware writers use these program to include malicious content.
Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
The 'sharing' also includes malware that the shared system has on it.
Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

Cleaning malware out the front door while it comes in through file sharing through the backdoor isn't very effective.

heyhi · Dec 21, 2010

Oh ok thanks. Do you know how I can stop them from loading thru the reg?

heyhi · Dec 23, 2010

? anyone??

Bobbye · Dec 23, 2010

The best way is to take the programs off of Startup, follow with uninstall.

Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.

Code:

KillAll::
File::
Folder::
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar
c:\documents and settings\KA\Local Settings\Application Data\DefaultDomain_Path_2jjdwwwbej4fajitudmutkjkc2soxwl5

DDS::
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13227:TCP"=-
"13227:UDP"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================

heyhi · Dec 24, 2010

ComboFix 10-12-24.01 - KA 12/24/2010 18:38:24.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.883 [GMT -5:00]
Running from: c:\documents and settings\KA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\KA\Desktop\CFScript.tx.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215803994037500_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215829629975000_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215857840756250_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634219291587531250_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634220940193781250_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634220946896281250_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634226715423943750_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634244832697856250_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633826753881225000_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633826758646068750_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552376087500_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552502181250_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552614056250_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552723118750_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827565870150000_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827655684775000_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161798257141250_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161799307581250_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161801077882500_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_SearchActivationButton-go_but01_gif-General-634220918830656250_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___Storage_conduit_com_BankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_videosurf_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGong_16.png
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_CT2786678\AppsMetaData\data.bck.txt
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_CT2786678\AppsMetaData\data.txt
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarLogin\data.bck.txt
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarLogin\data.txt
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarSettings\data.bck.txt
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarSettings\data.txt
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_en\ToolbarTranslation\data.bck.txt
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_en\ToolbarTranslation\data.txt
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_structured.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___feeds_reuters_com_reuters_topNews.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___feeds_reuters_com_reuters_topNews_structured.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss_structured.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss_structured.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss_structured.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_history.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_structured.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml_history.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml_structured.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_cnn_com_rss_cnn_latest_rss.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_cnn_com_rss_cnn_latest_rss_structured.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_news_yahoo_com_rss_world.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_news_yahoo_com_rss_world_structured.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___worldpress_org_feeds_topstories_xml.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___worldpress_org_feeds_topstories_xml_structured.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_structured.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\SearchInNewTab\SearchInNewTabContent.xml
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\ThirdPartyComponents.xml

.
((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-16 17:42 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-16 06:32 . 2010-12-17 04:14 -------- d-----w- C:\HijackThis
2010-12-16 06:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-13 20:06 . 2010-12-13 20:06 -------- d-----w- c:\program files\Common Files\Java
2010-12-13 20:06 . 2010-11-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-13 20:06 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-09 00:48 . 2010-12-09 00:48 -------- d-----w- c:\program files\ESET
2010-12-07 12:49 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2010-12-07 12:49 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-12-07 12:49 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-12-07 12:49 . 2010-11-24 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-07 12:49 . 2010-06-08 17:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-07 12:49 . 2010-06-08 17:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-05 18:33 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-12-05 18:33 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-12-05 03:34 . 2010-12-05 03:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-03 05:05 . 2009-01-30 22:13 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
2010-12-01 11:56 . 2010-12-01 11:56 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Sunbelt Software
2010-11-30 02:13 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-11-30 02:13 . 2010-12-07 12:50 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-11-29 07:22 . 2010-11-30 07:47 -------- d-----w- c:\program files\Real
2010-11-26 22:26 . 2010-11-26 22:26 -------- d-----w- c:\program files\MPEGTOWAV
2010-11-26 05:50 . 2010-12-17 04:11 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Conduit
2010-11-26 05:47 . 2010-11-26 05:47 -------- d-----w- c:\documents and settings\All Users~

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 02:50 . 2010-03-27 13:22 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-29 22:42 . 2009-11-19 08:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2009-11-19 08:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2009-04-19 22:43 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 21:34 . 2009-06-22 16:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-05 05:05 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2009-08-16 02:48 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2010-12-3 4562944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 16:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\aol\\1264685876\\ee\\aolsoftware.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/29/2009 8:36 PM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2010 6:26 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2010 6:26 PM 17744]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/12/2010 4:11 AM 10448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/20/2009 6:38 PM 88176]
R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [12/3/2010 12:04 AM 278528]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12/3/2010 12:04 AM 1710944]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/3/2010 12:04 AM 57440]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/17/2010 11:44 PM 136176]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [12/3/2010 12:04 AM 360529]
.
Contents of the 'Scheduled Tasks' folder

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/nfl/
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\KA\Application Data\Mozilla\Firefox\Profiles\ostsccu7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=01-05-2010&tb_mrud=01-05-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.netflix.com/WiHome?lnkctr=mhWN
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-24 18:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\athgina.dll

- - - - - - - > 'explorer.exe'(1208)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\progra~1\MICROS~2\rapimgr.exe
c:\windows\system32\acs.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-12-24 18:53:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-24 23:52
ComboFix2.txt 2010-12-20 05:45
ComboFix3.txt 2010-12-13 20:34
ComboFix4.txt 2010-12-10 02:57

Pre-Run: 23,050,313,728 bytes free
Post-Run: 23,091,822,592 bytes free

- - End Of File - - 3717C4E98D9707BA0057E555BE8E11A0

Bobbye · Dec 24, 2010

uTorrent removed. LimeWire remains.
Has the server problem been resolved? If so, go to the following:

Removing all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted
Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download OTCleanIt by OldTimer and save it to your Desktop.
Double click OTCleanIt.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
Go to Start > All Programs > Accessories > System Tools
Click "System Restore".
Choose "Create a Restore Point" on the first screen then click "Next".
Give the Restore Point a name> click "Create".
Go back and follow the path to > System Tools.
[*]Choose Disc Cleanup
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Have a Happy and Peaceful Holiday!

Solved Server error

heyhi

Posts: 25 +0

Bobbye

Posts: 16,313 +36

heyhi

Posts: 25 +0

Bobbye

Posts: 16,313 +36

heyhi

Posts: 25 +0

heyhi

Posts: 25 +0

Bobbye

Posts: 16,313 +36

heyhi

Posts: 25 +0

Bobbye

Posts: 16,313 +36

Similar threads

Latest posts