Windows Legacy OS

General discussion

combobox removed something

by review_monster / July 21, 2009 6:52 AM PDT

i hi just formated my computer and installed windows xp pro and after a few driver installations and sp3 donwload i noticed that my hard-drive became very active and i would get lags sometimes. I scanned my whole pc with avira - nothing. scanned with malwarebytes and nothing. i installed and ran combobox and it removed some files but it never explained what it was. can some1 tell me if my computer was infact infected? thanks.

ComboFix 09-07-20.05 - Ali 21/07/2009 16:45.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2897 [GMT -4:00]
Running from: d:\documents and settings\Ali\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\2c225d.msi
d:\windows\system32\d3d10core.dll
d:\windows\system32\Data
d:\windows\system32\kernel32new.dll
d:\windows\system32\msvcrtnew.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-21 20:42 . 2008-03-09 11:25 236 ----a-w- d:\program files\Common Files\dx.reg
2009-07-21 20:39 . 2009-07-21 20:39 -------- d-----w- d:\documents and settings\Ali\Application Data\Malwarebytes
2009-07-21 20:39 . 2009-07-13 17:36 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 20:39 . 2009-07-21 20:39 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-21 20:39 . 2009-07-13 17:36 19096 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-07-21 20:21 . 2009-07-21 20:34 -------- d--h--w- d:\windows\$hf_mig$
2009-07-21 20:21 . 2009-07-21 20:21 -------- d-----w- d:\windows\LastGood
2009-07-21 20:19 . 2009-07-21 20:44 -------- d-----w- d:\documents and settings\Ali\Application Data\Skype
2009-07-21 20:16 . 2009-07-21 20:16 -------- d-----w- d:\documents and settings\LocalService\Application Data\SACore
2009-07-21 20:16 . 2009-07-21 20:16 -------- d-----w- d:\documents and settings\All Users\Application Data\SiteAdvisor
2009-07-21 20:15 . 2009-07-21 20:15 -------- d-----w- d:\program files\Common Files\McAfee
2009-07-21 20:15 . 2009-07-21 20:18 -------- d-----w- d:\program files\McAfee
2009-07-21 20:15 . 2009-07-21 20:15 -------- d-----w- d:\documents and settings\All Users\Application Data\McAfee
2009-07-21 20:12 . 2009-07-21 20:12 -------- d-----w- d:\program files\Common Files\Adobe
2009-07-21 20:11 . 2009-07-21 20:11 -------- d-----w- d:\program files\NeoSmart Technologies
2009-07-21 20:11 . 2009-07-21 20:11 65250 ----a-w- d:\windows\BricoPackUninst.cmd
2009-07-21 20:10 . 2009-07-21 20:11 6110 ----a-w- d:\windows\BricoPackFoldersDelete.cmd
2009-07-21 20:10 . 2009-07-21 20:10 -------- d-----w- d:\windows\BricoPacks
2009-07-21 20:09 . 2009-07-21 20:09 -------- d-----w- d:\documents and settings\Ali\Application Data\Apple Computer
2009-07-21 20:07 . 2009-07-21 20:07 -------- d-----w- d:\documents and settings\All Users\Application Data\TEMP
2009-07-21 20:04 . 2009-07-21 20:14 -------- d-----w- d:\program files\NOS
2009-07-21 20:04 . 2009-07-21 20:14 -------- d-----w- d:\documents and settings\All Users\Application Data\NOS
2009-07-21 19:57 . 2009-07-21 19:57 664 ----a-w- d:\windows\system32\d3d9caps.dat
2009-07-21 19:56 . 2003-06-18 21:31 17920 ----a-w- d:\windows\system32\mdimon.dll
2009-07-21 19:55 . 2008-10-16 18:09 43544 ----a-w- d:\windows\system32\wups2.dll
2009-07-21 19:55 . 2009-07-21 19:55 -------- d-----w- d:\program files\Common Files\L&H
2009-07-21 19:55 . 2009-07-21 19:55 -------- d-----w- d:\program files\Microsoft.NET
2009-07-21 19:55 . 2009-07-21 19:55 -------- d-----w- d:\program files\Microsoft ActiveSync
2009-07-21 19:55 . 2009-07-21 19:55 -------- d-----w- d:\program files\Microsoft Works
2009-07-21 19:55 . 2009-07-21 19:55 -------- d-----w- d:\windows\SHELLNEW
2009-07-21 19:51 . 2009-07-21 19:51 -------- d-----w- d:\program files\uTorrent
2009-07-21 19:51 . 2009-07-21 19:51 -------- d-----w- d:\documents and settings\Ali\Application Data\uTorrent
2009-07-21 19:46 . 2009-07-21 19:46 0 ----a-w- d:\windows\nsreg.dat
2009-07-21 19:46 . 2009-07-21 19:46 -------- d-----w- d:\documents and settings\Ali\Local Settings\Application Data\Mozilla
2009-07-21 19:45 . 2009-07-21 19:45 -------- d-----w- d:\windows\system32\AGEIA
2009-07-21 19:45 . 2009-07-21 19:45 -------- d-----w- d:\program files\AGEIA Technologies
2009-07-21 19:45 . 2009-07-21 19:45 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-07-21 19:44 . 2009-07-21 19:44 -------- d-----w- d:\windows\nview
2009-07-21 19:44 . 2009-01-15 12:19 453152 ----a-w- d:\windows\system32\nvudisp.exe
2009-07-21 19:44 . 2009-01-07 15:28 453152 ----a-w- d:\windows\system32\NVUNINST.EXE
2009-07-21 19:37 . 2009-07-21 19:37 -------- d-s---w- d:\documents and settings\Ali\UserData
2009-07-21 19:36 . 2009-07-21 19:36 -------- d--h--w- d:\windows\PIF
2009-07-21 19:35 . 2009-07-21 19:39 -------- d--h--w- d:\windows\system32\GroupPolicy
2009-07-21 19:33 . 2009-03-30 14:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys
2009-07-21 19:33 . 2009-03-24 20:08 55640 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-07-21 19:33 . 2009-02-13 16:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys
2009-07-21 19:33 . 2009-02-13 16:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys
2009-07-21 19:33 . 2009-07-21 19:33 -------- d-----w- d:\program files\Avira
2009-07-21 19:33 . 2009-07-21 19:33 -------- d-----w- d:\documents and settings\All Users\Application Data\Avira
2009-07-21 19:28 . 2009-07-21 19:28 13104 ----a-w- d:\documents and settings\Ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-21 19:28 . 2009-07-21 19:55 -------- d-----w- d:\windows\system32\wbem\AutoRecover
2009-07-21 19:27 . 2009-07-21 19:27 -------- d-s---w- d:\windows\system32\Microsoft
2009-07-21 19:24 . 2009-07-21 19:24 -------- d-----w- d:\windows\ServicePackFiles
2009-07-21 19:23 . 2009-07-21 19:23 -------- d-----w- d:\windows\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 20:42 . 2009-07-21 20:42 2905 ----a-w- d:\windows\system32\unins000.dat
2009-07-21 20:42 . 2009-07-21 20:42 716153 ----a-w- d:\windows\system32\unins000.exe
2009-07-21 20:11 . 2002-08-29 01:41 218624 ----a-w- d:\windows\system32\uxtheme.dll
2009-07-21 20:09 . 2009-07-21 20:09 -------- d-----w- d:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-21 20:09 . 2009-07-21 20:09 -------- d-----w- d:\program files\iPod
2009-07-21 20:09 . 2009-07-21 20:08 -------- d-----w- d:\program files\Common Files\Apple
2009-07-21 20:09 . 2009-07-21 20:09 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2009-07-21 20:09 . 2009-07-21 20:09 -------- d-----w- d:\program files\Bonjour
2009-07-21 20:09 . 2009-07-21 20:09 -------- d-----w- d:\program files\QuickTime
2009-07-21 20:08 . 2009-07-21 20:08 -------- d-----w- d:\program files\Apple Software Update
2009-07-21 20:08 . 2009-07-21 20:08 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple
2009-07-21 20:08 . 2009-07-21 20:08 86016 ----a-w- d:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-21 19:31 . 2009-07-21 19:30 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-07-21 19:30 . 2009-07-21 19:30 -------- d-----w- d:\program files\Creative
2009-07-21 19:30 . 2009-07-21 19:30 -------- d-----w- d:\program files\Common Files\InstallShield
2009-07-21 19:26 . 2009-07-21 19:26 106892 ----a-w- d:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat
2009-07-21 19:26 . 2009-07-21 18:30 80007 ----a-w- d:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-07-21 18:35 . 2009-07-21 18:35 -------- d-----w- d:\program files\Intel
2009-07-21 18:35 . 2009-07-21 18:35 -------- d-----w- d:\program files\DIFX
2009-07-21 18:30 . 2009-07-21 18:30 -------- d-----w- d:\program files\microsoft frontpage
2009-07-21 18:27 . 2009-07-21 18:27 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"diagent"="d:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-01-15 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= avnotify.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [7/21/2009 3:33 PM 108289]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;d:\program files\McAfee\SiteAdvisor\McSACore.exe [7/21/2009 4:15 PM 210216]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BITS
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Ali\Application Data\Mozilla\Firefox\Profiles\65r5g587.default\
FF - component: d:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 16:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-21 16:47
ComboFix-quarantined-files.txt 2009-07-21 20:47

Pre-Run: 41,366,032,384 bytes free
Post-Run: 37,962,137,600 bytes free

207 --- E O F --- 2009-07-21 20:21

Post a reply
Discussion is locked
You are posting a reply to: combobox removed something
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: combobox removed something
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the holiday

Find recipes for July 4 with these foodie apps

The Fourth of July means fireworks, fun and food. If you're planning on a barbecue this weekend, we've got the apps to help you find holiday-inspired recipes.