error msge when downloading...

View previous topic View next topic Go down

error msge when downloading...

Post by newbeegeek on Thu Jun 04, 2009 2:43 am

C:\Users\Paul\AppData\Local\Temp\2.mpg could not be opened, because an unknown error occurred.
Try saving to disk first and then opening the file.

That is the error msge that I get when downloading. It happens using windows media player.
Here is our log.... Thanks for the help! P and D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:35 PM, on 03/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\Paul\Downloads\hijackgpthis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Paul\Downloads\hijackgpthis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8582 bytes

newbeegeek
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-06-04
OS : Vista

View user profile

Back to top Go down

Re: error msge when downloading...

Post by Origin on Thu Jun 04, 2009 2:57 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: error msge when downloading...

Post by newbeegeek on Thu Jun 04, 2009 4:01 am

Malwarebytes' Anti-Malware 1.37
Database version: 2227
Windows 6.0.6002 Service Pack 2

03/06/2009 11:59:29 PM
mbam-log-2009-06-03 (23-59-29).txt

Scan type: Quick Scan
Objects scanned: 73856
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\kqzyfj.com (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

newbeegeek
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-06-04
OS : Vista

View user profile

Back to top Go down

Re: error msge when downloading...

Post by Origin on Thu Jun 04, 2009 4:02 am


1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Mcafee)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: error msge when downloading...

Post by newbeegeek on Fri Jun 05, 2009 3:15 am

ComboFix 09-06-04.04 - Paul 04/06/2009 22:54.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2045.1067 [GMT -4:00]
Running from: c:\users\Paul\Downloads\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.

2009-06-05 03:01 . 2009-06-05 03:01 -------- d-sh--w- \$RECYCLE.BIN
2009-06-05 02:58 . 2009-06-05 02:58 -------- d-----w- C:\temp
2009-06-05 02:58 . 2009-06-05 02:58 -------- d-----w- \temp
2009-06-05 02:53 . 2009-06-05 03:02 -------- d-s---w- \Combo-Fix
2009-06-04 23:12 . 2009-06-05 02:54 -------- d-----w- \Qoobox
2009-06-04 02:17 . 2009-06-04 02:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-04 02:15 . 2009-06-04 02:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 02:58 . 2009-06-03 02:58 -------- d-----w- c:\program files\Trend Micro
2009-06-02 02:45 . 2009-06-02 02:45 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-06-02 02:20 . 2002-01-05 10:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-02 02:20 . 2009-06-02 02:20 -------- d-----w- c:\program files\AML Products
2009-06-02 02:04 . 2009-06-02 02:04 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-06-01 02:36 . 2009-06-01 02:36 -------- d-----w- c:\program files\COMODO
2009-06-01 02:20 . 2009-06-01 02:20 -------- d-----w- c:\program files\CCleaner
2009-06-01 00:24 . 2009-06-01 00:24 -------- d-----w- c:\program files\Alwil Software
2009-05-30 12:17 . 2009-05-30 12:17 -------- d-----w- c:\programdata\AVP 2009
2009-05-30 12:16 . 2009-05-30 12:30 -------- d-----w- c:\program files\RegistryCleaner_Pro
2009-05-30 11:41 . 2009-05-30 11:42 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-28 02:38 . 2009-05-28 02:40 -------- d-----w- c:\windows\system32\ca-ES
2009-05-28 02:38 . 2009-05-28 02:40 -------- d-----w- c:\windows\system32\eu-ES
2009-05-28 02:38 . 2009-05-28 02:40 -------- d-----w- c:\windows\system32\vi-VN
2009-05-28 02:20 . 2009-05-28 02:20 -------- d-----w- c:\windows\system32\EventProviders
2009-05-28 02:18 . 2009-04-11 06:28 1017856 ----a-w- c:\windows\system32\wevtsvc.dll
2009-05-28 02:17 . 2009-04-11 06:28 592896 ----a-w- c:\windows\system32\netlogon.dll
2009-05-28 02:16 . 2009-04-11 06:28 2153472 ----a-w- c:\windows\system32\oobefldr.dll
2009-05-28 02:15 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-05-28 02:15 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-05-28 02:15 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-05-27 16:14 . 2009-05-27 16:14 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
2009-05-27 16:14 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-27 16:14 . 2009-05-27 16:14 -------- d-----w- c:\programdata\Malwarebytes
2009-05-27 16:14 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-27 16:14 . 2009-05-27 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-27 00:15 . 2009-05-27 00:15 -------- d-----w- c:\program files\Pure Networks
2009-05-27 00:14 . 2008-05-16 10:10 24888 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-05-27 00:14 . 2008-05-16 10:10 26424 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-05-27 00:14 . 2009-05-27 00:14 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-05-27 00:12 . 2008-10-10 21:05 14579000 ----a-w- c:\programdata\Pure Networks\Setup\nmsetup.exe
2009-05-26 23:39 . 2009-05-27 00:14 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-26 23:25 . 2009-05-27 00:14 -------- d-----w- c:\programdata\Pure Networks
2009-05-11 00:46 . 2009-06-04 22:58 -------- d-----w- c:\users\Paul\Tracing

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 03:00 . 2007-02-20 08:52 2459238400 --sha-w- \pagefile.sys
2009-06-05 02:59 . 2006-12-19 10:46 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-05 01:35 . 2007-02-23 07:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-04 02:49 . 2008-10-13 20:36 -------- d-----w- c:\programdata\Google Updater
2009-06-04 01:23 . 2009-01-15 00:55 41520 ----a-w- c:\programdata\nvModes.dat
2009-06-02 02:42 . 2007-02-20 06:19 86024 ----a-w- c:\users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-02 02:28 . 2007-08-06 22:29 -------- d-----w- c:\users\Paul\AppData\Roaming\uTorrent
2009-05-30 11:42 . 2006-12-19 11:47 -------- d-----w- c:\program files\DivX
2009-05-28 02:52 . 2007-02-24 20:26 -------- d-----w- c:\programdata\NVIDIA
2009-05-28 02:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 02:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 02:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 02:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 02:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 02:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 02:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 02:38 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-02 13:15 . 2008-07-10 05:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-02 13:15 . 2008-07-10 05:47 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-02 13:15 . 2008-07-10 05:47 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-02 13:15 . 2009-02-09 02:59 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-26 16:16 . 2009-04-12 16:33 -------- d-----w- c:\users\Paul\AppData\Roaming\ZoomBrowser EX
2009-04-26 16:15 . 2009-04-12 16:17 -------- d-----w- c:\users\Paul\AppData\Roaming\CameraWindowDC
2009-04-23 03:08 . 2006-12-19 11:33 -------- d-----w- c:\program files\HP
2009-04-23 03:03 . 2007-02-22 01:07 -------- d-----w- c:\programdata\HP
2009-04-23 03:03 . 2006-12-19 11:02 -------- d-----w- c:\program files\Hewlett-Packard
2009-04-23 02:54 . 2007-02-28 01:43 680 ----a-w- c:\users\Paul\AppData\Local\d3d9caps.dat
2009-04-22 21:50 . 2009-04-22 21:50 355888 ----a-w- c:\programdata\Pure Networks\Platform\1033\Update\nm\nmurlexc.exe
2009-04-12 16:17 . 2009-04-12 16:17 -------- d-----w- c:\users\Paul\AppData\Roaming\CANON INC
2009-04-12 16:09 . 2009-04-12 16:07 -------- d-----w- c:\program files\Canon
2009-04-12 16:07 . 2009-04-12 16:07 -------- d-----w- c:\programdata\ZoomBrowser
2009-04-12 16:05 . 2009-04-12 16:05 -------- d-----w- c:\program files\Common Files\Canon
2009-04-11 06:33 . 2009-05-28 02:18 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-05-28 02:18 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-05-28 02:17 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-05-28 02:18 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-05-28 02:18 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-05-28 02:18 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-05-28 02:19 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-05-28 02:16 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-05-28 02:16 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-05-28 02:16 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-05-28 02:19 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-05-28 02:19 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-05-28 02:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-05-28 02:16 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-05-28 02:16 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-05-28 02:17 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-05-28 02:16 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-05-28 02:16 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-05-28 02:16 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-05-28 02:16 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-05-28 02:16 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-05-28 02:17 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-05-28 02:16 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-05-28 02:16 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-05-28 02:17 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-05-28 02:17 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-05-28 02:16 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-05-28 02:16 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-05-28 02:16 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-05-28 02:18 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:43 . 2009-05-28 02:16 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-04-11 04:42 . 2009-05-28 02:17 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-05-28 02:17 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-05-28 02:17 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-05-28 02:17 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-05-28 02:17 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-05-28 02:16 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-05-28 02:16 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-05-28 02:16 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-05-28 02:19 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-05-28 02:16 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-05-28 02:16 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-05-28 02:16 11776 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2009-04-11 04:39 . 2009-05-28 02:16 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-05-28 02:17 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:38 . 2009-05-28 02:17 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-04-11 04:27 . 2009-05-28 02:16 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:24 . 2009-05-28 02:18 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-04-11 04:23 . 2009-05-28 02:18 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-05-28 02:16 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-05-28 02:16 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-05-28 02:16 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:19 . 2009-05-28 02:17 89088 ----a-w- c:\windows\system32\drivers\sdbus.sys
2009-04-11 04:15 . 2009-05-28 02:17 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-05-28 02:17 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-05-28 02:17 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-05-28 02:18 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-05-28 02:17 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-05-28 02:18 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-05-28 02:17 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-05-28 02:17 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-05-28 02:16 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-05-28 02:17 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-05-28 02:16 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-11 04:13 . 2009-05-28 02:17 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-11 04:13 . 2009-05-28 02:16 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-11 04:12 . 2009-05-28 02:17 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-11 02:52 . 2009-05-28 02:19 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

newbeegeek
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-06-04
OS : Vista

View user profile

Back to top Go down

Re: error msge when downloading...

Post by newbeegeek on Fri Jun 05, 2009 3:16 am

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-26 185896]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-19 34520]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-2-25 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d0,5b,42,8c,3e,df,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2BF93DD0-DED5-4880-843A-A3C5A1794174}"= UDP:c:\program files\HP\QuickPlay\QP.exe:_this_program_will_be_deleted
"{7BA7A547-6ED3-46AD-8B6E-D7D64F05253A}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{487D3A0F-5374-4C49-B7BE-0AB7DDEA0375}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{EB618C46-8D64-4C1D-BD8F-CD35266D5D5E}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{1F9BD2C5-604E-41BC-80FA-7E6A624935BF}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{9A596B9C-6C79-43A0-9C05-AFABF5D61AB2}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"TCP Query User{50B863FC-63EC-4952-887F-FE9FF7B253C3}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{E6CC8BDA-C238-4FCE-AC97-E54B7FE5E995}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9B25EDE4-3895-41F0-8A7B-E35A24767012}c:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:c:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{FC5ED122-88F7-4E91-A20F-84B8F31CAE10}c:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:c:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"{B6BEDC22-4BC5-47A2-BF78-540C02B88CC8}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{589A36DD-C373-4529-9040-D30B774423CA}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{1439AD13-DCD6-4713-82AB-FF436113C0E7}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{C5AF188A-9266-4B85-830C-55F4C05060FD}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{4DDF880D-0585-43FD-9A8B-FEC6CF6311D4}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{1022140D-2EE7-4C73-983D-6D4DCBDC6A81}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"{C886E393-D343-4D44-BAF5-B9990F17650D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2BC9B9B0-9FC5-4EA6-A2C3-1C355D9C12DE}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{5DABDBB4-4765-42C4-961D-8359268AAF70}"= TCP:427|RPort=427|c:\windows\system32\svchost.exe|Svc=HPSLPSVC:SLP_Service
"{2A1628DC-09C2-46E8-83DC-CAAE40AEC480}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{BE3F5C3E-B8AF-460C-AD6D-4E35ABC37CF3}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{583D5CEE-B6BA-4D8B-809E-0A7E8F8083E0}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/07/2008 1:47 AM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [08/02/2009 10:59 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/07/2008 1:46 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/07/2008 1:46 AM 298776]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/07/2008 10:51 AM 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [17/03/2009 8:03 PM 92008]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 4:40 PM 3668480]
S3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows\System32\drivers\ST50220.sys [25/02/2007 10:19 PM 26752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-30 00:49]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\bjhlc5ah.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

newbeegeek
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-06-04
OS : Vista

View user profile

Back to top Go down

Re: error msge when downloading...

Post by newbeegeek on Fri Jun 05, 2009 3:17 am

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-04 23:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3084)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\conime.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-06-05 23:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-05 03:08
ComboFix2.txt 2009-06-04 23:30

Pre-Run: 67,432,443,904 bytes free
Post-Run: 67,237,486,592 bytes free

323 --- E O F --- 2009-06-04 23:00

newbeegeek
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-06-04
OS : Vista

View user profile

Back to top Go down

Re: error msge when downloading...

Post by Origin on Sat Jun 06, 2009 3:59 pm

Now open a new notepad file.
Input this into the notepad file:

File::
c:\users\Paul\AppData\Local\d3d9caps.dat

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: error msge when downloading...

Post by newbeegeek on Mon Jun 08, 2009 1:26 am

ComboFix 09-06-07.03 - Paul 07/06/2009 21:09.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2045.1020 [GMT -4:00]
Running from: c:\users\Paul\Downloads\Combo-Fix.exe
Command switches used :: c:\users\Paul\Downloads\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Paul\AppData\Local\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Paul\AppData\Local\d3d9caps.dat

.
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-08 01:14 . 2009-06-08 01:14 -------- d-sh--w- \$RECYCLE.BIN
2009-06-08 01:12 . 2009-06-08 01:12 -------- d-----w- C:\temp
2009-06-08 01:12 . 2009-06-08 01:12 -------- d-----w- \temp
2009-06-08 01:07 . 2009-06-08 01:14 -------- d-s---w- \Combo-Fix
2009-06-06 01:00 . 2009-06-06 13:54 -------- d-----w- c:\users\Paul\Tracing
2009-06-04 23:12 . 2009-06-08 01:08 -------- d-----w- \Qoobox
2009-06-04 02:17 . 2009-06-04 02:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-04 02:15 . 2009-06-04 02:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 02:58 . 2009-06-03 02:58 -------- d-----w- c:\program files\Trend Micro
2009-06-02 02:45 . 2009-06-02 02:45 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-06-02 02:20 . 2002-01-05 10:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-02 02:20 . 2009-06-02 02:20 -------- d-----w- c:\program files\AML Products
2009-06-02 02:04 . 2009-06-02 02:04 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-06-01 02:36 . 2009-06-01 02:36 -------- d-----w- c:\program files\COMODO
2009-06-01 02:20 . 2009-06-01 02:20 -------- d-----w- c:\program files\CCleaner
2009-06-01 00:24 . 2009-06-01 00:24 -------- d-----w- c:\program files\Alwil Software
2009-05-30 11:41 . 2009-05-30 11:42 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-28 02:38 . 2009-05-28 02:40 -------- d-----w- c:\windows\system32\ca-ES
2009-05-28 02:38 . 2009-05-28 02:40 -------- d-----w- c:\windows\system32\eu-ES
2009-05-28 02:38 . 2009-05-28 02:40 -------- d-----w- c:\windows\system32\vi-VN
2009-05-28 02:20 . 2009-05-28 02:20 -------- d-----w- c:\windows\system32\EventProviders
2009-05-28 02:18 . 2009-04-11 06:28 1017856 ----a-w- c:\windows\system32\wevtsvc.dll
2009-05-28 02:17 . 2009-04-11 06:28 592896 ----a-w- c:\windows\system32\netlogon.dll
2009-05-28 02:16 . 2009-04-11 06:28 2153472 ----a-w- c:\windows\system32\oobefldr.dll
2009-05-28 02:15 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-05-28 02:15 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-05-28 02:15 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-05-27 16:14 . 2009-05-27 16:14 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
2009-05-27 16:14 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-27 16:14 . 2009-05-27 16:14 -------- d-----w- c:\programdata\Malwarebytes
2009-05-27 16:14 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-27 16:14 . 2009-05-27 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-27 00:14 . 2008-05-16 10:10 24888 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-05-27 00:14 . 2008-05-16 10:10 26424 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-05-27 00:14 . 2009-06-06 13:36 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-05-26 23:39 . 2009-06-06 13:36 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-26 23:25 . 2009-06-06 13:37 -------- d-----w- c:\programdata\Pure Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 01:13 . 2007-02-20 08:52 2459238400 --sha-w- \pagefile.sys
2009-06-08 01:12 . 2006-12-19 10:46 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-08 00:34 . 2009-01-15 00:55 41520 ----a-w- c:\programdata\nvModes.dat
2009-06-07 22:58 . 2008-10-13 20:36 -------- d-----w- c:\programdata\Google Updater
2009-06-06 13:36 . 2008-11-16 16:51 -------- d-----w- c:\users\Paul\AppData\Roaming\vlc
2009-06-05 01:35 . 2007-02-23 07:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-02 02:42 . 2007-02-20 06:19 86024 ----a-w- c:\users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-02 02:28 . 2007-08-06 22:29 -------- d-----w- c:\users\Paul\AppData\Roaming\uTorrent
2009-05-30 11:42 . 2006-12-19 11:47 -------- d-----w- c:\program files\DivX
2009-05-28 02:52 . 2007-02-24 20:26 -------- d-----w- c:\programdata\NVIDIA
2009-05-28 02:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 02:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 02:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 02:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 02:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 02:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 02:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 02:38 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-02 13:15 . 2008-07-10 05:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-02 13:15 . 2008-07-10 05:47 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-02 13:15 . 2008-07-10 05:47 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-02 13:15 . 2009-02-09 02:59 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-26 16:16 . 2009-04-12 16:33 -------- d-----w- c:\users\Paul\AppData\Roaming\ZoomBrowser EX
2009-04-26 16:15 . 2009-04-12 16:17 -------- d-----w- c:\users\Paul\AppData\Roaming\CameraWindowDC
2009-04-23 03:08 . 2006-12-19 11:33 -------- d-----w- c:\program files\HP
2009-04-23 03:03 . 2007-02-22 01:07 -------- d-----w- c:\programdata\HP
2009-04-23 03:03 . 2006-12-19 11:02 -------- d-----w- c:\program files\Hewlett-Packard
2009-04-22 21:50 . 2009-04-22 21:50 355888 ----a-w- c:\programdata\Pure Networks\Platform\1033\Update\nm\nmurlexc.exe
2009-04-12 16:17 . 2009-04-12 16:17 -------- d-----w- c:\users\Paul\AppData\Roaming\CANON INC
2009-04-12 16:09 . 2009-04-12 16:07 -------- d-----w- c:\program files\Canon
2009-04-12 16:07 . 2009-04-12 16:07 -------- d-----w- c:\programdata\ZoomBrowser
2009-04-12 16:05 . 2009-04-12 16:05 -------- d-----w- c:\program files\Common Files\Canon
2009-04-11 06:33 . 2009-05-28 02:18 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-05-28 02:18 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-05-28 02:17 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-05-28 02:18 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-05-28 02:18 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-05-28 02:18 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-05-28 02:19 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-05-28 02:16 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-05-28 02:16 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-05-28 02:16 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-05-28 02:19 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-05-28 02:19 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-05-28 02:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-05-28 02:16 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-05-28 02:16 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-05-28 02:17 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-05-28 02:16 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-05-28 02:16 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-05-28 02:16 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-05-28 02:16 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-05-28 02:16 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-05-28 02:17 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-05-28 02:16 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-05-28 02:16 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-05-28 02:17 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-05-28 02:17 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-05-28 02:16 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-05-28 02:16 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-05-28 02:16 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-05-28 02:18 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:43 . 2009-05-28 02:16 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-04-11 04:42 . 2009-05-28 02:17 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-05-28 02:17 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-05-28 02:17 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-05-28 02:17 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-05-28 02:17 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-05-28 02:16 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-05-28 02:16 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-05-28 02:16 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-05-28 02:19 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-05-28 02:16 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-05-28 02:16 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-05-28 02:16 11776 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2009-04-11 04:39 . 2009-05-28 02:16 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-05-28 02:17 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:38 . 2009-05-28 02:17 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-04-11 04:27 . 2009-05-28 02:16 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:24 . 2009-05-28 02:18 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-04-11 04:23 . 2009-05-28 02:18 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-05-28 02:16 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-05-28 02:16 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-05-28 02:16 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:19 . 2009-05-28 02:17 89088 ----a-w- c:\windows\system32\drivers\sdbus.sys
2009-04-11 04:15 . 2009-05-28 02:17 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-05-28 02:17 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-05-28 02:17 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-05-28 02:18 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-05-28 02:17 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-05-28 02:18 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-05-28 02:17 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-05-28 02:17 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-05-28 02:16 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-05-28 02:17 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-05-28 02:16 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-11 04:13 . 2009-05-28 02:17 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-11 04:13 . 2009-05-28 02:16 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-11 04:12 . 2009-05-28 02:17 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-11 02:52 . 2009-05-28 02:19 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

newbeegeek
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-06-04
OS : Vista

View user profile

Back to top Go down

Re: error msge when downloading...

Post by newbeegeek on Mon Jun 08, 2009 1:27 am

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-19 11:02 . 2009-06-08 01:15 70008 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-08 00:52 66450 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-02-20 06:11 . 2009-06-08 00:52 14310 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-315623029-2776564736-2280849631-1000_UserData.bin
+ 2007-02-20 06:04 . 2009-06-08 00:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-02-20 06:04 . 2009-06-04 23:58 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-02-20 06:04 . 2009-06-04 23:58 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-20 06:04 . 2009-06-08 00:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-20 06:04 . 2009-06-08 00:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-02-20 06:04 . 2009-06-04 23:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-08 01:13 . 2009-06-08 01:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-05 03:00 . 2009-06-05 03:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-08 01:13 . 2009-06-08 01:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-05 03:00 . 2009-06-05 03:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-02-21 09:20 . 2009-06-08 00:34 232094 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-06-04 23:29 600378 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-08 00:58 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-04 23:29 105852 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-08 00:58 105852 c:\windows\System32\perfc009.dat
+ 2009-05-06 02:57 . 2009-06-08 00:55 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-06 02:57 . 2009-06-04 23:27 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-26 185896]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-19 34520]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-2-25 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d0,5b,42,8c,3e,df,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2BF93DD0-DED5-4880-843A-A3C5A1794174}"= UDP:c:\program files\HP\QuickPlay\QP.exe:_this_program_will_be_deleted
"{7BA7A547-6ED3-46AD-8B6E-D7D64F05253A}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{487D3A0F-5374-4C49-B7BE-0AB7DDEA0375}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{EB618C46-8D64-4C1D-BD8F-CD35266D5D5E}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{1F9BD2C5-604E-41BC-80FA-7E6A624935BF}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{9A596B9C-6C79-43A0-9C05-AFABF5D61AB2}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"TCP Query User{50B863FC-63EC-4952-887F-FE9FF7B253C3}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{E6CC8BDA-C238-4FCE-AC97-E54B7FE5E995}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9B25EDE4-3895-41F0-8A7B-E35A24767012}c:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:c:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{FC5ED122-88F7-4E91-A20F-84B8F31CAE10}c:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:c:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"{B6BEDC22-4BC5-47A2-BF78-540C02B88CC8}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{589A36DD-C373-4529-9040-D30B774423CA}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{1439AD13-DCD6-4713-82AB-FF436113C0E7}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{C5AF188A-9266-4B85-830C-55F4C05060FD}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{4DDF880D-0585-43FD-9A8B-FEC6CF6311D4}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{1022140D-2EE7-4C73-983D-6D4DCBDC6A81}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"{C886E393-D343-4D44-BAF5-B9990F17650D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2BC9B9B0-9FC5-4EA6-A2C3-1C355D9C12DE}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{5DABDBB4-4765-42C4-961D-8359268AAF70}"= TCP:427|RPort=427|c:\windows\system32\svchost.exe|Svc=HPSLPSVC:SLP_Service
"{2A1628DC-09C2-46E8-83DC-CAAE40AEC480}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{BE3F5C3E-B8AF-460C-AD6D-4E35ABC37CF3}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{583D5CEE-B6BA-4D8B-809E-0A7E8F8083E0}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/07/2008 1:47 AM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [08/02/2009 10:59 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/07/2008 1:46 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/07/2008 1:46 AM 298776]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/07/2008 10:51 AM 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [17/03/2009 8:03 PM 92008]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 4:40 PM 3668480]
S3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows\System32\drivers\ST50220.sys [25/02/2007 10:19 PM 26752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-30 00:49]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\bjhlc5ah.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-07 21:14
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3840)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-06-08 21:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 01:19
ComboFix2.txt 2009-06-08 00:57
ComboFix3.txt 2009-06-05 03:08
ComboFix4.txt 2009-06-04 23:30

Pre-Run: 72,516,857,856 bytes free
Post-Run: 72,368,594,944 bytes free

350 --- E O F --- 2009-06-04 23:00

newbeegeek
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-06-04
OS : Vista

View user profile

Back to top Go down

Re: error msge when downloading...

Post by newbeegeek on Wed Jun 10, 2009 12:39 am

bump

newbeegeek
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-06-04
OS : Vista

View user profile

Back to top Go down

Re: error msge when downloading...

Post by Origin on Wed Jun 10, 2009 12:59 am

Download Dr.Web CureIt to the desktop:
[You must be registered and logged in to see this link.]

  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...
    o Now, go to Settings >> Change Settings
    o Go to Actions tab >> under Objects section, change the settings to below
    Infected objects - Cure
    Incurable objects - Report
    Suspicious objects - Report
    o Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: error msge when downloading...

Post by newbeegeek on Wed Jun 10, 2009 9:44 am

gameconsoleservice.exe;c:\program files\hp games\my hp game console;Probably MULDROP.Trojan;Incurable.Deleted.;
SetupGamesClient.exe\data004;C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe;Probably MULDROP.Trojan;;
SetupGamesClient.exe;C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers;Archive contains infected objects;Moved.;
SetupGamesClient.exe\data004;C:\Documents and Settings\Paul\DoctorWeb\Quarantine\SetupGamesClient.exe;Probably MULDROP.Trojan;;
SetupGamesClient.exe;C:\Documents and Settings\Paul\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;

newbeegeek
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-06-04
OS : Vista

View user profile

Back to top Go down

Re: error msge when downloading...

Post by newbeegeek on Wed Jun 10, 2009 9:47 am

after I ran the complete scan it wouldn't let me select all and cure....It did let me do it when I did the first step of express scan...

newbeegeek
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-06-04
OS : Vista

View user profile

Back to top Go down

Re: error msge when downloading...

Post by newbeegeek on Thu Jun 11, 2009 3:38 am

bump

newbeegeek
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-06-04
OS : Vista

View user profile

Back to top Go down

Re: error msge when downloading...

Post by Belahzur on Thu Jun 11, 2009 4:03 pm

Hello.
Either way, the first scan came back clean.

Is the video file your trying to download saving to temp directory?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: error msge when downloading...

Post by newbeegeek on Thu Jun 11, 2009 11:23 pm

C:\Users\Paul\AppData\Local\Temp\could not be opened, because an unknown error occurred.

Try saving to disk first and then opening the file


This is what I get when I try to open it... Only Windows Media Player does it. The other ones work fine...

newbeegeek
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-06-04
OS : Vista

View user profile

Back to top Go down

Re: error msge when downloading...

Post by Belahzur on Fri Jun 12, 2009 12:06 am

My best advice is probably don't use WMP, use VLC, much better media player in my opinion.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum