Malware infection has my computer frozen

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Malware infection has my computer frozen

Post by CRC on Mon 22 Nov 2010, 9:02 am

I cannot get past the desktop without the computer freezing. I have tried to load otl by flash drive but still not working

CRC

Rookie Surfer
Rookie Surfer

Posts : 106
Joined : 2010-07-09
Operating System : xp

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by Belahzur on Mon 22 Nov 2010, 10:50 am

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try OTL now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by CRC on Mon 22 Nov 2010, 12:41 pm

i am unable to load anything to the desktop even through usb or dvd drives. The blocked program that has been the problem so far is Network Settings Manager.

ETA: i restarted in safe mode, ran rkill, then loaded otl all by flash drive and am now running otl in safe mode

CRC

Rookie Surfer
Rookie Surfer

Posts : 106
Joined : 2010-07-09
Operating System : xp

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by CRC on Mon 22 Nov 2010, 1:50 pm

Here is the result from otl:

OTL logfile created on: 11/21/2010 8:44:24 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\home\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 667.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.89 Gb Total Space | 90.41 Gb Free Space | 65.09% Space Free | Partition Type: NTFS
Drive D: | 10.16 Gb Total Space | 4.41 Gb Free Space | 43.45% Space Free | Partition Type: NTFS
Drive F: | 248.97 Mb Total Space | 247.42 Mb Free Space | 99.38% Space Free | Partition Type: FAT

Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/21 15:49:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.com
PRC - [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/21 17:57:28 | 003,562,296 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


========== Modules (SafeList) ==========

MOD - [2010/11/21 15:49:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.com
MOD - [2006/11/02 03:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/08/14 09:18:16 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2007/06/21 17:57:28 | 003,562,296 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2007/06/02 02:56:58 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/29 16:11:08 | 000,251,408 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe -- (tavsvc)
SRV - [2007/01/10 18:19:26 | 000,566,872 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\AntiVirus 2007\components\TmProxy.exe -- (tmproxy)
SRV - [2006/09/29 13:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Stopped] -- C:\Windows\System32\DRIVERS\rassstp.sys -- (RasSstp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2008/06/27 01:40:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2008/05/02 15:22:00 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/05/02 15:21:52 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/05/02 15:17:18 | 001,169,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2007/12/24 16:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/06/21 17:43:52 | 000,160,056 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2007/06/21 17:43:52 | 000,023,864 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/06/21 17:43:52 | 000,021,816 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2007/06/21 17:43:52 | 000,020,280 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSFS0BB8.SYS -- (SSFS0BB8)
DRV - [2007/04/08 23:25:20 | 000,005,888 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PWCTLDRV.sys -- (PWCTLDRV)
DRV - [2007/04/06 01:49:26 | 000,039,808 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDWVsp.sys -- (PTDWVsp) Curitel PC Card Diagnostic Serial Port (UDP)
DRV - [2007/04/06 01:49:20 | 000,041,728 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDWMdm.sys -- (PTDWMdm) Curitel PC Card Drivers (UDP)
DRV - [2007/04/06 01:49:16 | 000,027,392 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDWBus.sys -- (PTDWBus) Curitel PC Card Composite Device driver (UDP)
DRV - [2007/01/17 00:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/02 02:44:30 | 000,649,216 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/11 20:49:56 | 001,476,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/12/11 20:49:56 | 001,476,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/17 01:22:02 | 000,181,176 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 03:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 03:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:36:49 | 000,108,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2006/11/02 01:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 01:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 01:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/09/29 12:59:58 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/07/06 00:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/03/08 18:53:22 | 000,077,952 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2006/03/08 18:53:22 | 000,077,952 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2006/01/06 10:16:22 | 000,067,840 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2005/09/07 14:32:58 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/09/07 14:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.07074039
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/19 08:09:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/18 16:14:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 16:14:13 | 000,000,000 | ---D | M]

[2010/01/08 18:08:35 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Mozilla\Extensions
[2010/11/18 16:13:27 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\096yshdc.default\extensions
[2007/12/03 08:55:33 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\096yshdc.default\extensions\moveplayer@movenetworks.com
[2010/01/08 18:08:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/11 12:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2007/07/22 18:24:49 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [NetSetMan] C:\Program Files\NetSetMan\NetSetMan.exe (Ilja Herlein)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\Windows\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O24 - Desktop WallPaper: C:\Users\home\Pictures\Aiden pics\Aiden pics (44).JPG
O24 - Desktop BackupWallPaper: C:\Users\home\Pictures\Aiden pics\Aiden pics (44).JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 03:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0b9912e7-c306-11dd-a12b-f3efe7f60922}\Shell\AutoRun\command - "" = F:\mri.exe -- File not found
O33 - MountPoints2\{80664d7d-0079-11de-8d44-00c0a8ec19d2}\Shell - "" = AutoRun
O33 - MountPoints2\{80664d7d-0079-11de-8d44-00c0a8ec19d2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{80664d87-0079-11de-8d44-00c0a8ec19d2}\Shell - "" = AutoRun
O33 - MountPoints2\{80664d87-0079-11de-8d44-00c0a8ec19d2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/21 20:43:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.com
[2010/11/19 08:14:03 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\AVG10
[2010/11/19 08:11:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/19 08:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/19 08:09:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/11/19 08:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/19 07:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/18 16:20:10 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Apple Computer
[2010/11/18 16:20:09 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Apple Computer
[2010/11/18 16:18:12 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/11/18 16:18:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/11/18 16:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/18 16:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/18 16:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/18 16:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/18 16:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/11/18 16:12:17 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Apple
[2010/11/18 16:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/11/18 16:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/18 16:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/11/18 16:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/11/12 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\Clemons Pics
[2010/11/09 07:59:25 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Template
[2010/11/07 14:27:50 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\INVedit[1]
[2010/11/05 16:33:57 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\INVedit-4
[2010/11/05 16:33:08 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\INVedit-3
[2010/11/05 14:49:32 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\INVedit-2
[2010/11/04 16:00:01 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\INVedit-1
[2010/11/04 15:58:31 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\INVedit
[2010/11/02 15:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/11/02 15:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/10/24 07:16:39 | 000,000,000 | -HSD | C] -- C:\found.001
[2010/10/23 11:11:37 | 000,000,000 | ---D | C] -- C:\6a9dec193e317ddee7782d
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/21 20:35:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/21 19:42:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/21 19:42:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/21 18:42:52 | 000,364,032 | ---- | M] () -- C:\Users\home\Desktop\rkill.com
[2010/11/21 15:49:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.com
[2010/11/19 08:19:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/11/19 08:15:46 | 099,632,045 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/19 08:10:54 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/19 05:35:35 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010/11/18 16:19:00 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/18 16:13:51 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/18 16:12:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/11/15 08:14:17 | 000,605,448 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/15 08:14:17 | 000,065,542 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/09 07:59:13 | 000,000,000 | ---- | M] () -- C:\Users\home\AppData\Roaming\wklnhst.dat
[2010/11/05 18:15:48 | 000,001,011 | ---- | M] () -- C:\Users\home\Documents\invedit 5 awesome inventory.inv
[2010/11/05 16:41:14 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/11/05 16:41:14 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/21 20:41:48 | 000,364,032 | ---- | C] () -- C:\Users\home\Desktop\rkill.com
[2010/11/19 08:19:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/19 08:15:46 | 099,632,045 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/19 08:10:54 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/18 16:19:00 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/18 16:13:51 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/09 07:59:13 | 000,000,000 | ---- | C] () -- C:\Users\home\AppData\Roaming\wklnhst.dat
[2010/11/05 18:15:48 | 000,001,011 | ---- | C] () -- C:\Users\home\Documents\invedit 5 awesome inventory.inv
[2010/11/02 15:20:07 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/11/02 15:20:07 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2007/08/07 10:08:37 | 000,000,680 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2007/07/26 16:39:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/07/22 17:50:10 | 000,026,424 | ---- | C] () -- C:\Windows\System32\wrlzma.dll
[2007/07/22 16:53:27 | 000,021,504 | ---- | C] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/02 03:14:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/06/02 03:14:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/06/02 03:14:28 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/06/02 03:14:28 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

< End of report >

CRC

Rookie Surfer
Rookie Surfer

Posts : 106
Joined : 2010-07-09
Operating System : xp

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by Belahzur on Tue 23 Nov 2010, 12:03 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
    O33 - MountPoints2\{0b9912e7-c306-11dd-a12b-f3efe7f60922}\Shell\AutoRun\command - "" = F:\mri.exe -- File not found
    O33 - MountPoints2\{80664d7d-0079-11de-8d44-00c0a8ec19d2}\Shell - "" = AutoRun


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by CRC on Tue 23 Nov 2010, 2:49 pm

OTL fix log:


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b9912e7-c306-11dd-a12b-f3efe7f60922}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b9912e7-c306-11dd-a12b-f3efe7f60922}\ not found.
File F:\mri.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80664d7d-0079-11de-8d44-00c0a8ec19d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80664d7d-0079-11de-8d44-00c0a8ec19d2}\ not found.

OTL by OldTimer - Version 3.2.17.3 log created on 11222010_214635

CRC

Rookie Surfer
Rookie Surfer

Posts : 106
Joined : 2010-07-09
Operating System : xp

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by Belahzur on Wed 24 Nov 2010, 9:07 am

Hello.

  • Download combofix from here
    Link 1
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by CRC on Wed 24 Nov 2010, 9:49 am

How do i disable avg 2011 while in safe mode?

It does not show on the tool bar while in safe mode....
I tried right clicking on the avg on desktop but I do not have the selection to "open avg user interface" as suggested in disabling the av while in safe mode.

I tried it without safe mode but screen frooze again

CRC

Rookie Surfer
Rookie Surfer

Posts : 106
Joined : 2010-07-09
Operating System : xp

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by Belahzur on Wed 24 Nov 2010, 10:02 am

Hello.
Please run Combofix anyway, AVG isn't as aggressive as other AV's.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by CRC on Wed 24 Nov 2010, 10:20 am

Warning message: Combofix will not run with AVG installed

I dont mind uninstalling avg if it will let me in safe mode

CRC

Rookie Surfer
Rookie Surfer

Posts : 106
Joined : 2010-07-09
Operating System : xp

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by Belahzur on Thu 25 Nov 2010, 9:25 am

That will temporarily work, but yes, uninstall AVG if needed.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by CRC on Thu 25 Nov 2010, 5:28 pm

Well.....it seems after i uninstalled avg 2011 i was able to use the computer without the screen freezing...but I am not able to access the internet through IE or Firefox. It says no connection found even though i am connected wirelessly.

I ran combofix anyway and here is the results:

ComboFix 10-11-24.02 - home 11/24/2010 23:54:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.373 [GMT -6:00]
Running from: F:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Trend Micro AntiVirus - Virus Protection *On-access scanning enabled* (Outdated) {9596F8E6-38C3-4C51-80B9-8C94D2E25B07}
SP: AVG Anti-Virus Free Edition 2011 *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spy Sweeper *disabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Trend Micro AntiVirus - Spyware Protection *enabled* (Outdated) {7241C815-3D0F-4059-9AF4-BF225B1D78B9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\windows
c:\users\home\AppData\Roaming\Microsoft\stor.cfg
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-10-25 to 2010-11-25 )))))))))))))))))))))))))))))))
.

2010-11-25 06:10 . 2010-11-25 06:14 -------- d-----w- c:\users\home\AppData\Local\temp
2010-11-25 06:10 . 2010-11-25 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-25 05:29 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E459FAF-E34F-4045-B018-324A00F13CAD}\mpengine.dll
2010-11-23 03:46 . 2010-11-23 03:46 -------- d-----w- C:\_OTL
2010-11-23 03:37 . 2010-11-23 03:37 -------- d-----w- C:\found.002
2010-11-19 14:14 . 2010-11-19 14:14 -------- d-----w- c:\users\home\AppData\Roaming\AVG10
2010-11-19 14:11 . 2010-11-19 14:11 -------- d--h--w- c:\programdata\Common Files
2010-11-19 14:09 . 2010-11-25 05:04 -------- d-----w- c:\programdata\AVG10
2010-11-19 14:07 . 2010-11-19 14:07 -------- d-----w- c:\program files\AVG
2010-11-19 13:59 . 2010-11-19 14:08 -------- d-----w- c:\programdata\MFAData
2010-11-18 22:20 . 2010-11-18 22:20 -------- d-----w- c:\users\home\AppData\Local\Apple Computer
2010-11-18 22:20 . 2010-11-18 22:32 -------- d-----w- c:\users\home\AppData\Roaming\Apple Computer
2010-11-18 22:18 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-18 22:18 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-18 22:18 . 2010-11-18 22:18 -------- dc----w- c:\windows\system32\DRVSTORE
2010-11-18 22:16 . 2010-11-18 22:16 -------- d-----w- c:\program files\iPod
2010-11-18 22:16 . 2010-11-18 22:17 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-18 22:16 . 2010-11-18 22:17 -------- d-----w- c:\program files\iTunes
2010-11-18 22:13 . 2010-11-18 22:16 -------- d-----w- c:\programdata\Apple Computer
2010-11-18 22:12 . 2010-11-18 22:12 -------- d-----w- c:\users\home\AppData\Local\Apple
2010-11-18 22:12 . 2010-11-18 22:12 -------- d-----w- c:\program files\Apple Software Update
2010-11-18 22:09 . 2010-11-18 22:09 -------- d-----w- c:\program files\Bonjour
2010-11-18 22:09 . 2010-11-18 22:16 -------- d-----w- c:\program files\Common Files\Apple
2010-11-18 22:09 . 2010-11-18 22:11 -------- d-----w- c:\programdata\Apple
2010-11-09 13:59 . 2010-11-09 13:59 -------- d-----w- c:\users\home\AppData\Roaming\Template
2010-11-02 21:20 . 2010-11-02 21:20 -------- d-----w- c:\programdata\McAfee Security Scan
2010-11-02 21:20 . 2010-11-05 22:41 -------- d-----w- c:\program files\McAfee Security Scan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2010-01-03 23:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 18:23 . 2010-10-07 18:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 18:23 . 2010-10-07 18:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 18:23 . 2010-10-07 18:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 18:23 . 2010-10-07 18:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 21:44 . 2010-09-28 21:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 21:44 . 2010-09-28 21:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-08 17:17 . 2010-09-08 17:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 17:17 . 2010-09-08 17:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-08-14 15:18 . 2008-08-14 15:18 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSetMan"="c:\program files\NetSetMan\NetSetMan.exe" [2008-03-31 1782464]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-05-04 40072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 04:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
2006-11-16 23:04 2348584 ----a-w- c:\program files\BigFix\bigfix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-08-14 15:18 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-12-12 02:03 106496 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-09-29 19:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-12-12 02:02 98304 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2006-09-06 19:12 323216 ----a-w- c:\program files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-12-12 02:02 81920 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 06:34 634880 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2007-06-21 23:57 5355832 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-11-17 06:58 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trend Micro AntiVirus 2007]
2008-07-15 16:47 4613384 ----a-w- c:\program files\Trend Micro\AntiVirus 2007\tavui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-06-02 08:56 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Sidebar]
2008-01-11 02:12 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-14 29744]

.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\096yshdc.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\096yshdc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-25 00:14
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-25 00:22:06
ComboFix-quarantined-files.txt 2010-11-25 06:22

Pre-Run: 97,315,614,720 bytes free
Post-Run: 98,746,699,776 bytes free

- - End Of File - - C49A6F2075B87F5EB8CDB169A22A13D5


CRC

Rookie Surfer
Rookie Surfer

Posts : 106
Joined : 2010-07-09
Operating System : xp

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by Belahzur on Fri 26 Nov 2010, 11:58 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:50370
    uInternet Settings,ProxyOverride = *.local

    Firefox::
    FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\096yshdc.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    FF - prefs.js: network.proxy.type - 1
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by CRC on Fri 26 Nov 2010, 3:07 pm

Hello....here it is



ComboFix 10-11-25.01 - home 11/25/2010 21:46:18.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.403 [GMT -6:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Trend Micro AntiVirus - Virus Protection *On-access scanning enabled* (Outdated) {9596F8E6-38C3-4C51-80B9-8C94D2E25B07}
SP: AVG Anti-Virus Free Edition 2011 *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spy Sweeper *disabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Trend Micro AntiVirus - Spyware Protection *enabled* (Outdated) {7241C815-3D0F-4059-9AF4-BF225B1D78B9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-10-26 to 2010-11-26 )))))))))))))))))))))))))))))))
.

2010-11-26 03:57 . 2010-11-26 03:57 -------- d-----w- c:\users\home\AppData\Local\temp
2010-11-26 03:57 . 2010-11-26 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-25 05:29 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E459FAF-E34F-4045-B018-324A00F13CAD}\mpengine.dll
2010-11-23 03:46 . 2010-11-23 03:46 -------- d-----w- C:\_OTL
2010-11-23 03:37 . 2010-11-23 03:37 -------- d-----w- C:\found.002
2010-11-19 14:14 . 2010-11-19 14:14 -------- d-----w- c:\users\home\AppData\Roaming\AVG10
2010-11-19 14:11 . 2010-11-19 14:11 -------- d--h--w- c:\programdata\Common Files
2010-11-19 14:09 . 2010-11-25 05:04 -------- d-----w- c:\programdata\AVG10
2010-11-19 14:07 . 2010-11-19 14:07 -------- d-----w- c:\program files\AVG
2010-11-19 13:59 . 2010-11-19 14:08 -------- d-----w- c:\programdata\MFAData
2010-11-18 22:20 . 2010-11-18 22:20 -------- d-----w- c:\users\home\AppData\Local\Apple Computer
2010-11-18 22:20 . 2010-11-18 22:32 -------- d-----w- c:\users\home\AppData\Roaming\Apple Computer
2010-11-18 22:18 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-18 22:18 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-18 22:18 . 2010-11-18 22:18 -------- dc----w- c:\windows\system32\DRVSTORE
2010-11-18 22:16 . 2010-11-18 22:16 -------- d-----w- c:\program files\iPod
2010-11-18 22:16 . 2010-11-18 22:17 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-18 22:16 . 2010-11-18 22:17 -------- d-----w- c:\program files\iTunes
2010-11-18 22:13 . 2010-11-18 22:16 -------- d-----w- c:\programdata\Apple Computer
2010-11-18 22:12 . 2010-11-18 22:12 -------- d-----w- c:\users\home\AppData\Local\Apple
2010-11-18 22:12 . 2010-11-18 22:12 -------- d-----w- c:\program files\Apple Software Update
2010-11-18 22:09 . 2010-11-18 22:09 -------- d-----w- c:\program files\Bonjour
2010-11-18 22:09 . 2010-11-18 22:16 -------- d-----w- c:\program files\Common Files\Apple
2010-11-18 22:09 . 2010-11-18 22:11 -------- d-----w- c:\programdata\Apple
2010-11-09 13:59 . 2010-11-09 13:59 -------- d-----w- c:\users\home\AppData\Roaming\Template
2010-11-02 21:20 . 2010-11-02 21:20 -------- d-----w- c:\programdata\McAfee Security Scan
2010-11-02 21:20 . 2010-11-05 22:41 -------- d-----w- c:\program files\McAfee Security Scan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2010-01-03 23:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 18:23 . 2010-10-07 18:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 18:23 . 2010-10-07 18:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 18:23 . 2010-10-07 18:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 18:23 . 2010-10-07 18:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 21:44 . 2010-09-28 21:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 21:44 . 2010-09-28 21:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-08 17:17 . 2010-09-08 17:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 17:17 . 2010-09-08 17:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-08-14 15:18 . 2008-08-14 15:18 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSetMan"="c:\program files\NetSetMan\NetSetMan.exe" [2008-03-31 1782464]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-05-04 40072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 04:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
2006-11-16 23:04 2348584 ----a-w- c:\program files\BigFix\bigfix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-08-14 15:18 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-12-12 02:03 106496 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-09-29 19:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-12-12 02:02 98304 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2006-09-06 19:12 323216 ----a-w- c:\program files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-12-12 02:02 81920 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 06:34 634880 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2007-06-21 23:57 5355832 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-11-17 06:58 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trend Micro AntiVirus 2007]
2008-07-15 16:47 4613384 ----a-w- c:\program files\Trend Micro\AntiVirus 2007\tavui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-06-02 08:56 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Sidebar]
2008-01-11 02:12 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-14 29744]

.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\096yshdc.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\096yshdc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-25 21:57
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-25 22:02:58
ComboFix-quarantined-files.txt 2010-11-26 04:02
ComboFix2.txt 2010-11-25 06:22

Pre-Run: 98,809,200,640 bytes free
Post-Run: 98,785,247,232 bytes free

- - End Of File - - 0AD607C5D8BFFB61D43FC48AA8701E73

CRC

Rookie Surfer
Rookie Surfer

Posts : 106
Joined : 2010-07-09
Operating System : xp

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by Belahzur on Sat 27 Nov 2010, 12:15 pm

Hello.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by CRC on Sun 28 Nov 2010, 7:31 am

Here you go.....



Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe (remove only)
Bejeweled Deluxe 1.87
BigFix
Bonjour
Bookworm Deluxe 1.13
Browser Address Error Redirector
Curitel PC Card Software
FATE
Gateway Connect
Gateway Game Console
Gateway Recovery Center Installer
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HiJackThis
ImgBurn (Remove Only)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
iTunes
Java(TM) SE Runtime Environment 6 Update 1
Linkit_eBay
Mahjongg Platinum 2
McAfee Security Scan Plus
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mobile Broadband Drivers
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.5.15)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
Napster Burn Engine
NetSetMan 2.4.2
OGA Notifier 2.0.0048.0
PANTECH PC Card Software
Penguins!
Polar Bowler
Polar Golfer
Power2Go 5.0
QuickTime
REALTEK RTL8187 Wireless LAN Driver
SigmaTel Audio
Spy Sweeper
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Tight Backgrounds
Tradewinds
Trend Micro AntiVirus
VIVA MEDIA GAME CENTER
VZAccess Manager
Yahoo! Install Manager
Yahoo! Toolbar


CRC

Rookie Surfer
Rookie Surfer

Posts : 106
Joined : 2010-07-09
Operating System : xp

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by Belahzur on Sun 28 Nov 2010, 11:52 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 8.1.2
    Java(TM) SE Runtime Environment 6 Update 1

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 22.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader 9.4

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by CRC on Mon 29 Nov 2010, 6:12 am

Hello...

The same error message still shows on the desktop..."Windows has blocked some startup programs." The computer is no longer frozen and I can access the internet.

I did not see the programs on the list to uninstall, when going to add or remove programs

CRC

Rookie Surfer
Rookie Surfer

Posts : 106
Joined : 2010-07-09
Operating System : xp

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by Belahzur on Mon 29 Nov 2010, 11:40 am

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 8.1.2
    Java(TM) SE Runtime Environment 6 Update 1

  • Click on the Uninstall/Change button at the top.

Did that work?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by CRC on Mon 29 Nov 2010, 12:21 pm

Hello...

I am able to see the list of programs, but neither adobe nor java appear on the list to uninstall...wierd

CRC

Rookie Surfer
Rookie Surfer

Posts : 106
Joined : 2010-07-09
Operating System : xp

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by Belahzur on Tue 30 Nov 2010, 9:04 am

Okay, install the newest Java anyway and we'll run a removal tool for the older versions.

Let me know when you have done that.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by CRC on Tue 30 Nov 2010, 9:28 am

okay, i have downloaded current versions of java and adobe....

Although i can go onto the internet, the warning box still appears off of the bottom tool bar, "Windows has blocked some startup programs." When clicking "run blocked program" from the message box, it shows Network Settings Manager as the blocked program.

CRC

Rookie Surfer
Rookie Surfer

Posts : 106
Joined : 2010-07-09
Operating System : xp

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by Belahzur on Wed 01 Dec 2010, 11:28 am

Hello.

Please download JavaRa from here

  • First, unzip it.
  • Then run JavaRa. (If you are running Vista, you will need to right click JavaRa > select "Run as administrator")
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by CRC on Wed 01 Dec 2010, 12:37 pm

Ok...this whole time I thought this computer was xp but it is vista....


JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Nov 30 19:35:09 2010

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

------------------------------------

Finished reporting.


CRC

Rookie Surfer
Rookie Surfer

Posts : 106
Joined : 2010-07-09
Operating System : xp

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by Belahzur on Thu 02 Dec 2010, 11:47 am

Hello.

  • Please re-open Hijack This.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware infection has my computer frozen

Post by Sponsored content Today at 4:08 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum