Possible Virus

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Possible Virus

Post by DLy4287 on Sun 12 Jun 2011, 7:06 am

My internet browsers have been running very very slow and freezing alot.Also my computer is freezeing at shutdown and startup usually taking a few times to restart.Any help would be greatly appreciated

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Sun 12 Jun 2011, 7:07 am

OTL Extras logfile created on: 6/11/2011 1:47:51 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\XP PRO SP3 User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 81.89% Memory free
5.09 Gb Paging File | 4.65 Gb Available in Paging File | 91.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 883.03 Gb Free Space | 94.80% Space Free | Partition Type: NTFS

Computer Name: XP-44C44E360303 | User Name: XP PRO SP3 User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
"67:UDP" = 67:UDP:*:Enabled:DHCP Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sony\EverQuest II\EQ2VoiceService.exe" = C:\Program Files\Sony\EverQuest II\EQ2VoiceService.exe:*:Enabled:EQ2VoiceService -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Documents and Settings\XP PRO SP3 User\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\XP PRO SP3 User\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Program Files\StarCraft II\Versions\Base16939\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16939\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\Program Files\Funcom\Age of Conan\ConanPatcher.exe" = C:\Program Files\Funcom\Age of Conan\ConanPatcher.exe:*:Enabled:Age of Conan Update Manager -- (Funcom)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Funcom\Age of Conan\AgeOfConan.exe" = C:\Program Files\Funcom\Age of Conan\AgeOfConan.exe:*:Enabled:Age of Conan ConanLiveWin32 v2.02.0@160818 -- (Funcom)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 SP1 Redistributable
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118892567}" = Monopoly City
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0B406B-DF08-49EF-8702-FA45752C135F}" = Verizon Download Manager
"{8C30E1DC-D83E-4A90-AD02-1A275FC71033}" = Nero 7 Premium
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9B26742-06BE-3B75-B1DE-7B91B5956A04}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"1Click DVD Copy 4.1" = 1Click DVD Copy 4.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.2.84
"CopyToDVD_is1" = CopyToDVD
"DVD X Utilities V2.1.1_is1" = DVD X Utilities V2.1.1
"IconPackager" = IconPackager
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Kristanix Right Click Image Converter" = Right Click Image Converter
"LClock" = LClock
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Unlocker" = Unlocker 1.8.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"Sportsbook.com" = Sportsbook.com

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2011 11:00:25 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The configuration registry database
is corrupt. for C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 6/11/2011 11:00:59 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - The configuration registry database
is corrupt.

Error - 6/11/2011 11:20:37 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The configuration registry database
is corrupt. for C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 6/11/2011 11:20:37 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - The configuration registry database
is corrupt.

Error - 6/11/2011 11:21:47 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The configuration registry database
is corrupt. for C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 6/11/2011 11:21:47 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - The configuration registry database
is corrupt.

Error - 6/11/2011 11:21:47 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The configuration registry database
is corrupt. for C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 6/11/2011 11:21:47 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - The configuration registry database
is corrupt.

Error - 6/11/2011 12:59:56 PM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The configuration registry database
is corrupt. for C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 6/11/2011 12:59:56 PM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - The configuration registry database
is corrupt.

[ System Events ]
Error - 6/11/2011 12:31:37 PM | Computer Name = XP-44C44E360303 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/11/2011 12:33:42 PM | Computer Name = XP-44C44E360303 | Source = nvgts | ID = 262149
Description = A parity error was detected on \Device\Scsi\nvgts2.

Error - 6/11/2011 12:33:42 PM | Computer Name = XP-44C44E360303 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/11/2011 12:35:12 PM | Computer Name = XP-44C44E360303 | Source = nvgts | ID = 262149
Description = A parity error was detected on \Device\Scsi\nvgts2.

Error - 6/11/2011 12:35:12 PM | Computer Name = XP-44C44E360303 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/11/2011 12:35:42 PM | Computer Name = XP-44C44E360303 | Source = nvgts | ID = 262149
Description = A parity error was detected on \Device\Scsi\nvgts2.

Error - 6/11/2011 12:35:42 PM | Computer Name = XP-44C44E360303 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/11/2011 1:00:10 PM | Computer Name = XP-44C44E360303 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 6/11/2011 1:00:10 PM | Computer Name = XP-44C44E360303 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McciCMService service
to connect.

Error - 6/11/2011 1:00:10 PM | Computer Name = XP-44C44E360303 | Source = Service Control Manager | ID = 7000
Description = The McciCMService service failed to start due to the following error:
%%1053


< End of report >

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Sun 12 Jun 2011, 7:12 am

Having problems sending the other report keeps saying connection was an erroe

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by Belahzur on Tue 14 Jun 2011, 3:45 am

Can you attach the logs instead?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Tue 14 Jun 2011, 12:01 pm

OTL logfile created on: 6/11/2011 1:47:50 PM - Run 1~[Filtered]~

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Tue 14 Jun 2011, 12:05 pm

When i copy and past the otl it comes up full then posts as that also... when I try to attach the log it says file is not valid

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by Belahzur on Wed 15 Jun 2011, 2:58 am

Okay, please upload them to Mediafire.com and post the share URL here.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Thu 16 Jun 2011, 9:41 am

I uploaded it hears the OTL Link [You must be registered and logged in to see this link.]

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Sat 18 Jun 2011, 11:06 am

bump

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Mon 20 Jun 2011, 1:40 pm

Were u able to see the OTL or did i do something wrong?

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by Sneakyone on Tue 21 Jun 2011, 2:12 pm

Hi,

Would you like to get rid of Ask Toolbar?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Wed 22 Jun 2011, 8:45 am

yes i tried to find it but couldnt

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by Sneakyone on Wed 22 Jun 2011, 12:10 pm

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Wed 22 Jun 2011, 2:24 pm

ComboFix 11-06-21.05 - XP PRO SP3 User 06/21/2011 23:03:36.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2931 [GMT -4:00]
Running from: c:\documents and settings\XP PRO SP3 User\Desktop\commy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\0200000068e42d671270C.manifest
c:\documents and settings\LocalService\Application Data\0200000068e42d671270O.manifest
c:\documents and settings\LocalService\Application Data\0200000068e42d671270P.manifest
c:\documents and settings\LocalService\Application Data\0200000068e42d671270S.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671270C.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671270O.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671270P.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671270S.manifest
c:\documents and settings\XP PRO SP3 User\0.34171473515149076.exe
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}\chrome.manifest
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}\chrome\xulcache.jar
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}\defaults\preferences\xulcache.js
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-22 to 2011-06-22 )))))))))))))))))))))))))))))))
.
.
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\program files\Raxco
2011-06-18 18:01 . 2011-06-18 18:01 -------- d-----w- c:\program files\DiskTrix
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\IObit
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\program files\IObit
2011-06-18 13:49 . 2011-06-18 13:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-16 20:26 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-12 14:58 . 2011-06-12 14:58 0 ---ha-w- c:\documents and settings\XP PRO SP3 User\nwfumzidgw.tmp
2011-06-12 03:36 . 2011-06-12 03:36 175616 ----a-w- c:\windows\system32\MPG4DMOD32.dll
2011-06-12 03:36 . 2011-06-12 03:36 775168 ----a-w- c:\windows\system32\kbdnec32.exe
2011-06-12 03:36 . 2011-06-12 03:36 775168 ----a-w- c:\windows\system32\mshtmler32.exe
2011-06-12 03:36 . 2011-06-12 03:36 350720 ----a-w- c:\windows\system32\azroles32.dll
2011-06-10 02:20 . 2011-06-10 02:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-06 04:12 . 2011-06-06 04:12 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Citrix
2011-06-02 21:54 . 2011-06-02 21:54 -------- d-----w- C:\NVIDIA
2011-06-02 21:24 . 2011-06-02 21:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2011-06-02 02:26 . 2011-06-02 02:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2011-06-02 02:25 . 2011-06-02 02:25 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Funcom
2011-06-02 02:21 . 2011-06-04 01:01 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Xfire
2011-06-02 02:21 . 2011-06-02 02:21 -------- d-----w- c:\program files\Xfire
2011-06-02 02:18 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-06-02 02:13 . 2011-06-02 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\media center programs
2011-06-02 02:13 . 2011-06-02 02:13 -------- d-----w- c:\program files\Funcom
2011-05-27 03:21 . 2011-05-27 03:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-05-26 14:57 . 2011-05-26 14:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 06:09 . 2009-04-14 00:03 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2009-04-14 00:03 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2009-04-14 00:03 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2009-04-14 00:03 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2009-04-14 00:03 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2009-04-14 00:03 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2009-04-14 00:03 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2009-04-14 00:03 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2009-04-14 00:03 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2009-04-14 00:03 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2009-04-14 00:03 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-02 15:31 . 2009-07-21 14:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-05-01 11:11 . 2011-03-31 18:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D7F23B4-52D8-4281-9049-59E58F87FA04}]
2011-06-12 03:36 350720 ----a-w- c:\windows\system32\azroles32.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1875F6F-629F-1803-DEA7-6D668C1CD327}]
2011-06-12 03:36 175616 ----a-w- c:\windows\system32\MPG4DMOD32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
"DVDXGhost"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2010-01-05 124928]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\ExecuteHooker.dll" [2005-11-14 90112]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^XP PRO SP3 User^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\XP PRO SP3 User\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Documents and Settings\\XP PRO SP3 User\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\ConanPatcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\AgeOfConan.exe"=
"c:\\WINDOWS\\system32\\mshtmler32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"67:UDP"= 67:UDP:DHCP Server
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 118784]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/2/2011 5:55 PM 2214504]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [9/29/2010 7:00 AM 206120]
R2 srservice32;System Restore Service ;c:\windows\system32\mshtmler32.exe [6/11/2011 11:36 PM 775168]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [9/29/2010 7:00 AM 185640]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/9/2009 9:35 AM 1358720]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2010-02-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
2011-06-22 c:\windows\Tasks\User_Feed_Synchronization-{479ED8AD-700D-40D2-AAC4-5341B9455E95}.job
- c:\windows\system32\msfeedssync.exe [2009-07-21 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-06-21 23:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\LClock\LC.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\kbdnec32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2011-06-21 23:19:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-22 03:19
ComboFix2.txt 2010-08-14 01:53
ComboFix3.txt 2010-08-14 01:27
.
Pre-Run: 945,698,906,112 bytes free
Post-Run: 946,118,447,104 bytes free
.
- - End Of File - - 1EF70F5147E6DCF882A87392E695767D

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Wed 22 Jun 2011, 2:25 pm

Also it mite have been from Internet explorer its no longer working

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by Sneakyone on Thu 23 Jun 2011, 3:41 pm

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Sun 26 Jun 2011, 9:52 am

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 6949

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/25/2011 6:41:31 PM
mbam-log-2011-06-25 (18-41-31).txt

Scan type: Quick scan
Objects scanned: 187007
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
c:\WINDOWS\system32\mshtmler32.exe (Trojan.Agent) -> 324 -> Unloaded process successfully.
c:\WINDOWS\system32\kbdnec32.exe (Trojan.Agent) -> 804 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{750FDF0E-2A26-11D1-A3EA-080036587F03} (Trojan.FakeAlert) -> Value: {750FDF0E-2A26-11D1-A3EA-080036587F03} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application Data\tkv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application Data\tkv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application Data\tkv.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\mshtmler32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kbdnec32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\xp pro sp3 user\my documents\downloads\ophcrack-win32-installer-3.3.1.exe (PSWTool.OphCrack) -> Quarantined and deleted successfully.
c:\documents and settings\xp pro sp3 user\local settings\application data\0sy03.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\xp pro sp3 user\local settings\application data\tkv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\updatususer\application data\0200000068e42d671270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\updatususer\application data\0200000068e42d671270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\updatususer\application data\0200000068e42d671270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\updatususer\application data\0200000068e42d671270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000068e42d671270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000068e42d671270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000068e42d671270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000068e42d671270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by Sneakyone on Sun 26 Jun 2011, 4:22 pm

Hi,

Could you please re-run ComboFix?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Mon 27 Jun 2011, 12:47 am

NP
ComboFix 11-06-25.05 - XP PRO SP3 User 06/26/2011 9:31.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2943 [GMT -4:00]
Running from: c:\documents and settings\XP PRO SP3 User\Desktop\commy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}\chrome.manifest
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}\chrome\xulcache.jar
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}\defaults\preferences\xulcache.js
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))
.
.
2011-06-26 13:29 . 2011-06-26 13:29 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-06-26 13:29 . 2011-06-26 13:29 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-06-26 13:29 . 2011-06-26 13:29 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-06-26 13:29 . 2011-06-26 13:29 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-06-26 13:29 . 2011-06-26 13:29 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-06-26 13:29 . 2011-06-26 13:29 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-06-26 13:29 . 2011-06-26 13:29 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-06-26 13:29 . 2011-06-26 13:29 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-06-26 13:29 . 2011-06-26 13:29 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-06-26 13:29 . 2011-06-26 13:29 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-06-26 13:29 . 2011-06-26 13:29 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-06-26 13:29 . 2011-06-26 13:29 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-06-26 13:28 . 2011-06-26 13:28 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-06-26 13:28 . 2011-06-26 13:28 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-06-26 13:28 . 2011-06-26 13:28 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-06-26 13:28 . 2011-06-26 13:28 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-06-26 13:28 . 2011-06-26 13:28 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-06-25 22:34 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-25 22:34 . 2011-06-25 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-25 22:34 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 00:26 . 2011-06-25 01:16 -------- d-----w- c:\program files\SBR Poker
2011-06-22 20:01 . 2011-04-30 08:50 766464 ------w- c:\windows\system32\dllcache\vgx.dll
2011-06-22 02:41 . 2011-06-22 03:20 -------- d-----w- C:\commy
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\program files\Raxco
2011-06-18 18:01 . 2011-06-18 18:01 -------- d-----w- c:\program files\DiskTrix
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\IObit
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\program files\IObit
2011-06-18 13:49 . 2011-06-18 13:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-16 20:26 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-12 14:58 . 2011-06-12 14:58 0 ---ha-w- c:\documents and settings\XP PRO SP3 User\nwfumzidgw.tmp
2011-06-12 03:36 . 2011-06-12 03:36 175616 ----a-w- c:\windows\system32\MPG4DMOD32.dll
2011-06-12 03:36 . 2011-06-12 03:36 350720 ----a-w- c:\windows\system32\azroles32.dll
2011-06-10 02:20 . 2011-06-10 02:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-06 04:12 . 2011-06-06 04:12 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Citrix
2011-06-02 21:54 . 2011-06-02 21:54 -------- d-----w- C:\NVIDIA
2011-06-02 21:24 . 2011-06-02 21:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2011-06-02 02:26 . 2011-06-02 02:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2011-06-02 02:25 . 2011-06-02 02:25 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Funcom
2011-06-02 02:21 . 2011-06-04 01:01 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Xfire
2011-06-02 02:21 . 2011-06-02 02:21 -------- d-----w- c:\program files\Xfire
2011-06-02 02:18 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-06-02 02:13 . 2011-06-02 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\media center programs
2011-06-02 02:13 . 2011-06-02 02:13 -------- d-----w- c:\program files\Funcom
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 06:09 . 2009-04-14 00:03 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2009-04-14 00:03 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2009-04-14 00:03 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2009-04-14 00:03 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2009-04-14 00:03 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2009-04-14 00:03 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2009-04-14 00:03 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2009-04-14 00:03 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2009-04-14 00:03 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2009-04-14 00:03 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2009-04-14 00:03 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-02 15:31 . 2009-07-21 14:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:49 . 2008-06-19 20:42 841216 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:49 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:49 . 2010-07-28 13:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:49 . 2008-06-19 20:42 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 11:36 . 2008-06-19 20:42 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-05-01 11:11 . 2011-03-31 18:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-26 13:28 . 2011-06-26 13:28 16384 c:\windows\temp\Perflib_Perfdata_5a4.dat
+ 2011-06-26 13:28 . 2011-06-26 13:28 16384 c:\windows\temp\Perflib_Perfdata_44c.dat
+ 2008-04-14 12:00 . 2011-04-25 15:49 44544 c:\windows\system32\pngfilt.dll
- 2008-04-14 12:00 . 2010-01-05 09:57 44544 c:\windows\system32\pngfilt.dll
- 2009-07-21 14:57 . 2010-01-05 09:57 52224 c:\windows\system32\msfeedsbs.dll
+ 2009-07-21 14:57 . 2011-04-25 15:49 52224 c:\windows\system32\msfeedsbs.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 27648 c:\windows\system32\jsproxy.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 27648 c:\windows\system32\jsproxy.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 44544 c:\windows\system32\iernonce.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 44544 c:\windows\system32\iernonce.dll
- 2008-06-19 20:42 . 2010-01-01 06:55 70656 c:\windows\system32\ie4uinit.exe
+ 2008-06-19 20:42 . 2011-04-25 11:35 70656 c:\windows\system32\ie4uinit.exe
- 2008-06-19 20:42 . 2010-01-05 09:57 63488 c:\windows\system32\icardie.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 63488 c:\windows\system32\icardie.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-31 15:33 . 2011-04-25 11:35 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2009-12-31 15:33 . 2010-01-01 06:55 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2010-01-05 10:00 . 2010-01-05 09:57 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 44544 c:\windows\system32\dllcache\iernonce.dll
- 2010-07-28 13:41 . 2010-01-05 09:57 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2010-07-28 13:41 . 2011-04-25 15:49 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-12-31 15:33 . 2010-01-01 06:55 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-12-31 15:33 . 2011-04-25 11:35 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-01-05 10:00 . 2011-04-25 15:49 63488 c:\windows\system32\dllcache\icardie.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 63488 c:\windows\system32\dllcache\icardie.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 17408 c:\windows\system32\dllcache\corpol.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 17408 c:\windows\system32\dllcache\corpol.dll
+ 2011-06-25 13:55 . 2011-06-25 14:16 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-21 15:05 . 2009-07-21 15:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-07-21 15:05 . 2011-06-25 14:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-06-25 13:55 . 2011-06-25 14:16 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-06-23 10:41 . 2010-01-05 09:57 44544 c:\windows\ie7updates\KB2530548-IE7\pngfilt.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 52224 c:\windows\ie7updates\KB2530548-IE7\msfeedsbs.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 27648 c:\windows\ie7updates\KB2530548-IE7\jsproxy.dll
+ 2011-06-23 10:41 . 2010-01-01 06:55 13824 c:\windows\ie7updates\KB2530548-IE7\ieudinit.exe
+ 2011-06-23 10:41 . 2010-01-05 09:57 44544 c:\windows\ie7updates\KB2530548-IE7\iernonce.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 78336 c:\windows\ie7updates\KB2530548-IE7\ieencode.dll
+ 2011-06-23 10:41 . 2010-01-01 06:55 70656 c:\windows\ie7updates\KB2530548-IE7\ie4uinit.exe
+ 2011-06-23 10:41 . 2010-01-05 09:57 63488 c:\windows\ie7updates\KB2530548-IE7\icardie.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 17408 c:\windows\ie7updates\KB2530548-IE7\corpol.dll
- 2008-04-14 12:00 . 2010-01-05 09:57 233472 c:\windows\system32\webcheck.dll
+ 2008-04-14 12:00 . 2011-04-25 15:49 233472 c:\windows\system32\webcheck.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 434176 c:\windows\system32\vbscript.dll
+ 2008-04-14 12:00 . 2011-03-04 06:45 434176 c:\windows\system32\vbscript.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 105984 c:\windows\system32\url.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 105984 c:\windows\system32\url.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 102912 c:\windows\system32\occache.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 102912 c:\windows\system32\occache.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 671232 c:\windows\system32\mstime.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 671232 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2011-04-25 15:49 193024 c:\windows\system32\msrating.dll
- 2008-04-14 12:00 . 2010-01-05 09:57 193024 c:\windows\system32\msrating.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 478208 c:\windows\system32\mshtmled.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 468480 c:\windows\system32\msfeeds.dll
- 2008-04-14 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2008-04-14 12:00 . 2011-03-04 06:45 512000 c:\windows\system32\jscript.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 268288 c:\windows\system32\iertutil.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 268288 c:\windows\system32\iertutil.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 193024 c:\windows\system32\iepeers.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 388608 c:\windows\system32\iedkcs32.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 388608 c:\windows\system32\iedkcs32.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 380928 c:\windows\system32\ieapfltr.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 380928 c:\windows\system32\ieapfltr.dll
- 2008-06-19 20:42 . 2009-12-18 06:58 161792 c:\windows\system32\ieakui.dll
+ 2008-06-19 20:42 . 2011-04-21 10:33 161792 c:\windows\system32\ieakui.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 230400 c:\windows\system32\ieaksie.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 230400 c:\windows\system32\ieaksie.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 153088 c:\windows\system32\ieakeng.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 153088 c:\windows\system32\ieakeng.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 132608 c:\windows\system32\extmgr.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 132608 c:\windows\system32\extmgr.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 214528 c:\windows\system32\dxtrans.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 214528 c:\windows\system32\dxtrans.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 347136 c:\windows\system32\dxtmsft.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 347136 c:\windows\system32\dxtmsft.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 841216 c:\windows\system32\dllcache\wininet.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 841216 c:\windows\system32\dllcache\wininet.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 233472 c:\windows\system32\dllcache\webcheck.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2008-05-09 10:53 . 2011-03-04 06:45 434176 c:\windows\system32\dllcache\vbscript.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 105984 c:\windows\system32\dllcache\url.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 105984 c:\windows\system32\dllcache\url.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 102912 c:\windows\system32\dllcache\occache.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 102912 c:\windows\system32\dllcache\occache.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 671232 c:\windows\system32\dllcache\mstime.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 671232 c:\windows\system32\dllcache\mstime.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 193024 c:\windows\system32\dllcache\msrating.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 193024 c:\windows\system32\dllcache\msrating.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 468480 c:\windows\system32\dllcache\msfeeds.dll
- 2010-03-02 12:14 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2010-03-02 12:14 . 2011-03-04 06:45 512000 c:\windows\system32\dllcache\jscript.dll
+ 2009-12-18 13:05 . 2011-04-21 10:34 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2010-01-05 10:00 . 2011-04-25 15:49 268288 c:\windows\system32\dllcache\iertutil.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 193024 c:\windows\system32\dllcache\iepeers.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 388608 c:\windows\system32\dllcache\iedkcs32.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 388608 c:\windows\system32\dllcache\iedkcs32.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2009-12-18 13:04 . 2009-12-18 06:58 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2009-12-18 13:04 . 2011-04-21 10:33 161792 c:\windows\system32\dllcache\ieakui.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 132608 c:\windows\system32\dllcache\extmgr.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 132608 c:\windows\system32\dllcache\extmgr.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 124928 c:\windows\system32\dllcache\advpack.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 124928 c:\windows\system32\dllcache\advpack.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 124928 c:\windows\system32\advpack.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 124928 c:\windows\system32\advpack.dll
+ 2011-06-23 10:41 . 2008-06-19 20:42 765952 c:\windows\ie7updates\KB2544521-IE7\vgx.dll
+ 2011-06-23 10:41 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2544521-IE7\spuninst\updspapi.dll
+ 2011-06-23 10:41 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2544521-IE7\spuninst\spuninst.exe
+ 2011-06-23 10:41 . 2010-01-05 09:57 841216 c:\windows\ie7updates\KB2530548-IE7\wininet.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 233472 c:\windows\ie7updates\KB2530548-IE7\webcheck.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 105984 c:\windows\ie7updates\KB2530548-IE7\url.dll
+ 2011-06-23 10:41 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2530548-IE7\spuninst\updspapi.dll
+ 2011-06-23 10:41 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2530548-IE7\spuninst\spuninst.exe
+ 2011-06-23 10:41 . 2010-01-05 09:57 102912 c:\windows\ie7updates\KB2530548-IE7\occache.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 671232 c:\windows\ie7updates\KB2530548-IE7\mstime.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 193024 c:\windows\ie7updates\KB2530548-IE7\msrating.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 477696 c:\windows\ie7updates\KB2530548-IE7\mshtmled.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 459264 c:\windows\ie7updates\KB2530548-IE7\msfeeds.dll
+ 2011-06-23 10:41 . 2009-12-18 07:00 634632 c:\windows\ie7updates\KB2530548-IE7\iexplore.exe
+ 2011-06-23 10:41 . 2010-01-05 09:57 268288 c:\windows\ie7updates\KB2530548-IE7\iertutil.dll
+ 2011-06-23 10:41 . 2010-01-05 10:00 192512 c:\windows\ie7updates\KB2530548-IE7\iepeers.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 388608 c:\windows\ie7updates\KB2530548-IE7\iedkcs32.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 380928 c:\windows\ie7updates\KB2530548-IE7\ieapfltr.dll
+ 2011-06-23 10:41 . 2009-12-18 06:58 161792 c:\windows\ie7updates\KB2530548-IE7\ieakui.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 230400 c:\windows\ie7updates\KB2530548-IE7\ieaksie.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 153088 c:\windows\ie7updates\KB2530548-IE7\ieakeng.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 132608 c:\windows\ie7updates\KB2530548-IE7\extmgr.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 214528 c:\windows\ie7updates\KB2530548-IE7\dxtrans.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 347136 c:\windows\ie7updates\KB2530548-IE7\dxtmsft.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 124928 c:\windows\ie7updates\KB2530548-IE7\advpack.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 1172480 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2011-04-25 15:49 3610624 c:\windows\system32\mshtml.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 6081024 c:\windows\system32\ieframe.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 1172480 c:\windows\system32\dllcache\urlmon.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 3610624 c:\windows\system32\dllcache\mshtml.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 6081024 c:\windows\system32\dllcache\ieframe.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 1170944 c:\windows\ie7updates\KB2530548-IE7\urlmon.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 3602944 c:\windows\ie7updates\KB2530548-IE7\mshtml.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 6071296 c:\windows\ie7updates\KB2530548-IE7\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D7F23B4-52D8-4281-9049-59E58F87FA04}]
2011-06-12 03:36 350720 ----a-w- c:\windows\system32\azroles32.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1875F6F-629F-1803-DEA7-6D668C1CD327}]
2011-06-12 03:36 175616 ----a-w- c:\windows\system32\MPG4DMOD32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-25 2424192]
"DVDXGhost"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2011-04-25 124928]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\ExecuteHooker.dll" [2005-11-14 90112]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^XP PRO SP3 User^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\XP PRO SP3 User\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Documents and Settings\\XP PRO SP3 User\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\ConanPatcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\AgeOfConan.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"67:UDP"= 67:UDP:DHCP Server
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 118784]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/2/2011 5:55 PM 2214504]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [9/29/2010 7:00 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [9/29/2010 7:00 AM 185640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/25/2011 6:34 PM 22712]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/9/2009 9:35 AM 1358720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/25/2011 6:34 PM 366640]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/25/2011 6:34 PM 39984]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2010-02-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
2011-06-26 c:\windows\Tasks\User_Feed_Synchronization-{479ED8AD-700D-40D2-AAC4-5341B9455E95}.job
- c:\windows\system32\msfeedssync.exe [2009-07-21 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-06-26 09:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-26 09:43:03
ComboFix-quarantined-files.txt 2011-06-26 13:42
ComboFix2.txt 2011-06-22 03:19
ComboFix3.txt 2010-08-14 01:53
ComboFix4.txt 2010-08-14 01:27
.
Pre-Run: 946,152,046,592 bytes free
Post-Run: 946,152,148,992 bytes free
.
- - End Of File - - 361127DD53C083C9518BC81A4086FC97

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by Sneakyone on Mon 27 Jun 2011, 3:30 pm

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Thu 30 Jun 2011, 7:00 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.21300 (vista_ldr.110420-1745)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=8be9eb6812be404db99562e15e4f44bc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-29 03:24:31
# local_time=2011-06-28 11:24:31 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=77483
# found=48
# cleaned=48
# scan_time=2731
C:\Documents and Settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{deaf61f4-dc5f-4d97-8f44-82491aa3eedd}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{deaf61f4-dc5f-4d97-8f44-82491aa3eedd}\chrome\xulcache.jar JS/Agent.NDB trojan (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\12\21b718cc-24b7169d a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\12\21b718cc-45497a69 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\12\21b718cc-5f416e79 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\12\21b718cc-65e49341 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\12\21b718cc-690b5364 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\12\21b718cc-70fae36b a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\16\14d1d290-36cefbf0 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\3\3958e6c3-3595a008 a variant of Java/TrojanDownloader.OpenStream.NBF trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\33\2cc07e61-27072665 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\33\2cc07e61-288eb7a3 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\33\2cc07e61-41569012 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\33\2cc07e61-4fa81347 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\33\2cc07e61-63436d1e a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\33\2cc07e61-6b727b42 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\48\13673cb0-3e855151 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\56\2915c078-4917ef87 a variant of Win32/Kryptik.PMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\60\10bb59bc-20dcaf6b Java/TrojanDownloader.Agent.NCM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\nedmkmhnicpbfmhehjfkckallimfmpmb\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Local Settings\temp\NOD1DA5.tmp JS/Agent.NDB trojan (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\My Documents\BACKUP MEDIA\Software Backup Disc.iso Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\XP PRO SP3 User\0.34171473515149076.exe.vir a variant of Win32/Kryptik.OYY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}\chrome\xulcache.jar.vir JS/Agent.NDB trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}\chrome\xulcache.jar.vir JS/Agent.NDB trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP332\A0153928.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP332\A0154954.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP332\A0155953.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP332\A0160983.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP333\A0160990.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP334\A0161716.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP339\A0166954.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP339\A0166972.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP340\A0167393.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP340\A0167536.exe a variant of Win32/Kryptik.OYY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP340\A0167537.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP343\A0167902.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP343\A0168888.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP344\A0170090.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP344\A0170172.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP344\A0170198.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP345\A0170202.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP345\A0170222.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP346\A0170242.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\azroles32.dll a variant of Win32/Kryptik.NHY trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\MPG4DMOD32.dll a variant of Win32/Kryptik.OKQ trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by Sneakyone on Thu 30 Jun 2011, 1:29 pm

Hi,

Could you please re-run ComboFix?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Fri 01 Jul 2011, 3:20 pm

Yes no Problem

ComboFix 11-06-30.03 - XP PRO SP3 User 06/30/2011 23:31:05.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2939 [GMT -4:00]
Running from: c:\documents and settings\XP PRO SP3 User\Desktop\commy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363C.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363O.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363P.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363S.manifest
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-06-30 03:04 . 2011-06-30 03:05 162304 --sha-w- c:\windows\system32\MP4SDMOD32.dll
2011-06-30 03:04 . 2011-06-30 03:04 561664 ----a-w- c:\windows\system32\kbdnec32.exe
2011-06-30 03:04 . 2011-06-30 03:04 561664 ----a-w- c:\windows\system32\apphelp32.exe
2011-06-30 03:04 . 2011-06-30 03:04 362496 ----a-w- c:\windows\system32\azroles32.dll
2011-06-29 02:36 . 2011-06-29 02:36 -------- d-----w- c:\program files\ESET
2011-06-25 22:34 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-25 22:34 . 2011-06-25 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-25 22:34 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 00:26 . 2011-06-25 01:16 -------- d-----w- c:\program files\SBR Poker
2011-06-22 20:01 . 2011-04-30 08:50 766464 ------w- c:\windows\system32\dllcache\vgx.dll
2011-06-22 02:41 . 2011-06-22 03:20 -------- d-----w- C:\commy
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\program files\Raxco
2011-06-18 18:01 . 2011-06-18 18:01 -------- d-----w- c:\program files\DiskTrix
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\IObit
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\program files\IObit
2011-06-18 13:49 . 2011-06-18 13:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-16 20:26 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-12 14:58 . 2011-06-12 14:58 0 ---ha-w- c:\documents and settings\XP PRO SP3 User\nwfumzidgw.tmp
2011-06-10 02:20 . 2011-06-10 02:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-06 04:12 . 2011-06-06 04:12 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Citrix
2011-06-02 21:54 . 2011-06-02 21:54 -------- d-----w- C:\NVIDIA
2011-06-02 21:24 . 2011-06-02 21:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2011-06-02 02:26 . 2011-06-02 02:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2011-06-02 02:25 . 2011-06-02 02:25 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Funcom
2011-06-02 02:21 . 2011-06-04 01:01 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Xfire
2011-06-02 02:21 . 2011-06-02 02:21 -------- d-----w- c:\program files\Xfire
2011-06-02 02:18 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-06-02 02:13 . 2011-06-02 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\media center programs
2011-06-02 02:13 . 2011-06-02 02:13 -------- d-----w- c:\program files\Funcom
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 06:09 . 2009-04-14 00:03 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2009-04-14 00:03 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2009-04-14 00:03 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2009-04-14 00:03 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2009-04-14 00:03 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2009-04-14 00:03 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2009-04-14 00:03 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2009-04-14 00:03 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2009-04-14 00:03 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2009-04-14 00:03 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2009-04-14 00:03 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-02 15:31 . 2009-07-21 14:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:49 . 2008-06-19 20:42 841216 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:49 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:49 . 2010-07-28 13:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:49 . 2008-06-19 20:42 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 11:36 . 2008-06-19 20:42 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-05-01 11:11 . 2011-03-31 18:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-26_13.40.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-30 05:12 . 2011-06-30 05:12 16384 c:\windows\temp\Perflib_Perfdata_664.dat
+ 2011-07-01 03:27 . 2011-07-01 03:27 16384 c:\windows\temp\Perflib_Perfdata_4dc.dat
+ 2009-06-25 08:25 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D7F23B4-52D8-4281-9049-59E58F87FA04}]
2011-06-30 03:04 362496 ----a-w- c:\windows\system32\azroles32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-25 2424192]
"DVDXGhost"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2011-04-25 124928]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\ExecuteHooker.dll" [2005-11-14 90112]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^XP PRO SP3 User^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\XP PRO SP3 User\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Documents and Settings\\XP PRO SP3 User\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\ConanPatcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\AgeOfConan.exe"=
"c:\\WINDOWS\\system32\\apphelp32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"67:UDP"= 67:UDP:DHCP Server
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 118784]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/2/2011 5:55 PM 2214504]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [9/29/2010 7:00 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [9/29/2010 7:00 AM 185640]
R2 upnphost32;Universal Plug and Play Device Host ;c:\windows\system32\apphelp32.exe [6/29/2011 11:04 PM 561664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/25/2011 6:34 PM 22712]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/9/2009 9:35 AM 1358720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/25/2011 6:34 PM 366640]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/25/2011 6:34 PM 39984]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2010-02-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
2011-07-01 c:\windows\Tasks\User_Feed_Synchronization-{479ED8AD-700D-40D2-AAC4-5341B9455E95}.job
- c:\windows\system32\msfeedssync.exe [2009-07-21 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-06-30 23:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-30 23:42:10
ComboFix-quarantined-files.txt 2011-07-01 03:42
ComboFix2.txt 2011-06-26 13:43
ComboFix3.txt 2011-06-22 03:19
ComboFix4.txt 2010-08-14 01:53
ComboFix5.txt 2011-06-30 05:07
.
Pre-Run: 945,995,718,656 bytes free
Post-Run: 945,993,609,216 bytes free
.
- - End Of File - - 16643BDF98226111D9C6B432DFA23E55

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by Sneakyone on Sat 02 Jul 2011, 3:30 pm

Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\MP4SDMOD32.dll
    c:\windows\system32\kbdnec32.exe
    c:\windows\system32\apphelp32.exe
    c:\windows\system32\azroles32.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D7F23B4-52D8-4281-9049-59E58F87FA04}]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\apphelp32.exe"=-

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible Virus

Post by DLy4287 on Mon 04 Jul 2011, 3:48 am

ComboFix 11-07-02.03 - XP PRO SP3 User 07/03/2011 12:30:57.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2944 [GMT -4:00]
Running from: c:\documents and settings\XP PRO SP3 User\Desktop\commy.exe
Command switches used :: C:\CFScript.txt
.
FILE ::
"c:\windows\system32\apphelp32.exe"
"c:\windows\system32\azroles32.dll"
"c:\windows\system32\kbdnec32.exe"
"c:\windows\system32\MP4SDMOD32.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363C.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363O.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363P.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363S.manifest
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aea1f9fb-2941-4f78-a3b8-4b734aec0506}
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aea1f9fb-2941-4f78-a3b8-4b734aec0506}\chrome.manifest
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aea1f9fb-2941-4f78-a3b8-4b734aec0506}\chrome\xulcache.jar
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aea1f9fb-2941-4f78-a3b8-4b734aec0506}\defaults\preferences\xulcache.js
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aea1f9fb-2941-4f78-a3b8-4b734aec0506}\install.rdf
c:\windows\system32\apphelp32.exe
c:\windows\system32\azroles32.dll
c:\windows\system32\kbdnec32.exe
c:\windows\system32\MP4SDMOD32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_upnphost32
-------\Service_upnphost32
.
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 16:38 . 2011-06-30 03:04 561664 ----a-w- c:\windows\system32\azroles32.exe
2011-07-03 16:11 . 2011-07-03 16:11 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-03 16:11 . 2011-07-03 16:11 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 02:36 . 2011-06-29 02:36 -------- d-----w- c:\program files\ESET
2011-06-25 22:34 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-25 22:34 . 2011-06-25 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-25 22:34 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 00:26 . 2011-06-25 01:16 -------- d-----w- c:\program files\SBR Poker
2011-06-22 20:01 . 2011-04-30 08:50 766464 ------w- c:\windows\system32\dllcache\vgx.dll
2011-06-22 02:41 . 2011-06-22 03:20 -------- d-----w- C:\commy
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\program files\Raxco
2011-06-18 18:01 . 2011-06-18 18:01 -------- d-----w- c:\program files\DiskTrix
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\IObit
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\program files\IObit
2011-06-18 13:49 . 2011-06-18 13:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-16 20:26 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-12 14:58 . 2011-06-12 14:58 0 ---ha-w- c:\documents and settings\XP PRO SP3 User\nwfumzidgw.tmp
2011-06-10 02:20 . 2011-06-10 02:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-06 04:12 . 2011-06-06 04:12 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 06:09 . 2009-04-14 00:03 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2009-04-14 00:03 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2009-04-14 00:03 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2009-04-14 00:03 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-02 21:55 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-06-02 21:55 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 06:09 . 2011-06-02 21:55 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 06:09 . 2011-06-02 21:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-02 21:55 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2009-04-14 00:03 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2009-04-14 00:03 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2009-04-14 00:03 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2011-06-02 21:55 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2009-04-14 00:03 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2009-04-14 00:03 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2009-04-14 00:03 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2009-04-14 00:03 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-02 15:31 . 2009-07-21 14:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:49 . 2008-06-19 20:42 841216 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:49 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:49 . 2010-07-28 13:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:49 . 2008-06-19 20:42 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 11:36 . 2008-06-19 20:42 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-07-03 16:11 . 2011-03-31 18:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-26_13.40.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-03 16:42 . 2011-07-03 16:42 16384 c:\windows\temp\Perflib_Perfdata_7c4.dat
+ 2011-07-03 16:27 . 2011-07-03 16:27 16384 c:\windows\temp\Perflib_Perfdata_7a0.dat
+ 2011-07-03 16:40 . 2011-07-03 16:40 16384 c:\windows\temp\Perflib_Perfdata_6c0.dat
+ 2011-07-03 16:40 . 2011-07-03 16:40 16384 c:\windows\temp\Perflib_Perfdata_564.dat
+ 2009-06-25 08:25 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-25 2424192]
"DVDXGhost"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2011-04-25 124928]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\ExecuteHooker.dll" [2005-11-14 90112]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^XP PRO SP3 User^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\XP PRO SP3 User\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Documents and Settings\\XP PRO SP3 User\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\ConanPatcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\AgeOfConan.exe"=
"c:\\WINDOWS\\system32\\azroles32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"67:UDP"= 67:UDP:DHCP Server
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 Dot3svc32;Wired AutoConfig ;c:\windows\system32\azroles32.exe [7/3/2011 12:38 PM 561664]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 118784]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/2/2011 5:55 PM 2214504]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [9/29/2010 7:00 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [9/29/2010 7:00 AM 185640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/25/2011 6:34 PM 22712]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/9/2009 9:35 AM 1358720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/25/2011 6:34 PM 366640]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/25/2011 6:34 PM 39984]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2010-02-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
2011-07-03 c:\windows\Tasks\User_Feed_Synchronization-{479ED8AD-700D-40D2-AAC4-5341B9455E95}.job
- c:\windows\system32\msfeedssync.exe [2009-07-21 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-07-03 12:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2680)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\LClock\LC.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\kbdnec32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2011-07-03 12:45:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-03 16:45
ComboFix2.txt 2011-07-01 03:42
ComboFix3.txt 2011-06-26 13:43
ComboFix4.txt 2011-06-22 03:19
ComboFix5.txt 2011-07-03 16:22
.
Pre-Run: 945,997,746,176 bytes free
Post-Run: 945,984,434,176 bytes free
.
- - End Of File - - 0F8416135E0E6AEE25647E6CAAB84E70

DLy4287

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-06-12
Operating System : windows XP

View user profile

Back to top Go down

Re: Possible Virus

Post by Sponsored content Today at 2:33 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum