Jump to content

Possible Infection?


Recommended Posts

Hello,

To be honest, I am not exactly sure what the cause of my computer's recent behaviour is. A friend recently recommended I get a new firewall, which I did.

After installing COMODO Firewall I decided it was probably best to do a clean up of my computer and that is where the issues started. Spybot - S&D seems to work and found 70 items of concern which I removed. I also ran an Avast! boot time scan and full scan. The boot scan found a single file which I quarantined, and the full scan was all clear.

Then I attempted to run Malwarebytes Quick Scan. It got about 3 minutes into the scan and crashed. I received the typical Windows notice that it had "encountered a problem and needed to close."

When I proceeded to attempt it again after a restart it informed me that Malwarebytes was already running. After checking everything over I decided that it was most definitely not running and opened the .exe after changing its name to winlogon.exe only to have it crash again during the scan.

I've been getting my fair amount of warnings on start up from my COMODO too, so I'm curious to know what exactly is hiding in my computer, if anything at all?

I posted here because I' not really sure where or what the problem might be, so any advice you'd have to offer would be wonderful.

Link to post
Share on other sites

Hi FantaLain and Welcome to Malwarebytes Forum!

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Link to post
Share on other sites

Hello again, sorry for the delay I seem to be dealing with a minor medical emergency at the moment.

Here are the logs you asked for:

DDS.txt

DDS (Ver_10-11-05.01) - NTFSx86

Run by Emily1 at 13:59:35.17 on 11/07/2010 Sun

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.1023.505 [GMT -5:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINNT\system32\svchost.exe -k netsvcs

C:\WINNT\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINNT\Explorer.EXE

C:\WINNT\RTHDCPL.EXE

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINNT\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINNT\system32\svchost.exe -k imgsvc

C:\Program Files\iPod\bin\iPodService.exe

C:\WINNT\System32\svchost.exe -k HTTPFilter

C:\WINNT\system32\wscntfy.exe

C:\Documents and Settings\Emily1\Desktop\dds.scr

C:\WINNT\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.youtube.com/

udefault_page_url = hxxp://english.isoshu.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [synchronization Manager] mobsync.exe /logon

mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NvMediaCenter] RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iMJPMIG8.1] "c:\winnt\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\winnt\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\winnt\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\winnt\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

mPolicies-system: DisableStatusMessages = 1 (0x1)

IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: {378F0644-8B65-4CB9-8C0C-F402B7727320} = 156.154.70.22,156.154.71.22

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\emily1\applic~1\mozilla\firefox\profiles\rf53p9i5.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/user/FantaLain

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\progra~1\sonyon~1\npsoe.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\winnt\system32\drivers\aswSP.sys [2009-6-4 165584]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\winnt\system32\drivers\cmdGuard.sys [2010-9-10 239240]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\winnt\system32\drivers\cmdhlp.sys [2010-9-10 25240]

R1 mfehidk;McAfee Inc. mfehidk;c:\winnt\system32\drivers\mfehidk.sys [2008-5-8 214024]

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]

R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [2009-6-4 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-9 40384]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1901056]

R2 cpuz133;cpuz133;c:\winnt\system32\drivers\cpuz133_x32.sys [2010-7-5 20968]

S2 seb1jojetpouaa8k;DeepSight Extractor Service for NP08;c:\winnt\system32\ilihdo.exe /service --> c:\winnt\system32\ilihdo.exe [?]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-9 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-9 40384]

S3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;c:\winnt\system32\drivers\DLKRTS.SYS [2007-10-9 25434]

S3 giveiosys;giveiosys;\??\e:\sho\giveio.sys --> e:\sho\giveio.sys [?]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\winnt\system32\drivers\mfeavfk.sys [2008-5-8 79880]

S3 mfebopk;McAfee Inc. mfebopk;c:\winnt\system32\drivers\mfebopk.sys [2008-5-8 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\winnt\system32\drivers\mferkdk.sys [2008-5-8 34216]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\winnt\system32\drivers\mfesmfk.sys [2008-5-8 40552]

S3 npggsvc;nProtect GameGuard Service;c:\winnt\system32\gamemon.des -service --> c:\winnt\system32\GameMon.des -service [?]

S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2007-10-9 49776]

S3 XDva143;XDva143;\??\c:\winnt\system32\xdva143.sys --> c:\winnt\system32\XDva143.sys [?]

=============== Created Last 30 ================

2010-11-06 22:04:23 -------- d-----w- c:\docume~1\emily1\applic~1\Malwarebytes

2010-11-06 22:03:57 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2010-11-06 22:03:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-11-06 22:03:53 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys

2010-11-06 22:03:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-06 07:37:34 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-11-06 07:37:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-11-06 07:32:34 -------- d-----w- c:\program files\COMODO

2010-11-06 07:31:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo

2010-10-15 17:51:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment

2010-10-13 03:31:53 617472 -c----w- c:\winnt\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\winnt\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\winnt\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\winnt\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\winnt\system32\mfc40u.dll

2010-09-11 03:41:40 285480 ----a-w- c:\winnt\system32\guard32.dll

2010-09-10 18:07:53 483840 ----a-w- c:\winnt\system32\SWFLASH6.OCX

2010-09-09 14:16:31 667136 ----a-w- c:\winnt\system32\wininet.dll

2010-09-09 14:16:30 61952 ----a-w- c:\winnt\system32\tdc.ocx

2010-09-09 14:16:29 81920 ----a-w- c:\winnt\system32\ieencode.dll

2010-09-08 16:49:49 369664 ----a-w- c:\winnt\system32\html.iec

2010-09-07 15:12:17 38848 ----a-w- c:\winnt\avastSS.scr

2010-09-01 11:51:14 285824 ----a-w- c:\winnt\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\winnt\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\winnt\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\winnt\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\winnt\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\winnt\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\winnt\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\winnt\system32\rpcrt4.dll

1998-12-08 23:53:54 99840 -c--a-w- c:\program files\common files\IRAABOUT.DLL

1998-12-08 23:53:54 70144 -c--a-w- c:\program files\common files\IRAMDMTR.DLL

1998-12-08 23:53:54 48640 -c--a-w- c:\program files\common files\IRALPTTR.DLL

1998-12-08 23:53:54 31744 -c--a-w- c:\program files\common files\IRAWEBTR.DLL

1998-12-08 23:53:54 186368 -c--a-w- c:\program files\common files\IRAREG.DLL

1998-12-08 23:53:54 17920 -c--a-w- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 14:02:09.43 ===============

Attach.txt

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/2/2007 12:55:00 PM

System Uptime: 11/7/2010 1:40:07 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5GC-MX

Processor: Genuine Intel® CPU 2140 @ 1.60GHz | LGA 775 | 1599/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 20 GiB total, 2.672 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 38 GiB total, 3.639 GiB free.

F: is CDROM ()

G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description:

Device ID: ACPI\ATK0110\1010110

Manufacturer:

Name:

PNP Device ID: ACPI\ATK0110\1010110

Service:

==== System Restore Points ===================

RP949: 10/18/2010 5:36:59 AM - System Checkpoint

RP950: 10/19/2010 5:59:55 AM - System Checkpoint

RP951: 10/20/2010 3:35:04 PM - System Checkpoint

RP952: 10/21/2010 4:39:28 PM - System Checkpoint

RP953: 10/24/2010 6:04:33 PM - System Checkpoint

RP954: 10/25/2010 6:51:40 PM - System Checkpoint

RP955: 10/26/2010 7:35:07 PM - System Checkpoint

RP956: 10/27/2010 11:07:55 PM - System Checkpoint

RP957: 10/29/2010 3:05:56 PM - System Checkpoint

RP958: 10/30/2010 3:31:52 PM - System Checkpoint

RP959: 10/31/2010 5:30:17 PM - System Checkpoint

RP960: 11/2/2010 1:10:51 PM - System Checkpoint

RP961: 11/3/2010 1:13:04 PM - System Checkpoint

RP962: 11/4/2010 5:17:28 PM - System Checkpoint

RP963: 11/5/2010 5:33:58 PM - System Checkpoint

RP964: 11/6/2010 7:17:26 PM - System Checkpoint

==== Installed Programs ======================

{PRODUCT_NAME}

Acrobat.com

Action Replay Code Manager

Ad-Aware

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.4

Adobe Shockwave Player 11.5

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoStudio 5.5

Atheros Communications Inc.® L2 Fast Ethernet Driver

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

AusLogics BoostSpeed

avast! Free Antivirus

AviSynth 2.5

Canon MP Navigator 3.0

Canon MP160

Canon Utilities Easy-PhotoPrint

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

COMODO Internet Security

Compatibility Pack for the 2007 Office system

ConvertHelper 2.2

CPUID CPU-Z 1.54

DivX Content Uploader

DivX Web Player

Easy-WebPrint

EVEREST Home Edition v2.20

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

iTunes

Japanese Fonts Support For Adobe Reader 9

Java Auto Updater

Java 6 Update 2

Java 6 Update 20

Junk Mail filter update

Malwarebytes' Anti-Malware

MaxDrive PS2

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office 2000 SR-1 Premium

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Windows Journal Viewer

Mozilla Firefox (3.6.12)

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

NVIDIA Drivers

Pando Media Booster

PowerDVD

QuickTime

RealPlayer

Realtek High Definition Audio Driver

Rhapsody Player Engine

ScanSoft OmniPage SE 4.0

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Skins

Skype Toolbars

Skype? 4.2

SpeedFan (remove only)

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

Ventrilo Client

VideoLAN VLC media player 0.8.6d

Videora iPod nano Converter 3.05

WebFldrs XP

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Writer

Windows XP Service Pack 3

WinRAR archiver

World of Warcraft

Xfire (remove only)

?Torrent

==== Event Viewer Messages From Past Week ========

11/4/2010 3:30:31 PM, error: Print [19] - Sharing printer failed + 1722, Printer Canon MP160 Printer share name Canon MP160 Printer.

==== End Of File ===========================

Link to post
Share on other sites

Hello again, sorry for the delay I seem to be dealing with a minor medical emergency at the moment.

Hope all is well.

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Are you the Admin? If not log on as Administrator. If you still can't run combofix.exe. Then Lets run ComboFix in Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Then double click ComboFix to run it and be sure to save the log and post it here please.

Note:

Reboot back to normal Windows.

Link to post
Share on other sites

Posting from another computer.

I am the Admin and never had access problems before, so I went ahead and ran ComboFix in Safe mode. All was well, it started up fine and began the scanning process but like you mentioned in your previous post it did attempt to dl Miscrosoft Recovery Console. Being in safe mode of course that wasn't a viable option and it aborted the dl and continued with the scan.

I let it do its thing because I wasn't sure if there would be repercussions in trying to close or stop the scan so I let it be. It rebooted my pc and a number of things occured. First ComboFix warned me against running any programs until it was finished. Then Skype opened, followed by my COMODO firewall. It then produced a number of lines saying Access Denied and the box closed.

Everything now appears to be partially frozen or severely lagging. I would reboot but I think CF may still be running? I thought I had turned my firewall off completely, and assumed like my AV it would stay off.

As of this moment I'm unsure how to disable the feature that opens the firewall upon boot. It doesn't appear to be an option when I opened its interface. Skype I can handle, and obviously I need to get my hands on the Recovery Console before trying the CF scan again.

Essentially, is it all right to reboot even if CF might still be running in the background? If my computer starts co-operating before then I will try to dl the Recovery console and such. My computer is quite old and slow so it doesn't recover very quickly when a process or program crashes which may be why its lagging so badly atm.

Id rather avoid uninstalling COMODO if possible.

Sorry this has become unnecessarily complicated, and thanks again for your help.

Link to post
Share on other sites

In normal mode... Please turn Off all your Security then click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\Combofix.exe" /KillAll

If Combofix was saved on the desktop as Combofix.exe, the application will launch. When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" .

Link to post
Share on other sites

Sorry to double post, just checked my computer and nothing will run. The browser wont open, and any programs that do only get about halfway open and freeze. I really don't know what to do with it right now, since I'd rather not leave it running all night and I need to get some sleep sometime.

Anyways, just thought Id let you know at this point the computer is fairly unusable.

Link to post
Share on other sites

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

Next

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Then try to run Combofix please.

Link to post
Share on other sites

Hello again.

Sorry for the long delay in response, things went a bit crazy here temporarily and I had no Internet access for about a day and a half.

However, after running ATF, a few solid thwacks, and a deep breath or two it appears my computer was ready to comply and run Combofix.

Here is the log.txt from the scan:

ComboFix 10-11-10.01 - Emily1 0/2010 Wed 17:26:08.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.1023.525 [GMT -5:00]

Running from: c:\documents and settings\Emily1\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\winnt\system32\SARCheck.dll

c:\winnt\system32\spool\prtprocs\w32x86\OLFPNT40.DLL

c:\winnt\Web\default.htt

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_IAS

((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))

.

2010-11-10 22:18 . 2010-11-10 22:18 -------- d-----w- c:\program files\Common Files\Adobe

2010-11-06 22:04 . 2010-11-06 22:04 -------- d-----w- c:\documents and settings\Emily1\Application Data\Malwarebytes

2010-11-06 22:03 . 2010-04-29 19:39 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2010-11-06 22:03 . 2010-11-06 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-06 22:03 . 2010-04-29 19:39 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys

2010-11-06 22:03 . 2010-11-07 08:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-06 07:37 . 2010-11-06 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-11-06 07:37 . 2010-11-06 07:42 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-11-06 07:31 . 2010-11-10 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo

2010-10-15 18:00 . 2010-10-15 18:04 -------- d-----w- c:\documents and settings\Emily1\Application Data\Ventrilo

2010-10-15 17:51 . 2010-10-15 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

2010-10-13 03:31 . 2010-08-23 16:12 617472 -c----w- c:\winnt\system32\dllcache\comctl32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 16:23 . 2004-08-04 04:56 974848 ----a-w- c:\winnt\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-04 04:56 974848 ----a-w- c:\winnt\system32\mfc42.dll

2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\winnt\system32\mfc40.dll

2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\winnt\system32\mfc40u.dll

2010-09-10 18:07 . 2010-09-10 18:07 483840 ----a-w- c:\winnt\system32\SWFLASH6.OCX

2010-09-09 14:16 . 2004-08-04 04:56 667136 ----a-w- c:\winnt\system32\wininet.dll

2010-09-09 14:16 . 2004-08-04 02:59 61952 ----a-w- c:\winnt\system32\tdc.ocx

2010-09-09 14:16 . 2010-08-06 19:37 81920 ----a-w- c:\winnt\system32\ieencode.dll

2010-09-08 16:49 . 2004-08-04 02:59 369664 ----a-w- c:\winnt\system32\html.iec

2010-09-07 15:12 . 2010-07-10 01:25 38848 ----a-w- c:\winnt\avastSS.scr

2010-09-07 15:11 . 2009-06-05 00:01 167592 ----a-w- c:\winnt\system32\aswBoot.exe

2010-09-07 14:52 . 2009-06-05 00:01 46672 ----a-w- c:\winnt\system32\drivers\aswTdi.sys

2010-09-07 14:52 . 2009-06-05 00:01 165584 ----a-w- c:\winnt\system32\drivers\aswSP.sys

2010-09-07 14:47 . 2009-06-05 00:01 23376 ----a-w- c:\winnt\system32\drivers\aswRdr.sys

2010-09-07 14:47 . 2009-06-05 00:01 100176 ----a-w- c:\winnt\system32\drivers\aswmon2.sys

2010-09-07 14:47 . 2009-06-05 00:01 94544 ----a-w- c:\winnt\system32\drivers\aswmon.sys

2010-09-07 14:47 . 2009-06-05 00:01 17744 ----a-w- c:\winnt\system32\drivers\aswFsBlk.sys

2010-09-07 14:46 . 2009-06-05 00:01 28880 ----a-w- c:\winnt\system32\drivers\aavmker4.sys

2010-09-01 11:51 . 2004-08-04 04:56 285824 ----a-w- c:\winnt\system32\atmfd.dll

2010-08-31 13:42 . 2004-08-04 03:17 1852800 ----a-w- c:\winnt\system32\win32k.sys

2010-08-27 08:02 . 2004-08-04 04:56 119808 ----a-w- c:\winnt\system32\t2embed.dll

2010-08-27 05:57 . 2004-08-04 04:56 99840 ----a-w- c:\winnt\system32\srvsvc.dll

2010-08-26 13:39 . 2004-08-04 03:14 357248 ----a-w- c:\winnt\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-04-16 05:21 5120 ----a-w- c:\winnt\system32\xpsp4res.dll

2010-08-23 16:12 . 2004-08-04 04:56 617472 ----a-w- c:\winnt\system32\comctl32.dll

2010-08-17 13:17 . 2004-08-04 04:56 58880 ----a-w- c:\winnt\system32\spoolsv.exe

2010-08-16 08:45 . 2004-08-04 04:56 590848 ----a-w- c:\winnt\system32\rpcrt4.dll

1998-12-08 23:53 . 1998-12-08 23:53 99840 -c--a-w- c:\program files\Common Files\IRAABOUT.DLL

1998-12-08 23:53 . 1998-12-08 23:53 70144 -c--a-w- c:\program files\Common Files\IRAMDMTR.DLL

1998-12-08 23:53 . 1998-12-08 23:53 48640 -c--a-w- c:\program files\Common Files\IRALPTTR.DLL

1998-12-08 23:53 . 1998-12-08 23:53 31744 -c--a-w- c:\program files\Common Files\IRAWEBTR.DLL

1998-12-08 23:53 . 1998-12-08 23:53 186368 -c--a-w- c:\program files\Common Files\IRAREG.DLL

1998-12-08 23:53 . 1998-12-08 23:53 17920 -c--a-w- c:\program files\Common Files\IRASRIAL.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [2008-04-14 143360]

"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2007-09-17 8491008]

"nwiz"="nwiz.exe" [2007-09-17 1626112]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]

"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2007-09-17 81920]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]

"IMJPMIG8.1"="c:\winnt\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\winnt\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]

"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\winnt\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk

backup=c:\winnt\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\winnt\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"e:\\Other Stuff\\Ventrilo.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"e:\\World of Warcraft\\World of Warcraft\\Launcher.exe"=

"e:\\World of Warcraft\\World of Warcraft\\Blizzard Downloader.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56413:TCP"= 56413:TCP:Pando Media Booster

"56413:UDP"= 56413:UDP:Pando Media Booster

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [6/28/2008 7:25 PM 717296]

R1 aswSP;aswSP;c:\winnt\system32\drivers\aswSP.sys [6/4/2009 7:01 PM 165584]

R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [6/4/2009 7:01 PM 17744]

R2 cpuz133;cpuz133;c:\winnt\system32\drivers\cpuz133_x32.sys [7/5/2010 6:13 PM 20968]

S2 seb1jojetpouaa8k;DeepSight Extractor Service for NP08;c:\winnt\system32\ilihdo.exe /service --> c:\winnt\system32\ilihdo.exe [?]

S3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;c:\winnt\system32\drivers\DLKRTS.SYS [10/9/2007 8:47 AM 25434]

S3 giveiosys;giveiosys;\??\e:\sho\giveio.sys --> e:\sho\giveio.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\winnt\system32\drivers\mbamswissarmy.sys [11/6/2010 5:03 PM 38224]

S3 npggsvc;nProtect GameGuard Service;c:\winnt\system32\GameMon.des -service --> c:\winnt\system32\GameMon.des -service [?]

S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [10/9/2007 9:21 AM 49776]

S3 XDva143;XDva143;\??\c:\winnt\system32\XDva143.sys --> c:\winnt\system32\XDva143.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2010-11-03 c:\winnt\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2010-11-10 c:\winnt\Tasks\WGASetup.job

- c:\winnt\system32\KB905474\wgasetup.exe [2009-04-22 02:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.youtube.com/

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

TCP: {378F0644-8B65-4CB9-8C0C-F402B7727320} = 64.71.255.198

DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Emily1\Application Data\Mozilla\Firefox\Profiles\rf53p9i5.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/user/FantaLain

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - plugin: c:\progra~1\SONYON~1\npsoe.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-sglfb.sys

SafeBoot-tga.sys

AddRemove-MaxDrive PS2 - e:\Uninst.isu

AddRemove-{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1 - e:\converted videos\ConvertHelper\unins000.exe

AddRemove-uTorrent - e:\\uTorrent.exe

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\winnt\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229272821-1060284298-839522115-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:a6,72,e1,04,f7,3f,a6,c6,36,b2,5a,86,35,cc,19,2f,d2,d7,c3,ed,a6,0a,d2,

97,d3,01,9c,e2,84,76,45,3c,a0,79,30,83,cc,bf,40,47,35,ba,74,00,85,43,c4,4a,\

"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-1229272821-1060284298-839522115-1000\Software\SecuROM\License information*]

"datasecu"=hex:cb,60,50,cf,c1,97,06,ee,ea,d2,23,9f,c6,dc,75,61,ae,f8,34,90,79,

6e,d4,da,69,12,ac,04,e3,0a,43,e3,ac,26,5a,f1,aa,c7,41,6b,63,81,7c,ad,fd,aa,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)

c:\winnt\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3060)

c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll

.

Completion time: 2010-11-10 17:32:57

ComboFix-quarantined-files.txt 2010-11-10 22:32

Pre-Run: 3,546,570,752 bytes free

Post-Run: 3,514,949,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINNT

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 57210108865DAD67636056197963B318

Again, I'm very sorry for the delay and hope you can still help sort this whole thing out.

Link to post
Share on other sites

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Seems the original problem is occurring again. Opened MBAM, updated it, and started a quick scan. About three minutes in it crashed saying it had encountered and error and needed to close.

DrWatson Postmortem Debugger also gave me the same error a few seconds after MBAM did.

When I attempted to try it again it said MBAM was already running.

This is pretty much my original problem. MBAM only seems to do this during these scans. I had a file on my computer that I right clicked and scanned with MBAM just to test it, and had no issues.

Link to post
Share on other sites

Appears your issue is non malware related. Lets run one more scan to be sure.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.