Jump to content

Recommended Posts

Hey guys. I do not seem to have any malware or suspicious programs running on me computer lately but i am having an issue with explorer.exe seeming to take up a large amount of cpu recently. I have defragged my drive recently i have lots of room still on my computer etc. I use ccleaner and atf cleaner almost daily so it doesn't seem to be a space issue. It has been a long time since i did a hijckthis log so i figured just to be safe i would. I also noticed just from browsing the log myself it seems i have a programs running or in memory that are not necessary. I never use yahoo other than my wife uses it for email yet i noticed some instance of yahoo toolbar. If you have advice on how to get rid of it please let me know. I have deleted before via remove prgrams but it seems to be back. So here is my log and all help is greatly appreciated !!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:35:46 PM, on 25/05/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: [internet Media][AS12008][204.69.234.0 - 204.69.234.255]

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] "C:\WINDOWS\system32\igfxtray.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 7031 bytes

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6678

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18372

28/05/2011 5:53:39 PM

mbam-log-2011-05-28 (17-53-39).txt

Scan type: Quick scan

Objects scanned: 150720

Time elapsed: 9 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_25

Run by Murry at 17:34:35 on 2011-05-28

.

============== Running Processes ===============

.

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Murry\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://msn.ca/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {aa58ed58-01dd-4d91-8333-cf10577473f7} - Google Toolbar Helper

BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - Google Toolbar Notifier BHO

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxTray] "c:\windows\system32\igfxtray.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Authentication Packages = msv1_0 nwprovau

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\murry\application data\mozilla\firefox\profiles\lhyik8tq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2524319&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://sympatico.msn.ca/

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

.

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 0

.

============= SERVICES / DRIVERS ===============

.

R? .EsetTrialReset;Eset Trial Reset

R? BackupService;BackupService

R? ccEvtMgr;Symantec Event Manager

R? ccSetMgr;Symantec Settings Manager

R? gupdate;Google Update Service (gupdate)

R? hitmanpro3;Hitman Pro 3 Support Driver

R? Lbd;Lbd

R? PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service

R? PskSvcRetailInst;PskSvcRetailInst

R? Razerlow;Razerlow USB Filter Driver

R? Symantec Core LC;Symantec Core LC

S? ehdrv;ehdrv

S? ekrn;ESET Service

.

=============== Created Last 30 ================

.

2011-05-25 21:34:40 388096 ----a-r- c:\documents and settings\murry\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-05-24 02:00:42 -------- d-----w- c:\documents and settings\murry\local settings\application data\HandBrake

2011-05-24 02:00:42 -------- d-----w- c:\documents and settings\murry\application data\HandBrake

2011-05-24 02:00:20 -------- d-----w- c:\program files\Handbrake

2011-05-20 06:44:17 -------- d-----w- c:\documents and settings\murry\application data\avidemux

2011-05-20 06:43:38 -------- d-----w- c:\program files\Avidemux 2.5

2011-05-17 08:43:34 -------- d-----w- c:\documents and settings\murry\application data\DVD Flick

2011-05-17 08:43:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll

2011-05-17 08:43:08 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx

2011-05-17 08:43:08 28672 ----a-w- c:\windows\system32\mousewheel.ocx

2011-05-17 08:43:08 164144 ----a-w- c:\windows\system32\comct232.ocx

2011-05-17 08:43:07 212240 ----a-w- c:\windows\system32\richtx32.ocx

2011-05-17 08:43:06 -------- d-----w- c:\program files\DVD Flick

2011-05-17 01:42:28 86683 ----a-w- c:\windows\system32\pthreadGC2.dll

2011-05-17 01:42:24 -------- d-----w- c:\program files\AoA Audio Extractor Platinum

2011-05-15 10:08:14 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2011-05-15 10:06:00 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2011-05-15 10:05:59 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll

2011-05-15 10:05:57 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2011-05-15 09:01:40 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2011-05-15 08:16:13 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-05-15 08:15:43 357888 -c----w- c:\windows\system32\dllcache\srv.sys

2011-05-15 08:15:27 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-05-15 08:15:26 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2011-05-15 08:13:19 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2011-05-15 08:10:01 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2011-05-15 07:45:07 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2011-05-15 07:45:07 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2011-05-15 07:45:07 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll

2011-05-15 07:36:27 -------- d-----w- c:\windows\network diagnostic

2011-05-15 07:36:23 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys

2011-05-15 07:36:21 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys

2011-05-15 07:11:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-09 01:58:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-09 01:52:37 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-05-09 01:52:34 -------- d-----w- c:\program files\ffdshow

2011-05-09 01:45:07 -------- d-----w- c:\documents and settings\all users\application data\StaxRip

2011-05-08 21:03:54 -------- d-----w- c:\program files\MediaInfo

2011-05-08 19:37:04 -------- d-----w- c:\documents and settings\murry\local settings\application data\XenonMKV_Team

2011-05-08 02:40:54 -------- d-----w- c:\windows\SxsCaPendDel

2011-05-06 05:39:56 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-06 05:39:56 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-06 05:39:55 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-06 05:39:55 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-06 05:39:55 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-06 05:39:53 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-06 05:39:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-06 05:39:51 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

.

==================== Find3M ====================

.

2011-05-09 01:58:12 472808 -c--a-w- c:\windows\system32\deployJava1.dll

2011-03-30 12:53:21 592 ----a-w- c:\windows\chgkey.vbs

2011-03-29 01:33:33 72080 ----a-w- c:\documents and settings\murry\g2mdlhlpx.exe

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 17:36:45.15 ===============

Link to post
Share on other sites

  • Staff

Sorry about that. Missed your reply.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hmmmmm. I followed all instructions and ran combofix. It seemed to have ran through all stages and then suddenly my pc shut down and restarted. Now when my computer restarted, i got a message from microsoft stating my pc had recovered from a serious error. My pc shut down and restarted before combofix had created a log file. It looked as if it had finished all stages though and was maybe preparing the log file or doing some work. After the shutdown and restart i recently did a search of my files and there is no combofix log. I did take down all the info in the window for the microsoft error though. Here is the info it posted:

Error Code Info:

BCCode : ca BCP1 : 00000004 BCP2 : 8212CF10 BCP3 : 00000000

BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

And then i clicked another link in the microsoft error window and it showed these files as maybe the problem or where the errors occurred i guess?:

C:\DOCUME~1\Murry\LOCALS~1\Temp\WER3946.dir00\Mini060111-01.dmp

C:\DOCUME~1\Murry\LOCALS~1\Temp\WER3946.dir00\sysdata.xml

So i have no combofix log but as requested here is another dds log. I hope this windows error that occurred (while running combofix) didn't create more harm then good? I haven't had a windows serious error in years and its odd that i get one once combofix had ran, and my pc randomly restarted before combofix completely finished and creates a log? Also let me know if you want me to uninstall combofix yet, or if i should wait since i seemed to have gotten that windows error relating to combofix. My computer is running fine still so i dont think the error did anything but if needed i could always use the system restore point that combofix created if instructed. I assume i don't need to restore but you guys are the smart ones lol.

DDS log:

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_25

Run by Murry at 0:38:41 on 2011-06-01

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.53 [GMT -6:00]

.

AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Murry\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://msn.ca/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {aa58ed58-01dd-4d91-8333-cf10577473f7} - Google Toolbar Helper

BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - Google Toolbar Notifier BHO

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxTray] "c:\windows\system32\igfxtray.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\murry\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Authentication Packages = msv1_0 nwprovau

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\murry\application data\mozilla\firefox\profiles\lhyik8tq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2524319&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://sympatico.msn.ca/

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

.

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 0

.

============= SERVICES / DRIVERS ===============

.

R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.cfxxe [2010-4-26 256512]

S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]

S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2005-9-17 13225]

S4 BackupService;BackupService;c:\documents and settings\murry\application data\hp simplesave application\uuactokensvc.exe --> c:\documents and settings\murry\application data\hp simplesave application\uUACTokenSvc.exe [?]

S4 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]

S4 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]

S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\startmansvc.exe --> c:\program files\common files\pc tools\smonitor\StartManSvc.exe [?]

S4 PskSvcRetailInst;PskSvcRetailInst;c:\docume~1\murry\locals~1\temp\isscan\psksvc.exe --> c:\docume~1\murry\locals~1\temp\isscan\PskSvc.exe [?]

S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]

.

=============== Created Last 30 ================

.

2011-06-01 06:20:44 -------- d-sha-r- C:\cmdcons

2011-06-01 06:17:50 208896 ----a-w- c:\windows\MBR.exe

2011-06-01 06:17:22 -------- d-s---w- C:\ComboFix

2011-05-25 21:34:40 388096 ----a-r- c:\documents and settings\murry\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-05-24 02:00:42 -------- d-----w- c:\documents and settings\murry\local settings\application data\HandBrake

2011-05-24 02:00:42 -------- d-----w- c:\documents and settings\murry\application data\HandBrake

2011-05-24 02:00:20 -------- d-----w- c:\program files\Handbrake

2011-05-20 06:44:17 -------- d-----w- c:\documents and settings\murry\application data\avidemux

2011-05-20 06:43:38 -------- d-----w- c:\program files\Avidemux 2.5

2011-05-17 08:43:34 -------- d-----w- c:\documents and settings\murry\application data\DVD Flick

2011-05-17 08:43:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll

2011-05-17 08:43:08 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx

2011-05-17 08:43:08 28672 ----a-w- c:\windows\system32\mousewheel.ocx

2011-05-17 08:43:08 164144 ----a-w- c:\windows\system32\comct232.ocx

2011-05-17 08:43:07 212240 ----a-w- c:\windows\system32\richtx32.ocx

2011-05-17 08:43:06 -------- d-----w- c:\program files\DVD Flick

2011-05-17 01:42:28 86683 ----a-w- c:\windows\system32\pthreadGC2.dll

2011-05-17 01:42:24 -------- d-----w- c:\program files\AoA Audio Extractor Platinum

2011-05-15 10:08:14 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2011-05-15 10:06:00 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2011-05-15 10:05:59 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll

2011-05-15 10:05:57 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2011-05-15 09:01:40 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2011-05-15 08:16:13 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-05-15 08:15:43 357888 -c----w- c:\windows\system32\dllcache\srv.sys

2011-05-15 08:15:27 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-05-15 08:15:26 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2011-05-15 08:13:19 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2011-05-15 08:10:01 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2011-05-15 07:45:07 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2011-05-15 07:45:07 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2011-05-15 07:45:07 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll

2011-05-15 07:36:27 -------- d-----w- c:\windows\network diagnostic

2011-05-15 07:36:23 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys

2011-05-15 07:36:21 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys

2011-05-15 07:11:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-09 01:58:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-09 01:52:37 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-05-09 01:52:34 -------- d-----w- c:\program files\ffdshow

2011-05-09 01:45:07 -------- d-----w- c:\documents and settings\all users\application data\StaxRip

2011-05-08 21:03:54 -------- d-----w- c:\program files\MediaInfo

2011-05-08 19:37:04 -------- d-----w- c:\documents and settings\murry\local settings\application data\XenonMKV_Team

2011-05-08 02:40:54 -------- d-----w- c:\windows\SxsCaPendDel

2011-05-06 05:39:56 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-06 05:39:56 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-06 05:39:55 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-06 05:39:55 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-06 05:39:55 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-06 05:39:53 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-06 05:39:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-06 05:39:51 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

.

==================== Find3M ====================

.

2011-05-09 01:58:12 472808 -c--a-w- c:\windows\system32\deployJava1.dll

2011-03-30 12:53:21 592 ----a-w- c:\windows\chgkey.vbs

2011-03-29 01:33:33 72080 ----a-w- c:\documents and settings\murry\g2mdlhlpx.exe

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 0:39:59.82 ===============

Link to post
Share on other sites

It's been a couple of days since my last post so i figured i would see if anyone can update me? I know you guys don't like bumps, but i was worried that my post may have been overlooked. I apologize if i seem impatient, i am just making sure it wasn't lost in the shuffle :)

Link to post
Share on other sites

I tried to delete my old copy of combofix and download a fresh one but it seems quite a few of the old folders did not delete so i didn't dl a fresh one yet. Is there another program i can use to make sure all the old instances of combofix are gone so i can download a fresh one?

Oh and using the combofix /unistall is not working now. It did delete the exe etc but i have a bunch of folders from combofix still in my c:

Link to post
Share on other sites

Thanks i did that. Looks like combofix found a few things, so i assume i should not uninstall combofix until you tell me to. Also wondering if i uninstall dds when i am done too? Or just manually delete all log files etc? Here is the combofix log and new dds log:

ComboFix 11-06-09.02 - Murry 09/06/2011 12:25:36.5.1 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.323 [GMT -6:00]

Running from: c:\documents and settings\Murry\Desktop\ComboFix.exe

AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Murry\g2mdlhlpx.exe

c:\documents and settings\Murry\WINDOWS

c:\windows\BackUp

c:\windows\BackUp\S\50315000.DAT

c:\windows\BackUp\S\50908000.DAT

.

.

((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))

.

.

2011-06-07 23:18 . 2011-06-07 23:18 -------- d-----w- c:\program files\Rovio

2011-06-07 22:01 . 2011-06-07 22:01 -------- d-----w- c:\documents and settings\Murry\Application Data\HdO Adventure

2011-06-07 22:00 . 2011-06-07 22:00 -------- d-----w- c:\program files\Hd0 Adventure Alice in Wonderland the Incredible Adventure - Extended Version

2011-06-06 19:33 . 2011-06-06 19:34 -------- d-----w- c:\documents and settings\Murry\Application Data\dora's ballet adventures

2011-05-24 02:00 . 2011-05-24 02:05 -------- d-----w- c:\documents and settings\Murry\Application Data\HandBrake

2011-05-24 02:00 . 2011-05-24 02:00 -------- d-----w- c:\documents and settings\Murry\Local Settings\Application Data\HandBrake

2011-05-24 02:00 . 2011-05-24 02:00 -------- d-----w- c:\program files\Handbrake

2011-05-20 06:44 . 2011-05-20 06:49 -------- d-----w- c:\documents and settings\Murry\Application Data\avidemux

2011-05-20 06:43 . 2011-05-20 06:43 -------- d-----w- c:\program files\Avidemux 2.5

2011-05-18 01:55 . 2011-05-18 01:55 -------- d-----w- c:\documents and settings\Murry\Application Data\ImgBurn

2011-05-18 01:40 . 2011-05-18 01:40 -------- d-----w- c:\program files\ImgBurn

2011-05-17 08:43 . 2011-05-18 06:46 -------- d-----w- c:\documents and settings\Murry\Application Data\DVD Flick

2011-05-17 08:43 . 2003-01-26 19:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll

2011-05-17 08:43 . 2008-08-31 19:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx

2011-05-17 08:43 . 2007-09-01 00:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx

2011-05-17 08:43 . 1998-06-24 06:00 164144 ----a-w- c:\windows\system32\comct232.ocx

2011-05-17 08:43 . 2004-03-09 06:00 212240 ----a-w- c:\windows\system32\richtx32.ocx

2011-05-17 08:43 . 2011-05-17 08:43 -------- d-----w- c:\program files\DVD Flick

2011-05-17 01:42 . 2007-05-13 18:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll

2011-05-17 01:42 . 2011-05-17 01:42 -------- d-----w- c:\program files\AoA Audio Extractor Platinum

2011-05-15 10:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2011-05-15 10:06 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2011-05-15 10:05 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll

2011-05-15 10:05 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2011-05-15 09:01 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2011-05-15 08:16 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-05-15 08:15 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys

2011-05-15 08:15 . 2011-02-17 13:18 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-05-15 08:15 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2011-05-15 08:13 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2011-05-15 08:10 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2011-05-15 07:45 . 2009-07-31 16:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2011-05-15 07:45 . 2008-04-14 11:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll

2011-05-15 07:45 . 2008-04-14 04:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2011-05-15 07:36 . 2008-04-14 04:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys

2011-05-15 07:36 . 2008-04-14 06:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys

2011-05-15 07:11 . 2011-05-15 07:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 15:11 . 2009-04-17 23:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 15:11 . 2009-04-17 23:29 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-05-09 01:58 . 2011-05-09 01:58 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-09 01:58 . 2010-05-08 02:39 472808 -c--a-w- c:\windows\system32\deployJava1.dll

2011-03-30 12:53 . 2011-03-30 12:46 592 ----a-w- c:\windows\chgkey.vbs

2011-03-19 03:42 . 2011-05-09 01:52 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-05-06 05:39 . 2011-05-06 05:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\Murry\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

[HKLM\~\startupfolder\C:^Documents and Settings^Murry^Start Menu^Programs^Startup^HP SimpleSave Monitor.lnk]

backup=c:\windows\pss\HP SimpleSave Monitor.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 05:07 932288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-28 01:03 152872 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 17:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-10-19 14:59 126976 -c--a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 21:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Uniblue DiskRescue"=2 (0x2)

"CCALib8"=2 (0x2)

"seclogon"=2 (0x2)

"NMIndexingService"=3 (0x3)

"NBService"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"BackupService"=2 (0x2)

"Microsoft Office Groove Audit Service"=3 (0x3)

"TuneUp.UtilitiesSvc"=2 (0x2)

"PCToolsSSDMonitorSvc"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"16789:TCP"= 16789:TCP:BitComet 16789 TCP

"16789:UDP"= 16789:UDP:BitComet 16789 UDP

.

R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/09/2009 7:23 AM 108792]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/09/2009 7:24 AM 735960]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]

S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [17/09/2005 8:13 PM 13225]

S4 BackupService;BackupService;c:\documents and settings\Murry\Application Data\HP SimpleSave Application\uUACTokenSvc.exe --> c:\documents and settings\Murry\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [?]

S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe --> c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [?]

S4 PskSvcRetailInst;PskSvcRetailInst;c:\docume~1\Murry\LOCALS~1\Temp\ISSCAN\PskSvc.exe --> c:\docume~1\Murry\LOCALS~1\Temp\ISSCAN\PskSvc.exe [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2009-04-22 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 04:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://msn.ca/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

TCP: DhcpNameServer = 172.16.1.254

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Murry\Application Data\Mozilla\Firefox\Profiles\lhyik8tq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2524319&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://sympatico.msn.ca/

FF - user.js: nglayout.initialpaint.delay - 0

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

MSConfigStartUp-UniblueSpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Murry\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-09 12:33

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Int TE_DAC D 1 2 3 4 5 6) (S-1-5-21-1715567821-1844237615-725345543-1003)

@="ITabs"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(4016)

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Windows Media Player\WMPNetwk.exe

.

**************************************************************************

.

Completion time: 2011-06-09 12:43:05 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-09 18:42

.

Pre-Run: 14,308,290,560 bytes free

Post-Run: 14,248,656,896 bytes free

.

- - End Of File - - 441CC26B22C5512A9494AF012F552083

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_25

Run by Murry at 12:51:33 on 2011-06-09

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.58 [GMT -6:00]

.

AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://msn.ca/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {aa58ed58-01dd-4d91-8333-cf10577473f7} - Google Toolbar Helper

BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - Google Toolbar Notifier BHO

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxTray] "c:\windows\system32\igfxtray.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\murry\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

TCP: DhcpNameServer = 172.16.1.254

TCP: Interfaces\{08C9B13D-19FB-4C32-827B-F97E209E2CAD} : DhcpNameServer = 172.16.1.254

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\murry\application data\mozilla\firefox\profiles\lhyik8tq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2524319&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://sympatico.msn.ca/

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 0

.

============= SERVICES / DRIVERS ===============

.

R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [2009-3-13 357182]

S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]

S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2005-9-17 13225]

S4 BackupService;BackupService;c:\documents and settings\murry\application data\hp simplesave application\uuactokensvc.exe --> c:\documents and settings\murry\application data\hp simplesave application\uUACTokenSvc.exe [?]

S4 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]

S4 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]

S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\startmansvc.exe --> c:\program files\common files\pc tools\smonitor\StartManSvc.exe [?]

S4 PskSvcRetailInst;PskSvcRetailInst;c:\docume~1\murry\locals~1\temp\isscan\psksvc.exe --> c:\docume~1\murry\locals~1\temp\isscan\PskSvc.exe [?]

S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]

.

=============== Created Last 30 ================

.

2011-06-07 23:18:20 -------- d-----w- c:\program files\Rovio

2011-06-07 22:01:39 -------- d-----w- c:\documents and settings\murry\application data\HdO Adventure

2011-06-07 22:00:54 -------- d-----w- c:\program files\Hd0 Adventure Alice in Wonderland the Incredible Adventure - Extended Version

2011-06-06 19:33:37 -------- d-----w- c:\documents and settings\murry\application data\dora's ballet adventures

2011-06-01 06:20:44 -------- d-sha-r- C:\cmdcons

2011-06-01 06:17:50 208896 ----a-w- c:\windows\MBR.exe

2011-05-24 02:00:42 -------- d-----w- c:\documents and settings\murry\local settings\application data\HandBrake

2011-05-24 02:00:42 -------- d-----w- c:\documents and settings\murry\application data\HandBrake

2011-05-24 02:00:20 -------- d-----w- c:\program files\Handbrake

2011-05-20 06:44:17 -------- d-----w- c:\documents and settings\murry\application data\avidemux

2011-05-20 06:43:38 -------- d-----w- c:\program files\Avidemux 2.5

2011-05-17 08:43:34 -------- d-----w- c:\documents and settings\murry\application data\DVD Flick

2011-05-17 08:43:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll

2011-05-17 08:43:08 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx

2011-05-17 08:43:08 28672 ----a-w- c:\windows\system32\mousewheel.ocx

2011-05-17 08:43:08 164144 ----a-w- c:\windows\system32\comct232.ocx

2011-05-17 08:43:07 212240 ----a-w- c:\windows\system32\richtx32.ocx

2011-05-17 08:43:06 -------- d-----w- c:\program files\DVD Flick

2011-05-17 01:42:28 86683 ----a-w- c:\windows\system32\pthreadGC2.dll

2011-05-17 01:42:24 -------- d-----w- c:\program files\AoA Audio Extractor Platinum

2011-05-15 10:08:14 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2011-05-15 10:06:00 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2011-05-15 10:05:59 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll

2011-05-15 10:05:57 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2011-05-15 09:01:40 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2011-05-15 08:16:13 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-05-15 08:15:43 357888 -c----w- c:\windows\system32\dllcache\srv.sys

2011-05-15 08:15:27 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-05-15 08:15:26 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2011-05-15 08:13:19 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2011-05-15 08:10:01 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2011-05-15 07:45:07 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2011-05-15 07:45:07 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2011-05-15 07:45:07 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll

2011-05-15 07:36:27 -------- d-----w- c:\windows\network diagnostic

2011-05-15 07:36:23 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys

2011-05-15 07:36:21 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys

2011-05-15 07:11:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-05-29 15:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 15:11:20 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-05-09 01:58:13 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-09 01:58:12 472808 -c--a-w- c:\windows\system32\deployJava1.dll

2011-03-30 12:53:21 592 ----a-w- c:\windows\chgkey.vbs

2011-03-19 03:42:34 80896 ----a-w- c:\windows\system32\ff_vfw.dll

.

============= FINISH: 12:52:56.98 ===============

Link to post
Share on other sites

  • Staff

Hi,

Don't worry about the ComboFix deletions.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

I already have ESET NOD32 as my antivirus on my computer. Do you just want me to run a scan using mine or use the free one online?

NOTE: Ever since my first run of combofix afew days ago, i got another windows error recently. Windows said it recovered from the error and i have had no issues since. Here's the info it posted. Please let me know if this is an issue:

Windows Error:

BCCode : 77 BCP1 : C000000E BCP2 : C000000E BCP3 : 00000000

BCP4 : 00298000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

C:\DOCUME~1\Murry\LOCALS~1\Temp\WER6f01.dir00\Mini061111-01.dmp

C:\DOCUME~1\Murry\LOCALS~1\Temp\WER6f01.dir00\sysdata.xml

Link to post
Share on other sites

I screwed up and uninstalled the eset online scanner before i grabbed the log file lol, however it came up nice and clean. Here is the security check log file though. Also any insight on the windows errors i have received recently that seemed to start occurring after i ran combofix a week ago?

Results of screen317's Security Check version 0.99.13

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Smart Security

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 25

Out of date Java installed!

Adobe Flash Player 10.3.181.14

Adobe Reader 9.4.4

Out of date Adobe Reader installed!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

UPDATE: I have just updated to the latest java and the newest adobe rader which is 10.0.1 I assume?

Link to post
Share on other sites

  • Staff

Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Run SecurityCheck again and post its log.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.