Jump to content

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO)


Recommended Posts

Here is my previous post http://forums.malwarebytes.org/index.php?showtopic=93362

I went ahead and restarted the computer and continued with the forum instructions.

Here is the DDS:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Robert at 17:04:13 on 2011-08-24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2223 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

svchost.exe

C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Safari\Safari.exe

C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [LoadMSvcmm] "c:\program files\blockbuster\blockbustermovielink\Movielink User.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDgwMzQ0NjAyLUJBKzEtS1YzKzctVDQtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1YMjAxMCsyLVFJWDErNC1GMTBNMTBEKzE"&"prod=90"&"ver=10.0.1204

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242920910640

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{EE2BC3A9-D089-42F2-B524-90E2D651376E} : DhcpNameServer = 192.168.0.1

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsle9e5e1f9;MpKsle9e5e1f9;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12eddd5d-9614-467d-a549-9431e9faeaf0}\MpKsle9e5e1f9.sys [2011-8-24 28752]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-5-20 100456]

S1 MpKslf62b2e06;MpKslf62b2e06;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89ac44da-a362-4e65-8bbf-575d0051d206}\mpkslf62b2e06.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89ac44da-a362-4e65-8bbf-575d0051d206}\MpKslf62b2e06.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 136176]

S2 RasMan32;Remote Access Connection Manager ;c:\windows\system32\mscories32.exe --> c:\windows\system32\mscories32.exe [?]

S3 GRT;GRT;c:\docume~1\robert\locals~1\temp\grt.exe --> c:\docume~1\robert\locals~1\temp\GRT.exe [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-27 41272]

.

=============== Created Last 30 ================

.

2011-09-20 06:26:50 -------- d-----w- c:\program files\Microsoft Security Client

2011-08-24 23:57:47 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12eddd5d-9614-467d-a549-9431e9faeaf0}\MpKsle9e5e1f9.sys

2011-08-24 16:03:02 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12eddd5d-9614-467d-a549-9431e9faeaf0}\mpengine.dll

2011-08-23 00:50:07 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-22 17:42:55 -------- d-----w- c:\windows\system32\NtmsData

2011-08-22 02:04:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-21 08:57:59 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-08-02 16:32:58 -------- d-----w- c:\program files\Snap-on Business Solutions

2011-08-02 16:32:49 -------- d-----w- c:\windows\Downloaded Installations

2011-07-27 04:46:05 -------- d-----w- c:\program files\Army Builder

2011-07-27 04:45:49 -------- d-----w- c:\documents and settings\all users\application data\Army Builder

.

==================== Find3M ====================

.

2011-07-17 21:10:27 0 ---ha-w- c:\documents and settings\robert\zoedpqasfx.tmp

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

2010-09-01 23:33:49 83968 ----a-w- c:\program files\remover.exe

.

============= FINISH: 17:04:46.73 ===============

Here is the ATTACH and ARK files: Desktop.zip

MBAM scan is coming back clean as is MS Security Essentials.

I uninstalled Avira as I was finally able to update MSSE. MSSE is detecting TrojanDownloader:Win32/Tracur.Y, Q, and B several times today. The browser redirects have stopped so far.

Is the HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) gone? Am I clean? Thank you in advance for responding. :)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Haven't had anymore redirects but IE is warning me about secure sites all the time now. Safari has gotten slow. And am having some kind of graphics problem. The desktop seems to be randomly refreshing itself. Mouse hestitates, drops things, double clicks. Gameplay stutters. I updated all the drivers today. Couldn't update the driver for the network adapter tho, said it was missing or corrupted. Just now I was surfing youtube and the pc suddenly restarted itself. A giant blue screen flashed for a second with lots of writing, all i caught was "detected problem with hardware" i think. MBAM and MSSE scans not picking up anything.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7595

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/28/2011 10:25:07 AM

mbam-log-2011-08-28 (10-25-07).txt

Scan type: Quick scan

Objects scanned: 177165

Time elapsed: 2 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Robert at 10:25:34 on 2011-08-28

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2317 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [LoadMSvcmm] "c:\program files\blockbuster\blockbustermovielink\Movielink User.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDgwMzQ0NjAyLUJBKzEtS1YzKzctVDQtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1YMjAxMCsyLVFJWDErNC1GMTBNMTBEKzE"&"prod=90"&"ver=10.0.1204

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242920910640

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{EE2BC3A9-D089-42F2-B524-90E2D651376E} : DhcpNameServer = 192.168.0.1

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl43ac51c2;MpKsl43ac51c2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{528ead59-8047-4b43-9c5d-bdf08d161d4e}\mpksl43ac51c2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{528ead59-8047-4b43-9c5d-bdf08d161d4e}\MpKsl43ac51c2.sys [?]

R1 MpKslef10f536;MpKslef10f536;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{57aa7731-4f8c-4372-99cf-d94556b84497}\MpKslef10f536.sys [2011-8-28 28752]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-27 2255464]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-5-20 119528]

S1 MpKslf62b2e06;MpKslf62b2e06;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89ac44da-a362-4e65-8bbf-575d0051d206}\mpkslf62b2e06.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89ac44da-a362-4e65-8bbf-575d0051d206}\MpKslf62b2e06.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 136176]

S2 RasMan32;Remote Access Connection Manager ;c:\windows\system32\mscories32.exe --> c:\windows\system32\mscories32.exe [?]

S3 GRT;GRT;c:\docume~1\robert\locals~1\temp\grt.exe --> c:\docume~1\robert\locals~1\temp\GRT.exe [?]

.

=============== Created Last 30 ================

.

2011-09-20 06:26:50 -------- d-----w- c:\program files\Microsoft Security Client

2011-08-28 08:59:18 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{57aa7731-4f8c-4372-99cf-d94556b84497}\MpKslef10f536.sys

2011-08-28 08:59:03 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{57aa7731-4f8c-4372-99cf-d94556b84497}\mpengine.dll

2011-08-27 18:02:55 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll

2011-08-27 18:02:52 875112 ----a-w- c:\windows\system32\nvgenco32.dll

2011-08-27 18:02:51 914024 ----a-w- c:\windows\system32\nvdispco32.dll

2011-08-26 04:10:58 -------- d-sha-r- C:\cmdcons

2011-08-23 00:50:07 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-22 17:42:55 -------- d-----w- c:\windows\system32\NtmsData

2011-08-22 02:04:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-21 08:57:59 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-08-02 16:32:58 -------- d-----w- c:\program files\Snap-on Business Solutions

2011-08-02 16:32:49 -------- d-----w- c:\windows\Downloaded Installations

.

==================== Find3M ====================

.

2011-08-27 18:03:20 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-08-27 18:03:20 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-08-27 18:03:17 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

2010-09-01 23:33:49 83968 ----a-w- c:\program files\remover.exe

.

============= FINISH: 10:25:50.75 ===============

Link to post
Share on other sites

  • Staff

Grab a fresh copy of ComboFix, run it, and post its log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ComboFix 11-08-28.01 - Robert 08/28/2011 18:26:53.3.4 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2330 [GMT -7:00]

Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))

.

.

2011-09-20 06:26 . 2011-09-20 06:27 -------- d-----w- c:\program files\Microsoft Security Client

2011-08-28 08:59 . 2011-08-28 08:59 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57AA7731-4F8C-4372-99CF-D94556B84497}\MpKslef10f536.sys

2011-08-28 08:59 . 2011-08-16 15:48 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57AA7731-4F8C-4372-99CF-D94556B84497}\mpengine.dll

2011-08-27 18:02 . 2011-05-10 09:41 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll

2011-08-27 18:02 . 2011-08-03 11:49 875112 ----a-w- c:\windows\system32\nvgenco32.dll

2011-08-27 18:02 . 2011-08-03 11:49 914024 ----a-w- c:\windows\system32\nvdispco32.dll

2011-08-27 17:56 . 2011-08-27 17:56 -------- d-----w- c:\documents and settings\UpdatusUser

2011-08-27 17:56 . 2011-08-27 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA

2011-08-24 17:42 . 2011-08-24 17:43 -------- d-----w- c:\documents and settings\Robert\Application Data\vlc

2011-08-23 00:50 . 2011-08-23 00:50 -------- d-----w- c:\program files\Common Files\Java

2011-08-23 00:50 . 2011-05-04 11:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-22 17:42 . 2011-08-24 23:46 -------- d-----w- c:\windows\system32\NtmsData

2011-08-22 02:04 . 2011-08-27 18:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-21 08:57 . 2011-08-16 15:48 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-20 17:21 . 2011-08-20 17:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2011-08-02 16:32 . 2011-08-02 16:32 -------- d-----w- c:\program files\Snap-on Business Solutions

2011-08-02 16:32 . 2011-08-02 16:32 -------- d-----w- c:\windows\Downloaded Installations

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-03 11:49 . 2011-01-08 03:56 54272 ----a-w- c:\windows\system32\nvwddi.dll

2011-08-03 11:49 . 2011-01-08 03:56 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2011-08-03 11:49 . 2011-01-08 03:56 146024 ----a-w- c:\windows\system32\nvsvc32.exe

2011-08-03 11:49 . 2011-01-08 03:56 145000 ----a-w- c:\windows\system32\nvcolor.exe

2011-08-03 11:49 . 2011-01-08 03:56 13892200 ----a-w- c:\windows\system32\nvcpl.dll

2011-08-03 11:49 . 2011-01-08 03:56 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-08-03 11:49 . 2010-04-04 05:55 61440 ----a-w- c:\windows\system32\OpenCL.dll

2011-08-03 11:49 . 2010-04-04 05:55 17186816 ----a-w- c:\windows\system32\nvcompiler.dll

2011-08-03 11:49 . 2009-05-01 05:02 2387560 ----a-w- c:\windows\system32\nvcuvid.dll

2011-08-03 11:49 . 2009-05-01 05:02 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-08-03 11:49 . 2008-10-16 19:46 5427200 ----a-w- c:\windows\system32\nvcuda.dll

2011-08-03 11:49 . 2008-10-16 19:46 4210816 ----a-w- c:\windows\system32\nv4_disp.dll

2011-08-03 11:49 . 2008-10-16 19:46 2404864 ----a-w- c:\windows\system32\nvapi.dll

2011-08-03 11:49 . 2008-10-16 19:46 16191488 ----a-w- c:\windows\system32\nvoglnt.dll

2011-08-03 11:49 . 2008-10-16 19:46 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-07 02:52 . 2010-02-28 00:48 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52 . 2010-02-28 00:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10 . 2009-05-20 22:55 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2010-09-01 23:33 . 2010-12-31 23:11 83968 ----a-w- c:\program files\remover.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2011-08-26_04.18.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-28 04:54 . 2011-08-28 04:54 16384 c:\windows\Temp\Perflib_Perfdata_8c4.dat

+ 2011-08-27 18:03 . 2010-11-11 23:10 26216 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvhdap32.dll

+ 2011-08-27 18:03 . 2008-04-14 12:42 23552 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\wdmaud.drv

+ 2011-08-27 18:03 . 2004-07-09 11:27 48512 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\stream.sys

+ 2011-08-27 18:03 . 2008-04-14 08:15 60160 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\drmk.sys

+ 2011-08-27 18:03 . 2011-05-21 13:01 61440 c:\windows\system32\ReinstallBackups\0006\DriverFiles\OpenCL.dll

- 2011-02-15 00:31 . 2010-07-10 12:38 61440 c:\windows\system32\ReinstallBackups\0006\DriverFiles\OpenCL.dll

- 2008-04-14 12:00 . 2011-08-25 00:02 71488 c:\windows\system32\perfc009.dat

+ 2008-04-14 12:00 . 2011-08-28 04:58 71488 c:\windows\system32\perfc009.dat

- 2011-02-15 00:31 . 2010-11-11 23:10 26216 c:\windows\system32\nvhdap32.dll

+ 2011-02-15 00:31 . 2011-05-10 09:41 26216 c:\windows\system32\nvhdap32.dll

+ 2009-05-20 23:56 . 2008-04-14 07:15 60160 c:\windows\system32\drivers\drmk.sys

- 2009-05-20 23:56 . 2008-04-14 08:15 60160 c:\windows\system32\drivers\drmk.sys

+ 2009-05-20 23:56 . 2008-04-14 07:15 60160 c:\windows\system32\dllcache\drmk.sys

- 2009-05-20 23:56 . 2008-04-14 08:15 60160 c:\windows\system32\dllcache\drmk.sys

+ 2011-08-27 18:03 . 2002-12-12 07:14 4096 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ksuser.dll

+ 2011-08-27 18:03 . 2010-11-11 23:10 100456 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvhda32.sys

+ 2011-08-27 18:03 . 2010-12-02 09:12 837224 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvgenco32.dll

+ 2011-08-27 18:03 . 2008-04-14 08:49 146048 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\portcls.sys

+ 2011-08-27 18:03 . 2011-05-21 13:01 865896 c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvgenco32.dll

+ 2011-08-27 18:03 . 2011-05-21 13:01 273344 c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvdrsdb.bin

+ 2011-08-27 18:03 . 2011-05-21 13:01 899688 c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvdispco32.dll

+ 2011-08-27 18:03 . 2011-05-21 13:01 159232 c:\windows\system32\ReinstallBackups\0006\DriverFiles\dbInstaller.exe

+ 2008-04-14 12:00 . 2011-08-28 04:58 441552 c:\windows\system32\perfh009.dat

- 2008-04-14 12:00 . 2011-08-25 00:02 441552 c:\windows\system32\perfh009.dat

+ 2008-10-16 19:46 . 2011-05-21 13:01 126976 c:\windows\system32\nvrszht.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 229376 c:\windows\system32\nvrszhc.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 258048 c:\windows\system32\nvrstr.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 253952 c:\windows\system32\nvrsth.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 253952 c:\windows\system32\nvrsth.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 253952 c:\windows\system32\nvrssv.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 253952 c:\windows\system32\nvrssv.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 258048 c:\windows\system32\nvrssl.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 258048 c:\windows\system32\nvrssl.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 258048 c:\windows\system32\nvrssk.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 258048 c:\windows\system32\nvrssk.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 270336 c:\windows\system32\nvrsru.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 270336 c:\windows\system32\nvrsptb.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 274432 c:\windows\system32\nvrspt.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 258048 c:\windows\system32\nvrspl.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 253952 c:\windows\system32\nvrsno.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 253952 c:\windows\system32\nvrsno.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 274432 c:\windows\system32\nvrsnl.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 274432 c:\windows\system32\nvrsnl.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 266240 c:\windows\system32\nvrsko.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 270336 c:\windows\system32\nvrsja.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 270336 c:\windows\system32\nvrsja.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 282624 c:\windows\system32\nvrsit.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 262144 c:\windows\system32\nvrshu.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 331776 c:\windows\system32\nvrshe.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 331776 c:\windows\system32\nvrshe.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 286720 c:\windows\system32\nvrsfr.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 249856 c:\windows\system32\nvrsfi.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 249856 c:\windows\system32\nvrsfi.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 274432 c:\windows\system32\nvrsesm.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 274432 c:\windows\system32\nvrsesm.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 282624 c:\windows\system32\nvrses.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 282624 c:\windows\system32\nvrses.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 249856 c:\windows\system32\nvrseng.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 282624 c:\windows\system32\nvrsel.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 282624 c:\windows\system32\nvrsel.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 278528 c:\windows\system32\nvrsde.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 278528 c:\windows\system32\nvrsde.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 253952 c:\windows\system32\nvrsda.dll

- 2008-10-16 19:46 . 2009-01-16 10:42 253952 c:\windows\system32\nvrsda.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 249856 c:\windows\system32\nvrscs.dll

+ 2008-10-16 19:46 . 2011-05-21 13:01 335872 c:\windows\system32\nvrsar.dll

+ 2011-05-21 13:01 . 2011-05-21 13:01 865896 c:\windows\system32\nvgenco322090.dll

+ 2010-10-17 20:52 . 2011-08-27 18:03 280276 c:\windows\system32\nvdrsdb1.bin

+ 2010-10-17 20:52 . 2011-08-27 18:03 280276 c:\windows\system32\nvdrsdb0.bin

+ 2011-05-21 13:01 . 2011-05-21 13:01 899688 c:\windows\system32\nvdispco3220150.dll

+ 2011-08-27 18:00 . 2011-08-27 18:00 243360 c:\windows\system32\Macromed\Flash\FlashUtil10w_Plugin.exe

+ 2009-05-20 23:56 . 2008-04-14 07:49 146048 c:\windows\system32\drivers\portcls.sys

- 2009-05-20 23:56 . 2008-04-14 08:49 146048 c:\windows\system32\drivers\portcls.sys

+ 2009-05-20 23:56 . 2011-05-10 09:41 119528 c:\windows\system32\drivers\nvhda32.sys

- 2009-05-20 23:56 . 2008-04-14 08:49 146048 c:\windows\system32\dllcache\portcls.sys

+ 2009-05-20 23:56 . 2008-04-14 07:49 146048 c:\windows\system32\dllcache\portcls.sys

+ 2011-08-27 18:03 . 2011-05-21 13:01 2808936 c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvcuvid.dll

+ 2011-08-27 18:03 . 2011-05-21 13:01 2082408 c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvcuvenc.dll

+ 2011-08-27 18:03 . 2011-05-21 13:01 5332992 c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvcuda.dll

+ 2011-08-27 18:03 . 2011-05-21 13:01 2328576 c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvapi.dll

+ 2011-08-27 18:03 . 2011-05-21 13:01 4198272 c:\windows\system32\ReinstallBackups\0006\DriverFiles\nv4_disp.dll

+ 2011-01-15 05:20 . 2011-08-27 18:00 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2011-08-27 18:03 . 2011-05-21 13:01 16068608 c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvoglnt.dll

+ 2011-08-27 18:03 . 2011-05-21 13:01 13004800 c:\windows\system32\ReinstallBackups\0006\DriverFiles\nvcompiler.dll

+ 2011-08-27 18:03 . 2011-05-21 13:01 12753664 c:\windows\system32\ReinstallBackups\0006\DriverFiles\nv4_mini.sys

+ 2008-10-16 19:46 . 2011-08-03 11:49 12542592 c:\windows\system32\dllcache\nv4_mini.sys

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-22 451896]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"LoadMSvcmm"="c:\program files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe" [2010-01-28 454856]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]

"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDgwMzQ0NjAyLUJBKzEtS1YzKzctVDQtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1YMjAxMCsyLVFJWDErNC1GMTBNMTBEKzE∏=90&ver=10.0.1204" [?]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Army Builder\\ArmyBuilder.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"3074:TCP"= 3074:TCP:*:Disabled:xbox live

"3074:UDP"= 3074:UDP:*:Disabled:xbox live

"6112:TCP"= 6112:TCP:Blizzard Downloader: 6112

.

R1 MpKsl43ac51c2;MpKsl43ac51c2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{528EAD59-8047-4B43-9C5D-BDF08D161D4E}\MpKsl43ac51c2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{528EAD59-8047-4B43-9C5D-BDF08D161D4E}\MpKsl43ac51c2.sys [?]

R1 MpKslef10f536;MpKslef10f536;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57AA7731-4F8C-4372-99CF-D94556B84497}\MpKslef10f536.sys [8/28/2011 1:59 AM 28752]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/27/2011 10:56 AM 2255464]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/20/2009 4:56 PM 119528]

S1 MpKslf62b2e06;MpKslf62b2e06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{89AC44DA-A362-4E65-8BBF-575D0051D206}\MpKslf62b2e06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{89AC44DA-A362-4E65-8BBF-575D0051D206}\MpKslf62b2e06.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 8:43 PM 136176]

S2 RasMan32;Remote Access Connection Manager ;c:\windows\system32\mscories32.exe --> c:\windows\system32\mscories32.exe [?]

S3 GRT;GRT;c:\docume~1\Robert\LOCALS~1\Temp\GRT.exe --> c:\docume~1\Robert\LOCALS~1\Temp\GRT.exe [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL08E7FC3A

*NewlyCreated* - MPKSLEF10F536

*Deregistered* - MpKsl08e7fc3a

*Deregistered* - PROCEXP141

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]

.

2011-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 03:43]

.

2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 03:43]

.

2011-08-28 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-28 18:32

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1454471165-1614895754-1801674531-1004\Software\SecuROM\License information*]

"datasecu"=hex:ee,39,e6,33,9f,d3,4f,13,28,be,73,7f,d9,dd,64,be,8d,e0,f8,c2,54,

4e,ea,d8,56,32,97,6b,e9,3d,40,aa,2d,e2,53,01,79,76,81,af,cf,06,23,b4,d5,a0,\

"rkeysecu"=hex:3f,f5,91,b9,bf,e0,d1,30,e8,f4,28,b5,04,e4,ca,b2

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3568)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-08-28 18:33:34

ComboFix-quarantined-files.txt 2011-08-29 01:33

ComboFix2.txt 2011-08-26 04:20

.

Pre-Run: 240,205,029,376 bytes free

Post-Run: 240,547,622,912 bytes free

.

- - End Of File - - 2E9E3376A124969C818FA8DEC212FEB7

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=18fc5ae4eb0b2c499fc6b250cb676f56

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-29 02:26:17

# local_time=2011-08-28 07:26:17 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776533 42 87 0 11337856 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=140486

# found=19

# cleaned=19

# scan_time=2609

C:\Qoobox\Quarantine\C\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\extensions\{21858dbc-8eda-4bbb-aded-ca057f0aada1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\extensions\{29a73733-0f1e-407b-82ac-98493b8ca96c}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\extensions\{44df46f3-b446-4b0e-8ca5-640b6bf17b1e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\extensions\{53198cd6-41ca-42b0-8d71-1d565c00dca1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\extensions\{64f72cfc-3a24-4982-bf02-d64320773b47}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\extensions\{670af7f4-431b-446f-9ef2-2f6658be9c19}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\extensions\{ba93de88-8d24-418a-86cd-09bc991fdbcf}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\extensions\{de6510df-024d-4d6f-85c4-3e06484cb0d7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ige9lf9l.default\extensions\{e76100f6-87c9-448e-b055-40349b81109b}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{69B96C60-8486-4E39-B163-D665692D7007}\RP811\A0146422.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{69B96C60-8486-4E39-B163-D665692D7007}\RP870\A0149457.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{69B96C60-8486-4E39-B163-D665692D7007}\RP870\A0149458.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{69B96C60-8486-4E39-B163-D665692D7007}\RP870\A0149459.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{69B96C60-8486-4E39-B163-D665692D7007}\RP870\A0149460.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{69B96C60-8486-4E39-B163-D665692D7007}\RP870\A0149461.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{69B96C60-8486-4E39-B163-D665692D7007}\RP870\A0149462.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{69B96C60-8486-4E39-B163-D665692D7007}\RP870\A0149463.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{69B96C60-8486-4E39-B163-D665692D7007}\RP870\A0149464.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{69B96C60-8486-4E39-B163-D665692D7007}\RP870\A0149465.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Microsoft Security Essentials

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Adobe Flash Player 10.3.183.7

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

Link to post
Share on other sites

So it has been a few days and the desktop still seems to be refreshing every once in a great while. Is it ever supposed to do it or am I just being paranoid? Also the mouse still seems to be dropping objects prematurely and double clicking every once in a while, but then again I could be just overly sensitive, looking for any error. No browser redirects anymore, and nothing in my virus scans. No blocked attacks either. Its quiet...almost too quiet. hehehe

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Restart your computer.

Let me know what issues remain.

Could just be a faulty mouse you're using.

The mou

-screen317

Link to post
Share on other sites

So far things seemed ok until the computer restarted itself again today. Same situation as post #4 above; I was on youtube, then a giant blue screen with a lot of text suddenly flashes, and the computer restarts itself. MBAM and MSSE scans aren't picking up anything.

Link to post
Share on other sites

==================================================

Dump File : Mini090611-01.dmp

Crash Time : 9/6/2011 5:57:01 PM

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xe0000001

Parameter 2 : 0xb8388925

Parameter 3 : 0xb24cb320

Parameter 4 : 0x00000000

Caused By Driver : watchdog.sys

Caused By Address : watchdog.sys+925

File Description : Watchdog Driver

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 5.1.2600.5512 (xpsp.080413-2108)

Processor : 32-bit

Crash Address : watchdog.sys+925

Stack Address 1 :

Stack Address 2 :

Stack Address 3 :

Computer Name :

Full Path : C:\WINDOWS\Minidump\Mini090611-01.dmp

Processors Count : 4

Major Version : 15

Minor Version : 2600

Dump File Size : 90,112

==================================================

==================================================

Dump File : Mini090411-01.dmp

Crash Time : 9/4/2011 2:36:40 PM

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xe0000001

Parameter 2 : 0xb8378925

Parameter 3 : 0xb20f28ac

Parameter 4 : 0x00000000

Caused By Driver : watchdog.sys

Caused By Address : watchdog.sys+925

File Description : Watchdog Driver

Product Name : Microsoft® Windows® Operating System

Company : Microsoft Corporation

File Version : 5.1.2600.5512 (xpsp.080413-2108)

Processor : 32-bit

Crash Address : watchdog.sys+925

Stack Address 1 :

Stack Address 2 :

Stack Address 3 :

Computer Name :

Full Path : C:\WINDOWS\Minidump\Mini090411-01.dmp

Processors Count : 4

Major Version : 15

Minor Version : 2600

Dump File Size : 90,112

==================================================

==================================================

Dump File : Mini082711-01.dmp

Crash Time : 8/27/2011 9:54:01 PM

Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED

Bug Check Code : 0x1000008e

Parameter 1 : 0xc0000005

Parameter 2 : 0xbd089295

Parameter 3 : 0xb1199890

Parameter 4 : 0x00000000

Caused By Driver : nv4_disp.dll

Caused By Address : nv4_disp.dll+77295

File Description : NVIDIA Windows XP Display driver, Version 280.26

Product Name : NVIDIA Windows XP Display driver, Version 280.26

Company : NVIDIA Corporation

File Version : 6.14.12.8026

Processor : 32-bit

Crash Address : nv4_disp.dll+77295

Stack Address 1 :

Stack Address 2 :

Stack Address 3 :

Computer Name :

Full Path : C:\WINDOWS\Minidump\Mini082711-01.dmp

Processors Count : 4

Major Version : 15

Minor Version : 2600

Dump File Size : 90,112

==================================================

==================================================

Dump File : Mini061409-01.dmp

Crash Time : 6/14/2009 10:22:44 PM

Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER

Bug Check Code : 0x000000ea

Parameter 1 : 0x871d43d0

Parameter 2 : 0x88e6bf60

Parameter 3 : 0x8a10f438

Parameter 4 : 0x00000001

Caused By Driver : nv4_disp.dll

Caused By Address : nv4_disp.dll+92d34

File Description : NVIDIA Windows XP Display driver, Version 280.26

Product Name : NVIDIA Windows XP Display driver, Version 280.26

Company : NVIDIA Corporation

File Version : 6.14.12.8026

Processor : 32-bit

Crash Address : nv4_disp.dll+ee0c0

Stack Address 1 :

Stack Address 2 :

Stack Address 3 :

Computer Name :

Full Path : C:\WINDOWS\Minidump\Mini061409-01.dmp

Processors Count : 4

Major Version : 15

Minor Version : 2600

Dump File Size : 70,376

==================================================

Link to post
Share on other sites

  • Staff

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    watchdog.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 20:54 on 08/09/2011 by Robert

Administrator - Elevation successful

========== filefind ==========

Searching for "watchdog.sys"

C:\WINDOWS\system32\watchdog.sys --a---- 17664 bytes [12:00 14/04/2008] [12:00 14/04/2008] 9A10AACBFDC4922715375FB4065EC930

C:\WINDOWS\system32\dllcache\watchdog.sys --a--c- 17664 bytes [12:00 14/04/2008] [12:00 14/04/2008] 9A10AACBFDC4922715375FB4065EC930

-= EOF =-

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.