-
August 25th, 2010, 11:59 PM
#1
Another spyware problem
Hello again, I have once again been infected with malware. It occurred when I was downloading a torrent. Upon installation of my download, suddenly "antimalware doctor" began giving me many popups.
This was followed by google redirects (using Mozilla) to random search and shop pages, followed by "internet explorer script error" warnings, error: access denied, code 0, url:...ctv.ca/greys-anatomy/season6/.....
do you wish to continue running scripts on this page?
I would appreciate your advice.
-
August 26th, 2010, 12:29 AM
#2
We'll gladly help you out on two conditions.
1. You won't let me hanging out there in the middle of cleaning process, like you did here: http://discussions.virtualdr.com/sho...d.php?t=245745
If it happens again, you won't be never able to receive any more help in malware forum, ever.
2. You had two malware forum topics before, so you should know, what we require in order to help you out: http://discussions.virtualdr.com/sho...d.php?t=167915
-
August 30th, 2010, 07:35 PM
#3
Thanks- the other computer was my parents which I do not have access to, but when I return to it I will complete the rest of the cleaning process. Didn't mean to leave the process unfinished intentionally.
I will follow the instructions and post the appropriate logs asap.
-
August 30th, 2010, 09:00 PM
#4
You should have just told me, but...let's forget about that case and focus on this one.
-
August 31st, 2010, 11:30 PM
#5
I ran MBAM without issue, then on computer restart I got two error messages:
"Visual C# command line compiler has stopped working"
and
"Error loading ...\AppData\Local\oguyepiyijw.dll"
I then tried to run GMER, but was unable to. It simply froze requiring hard reboot. On reboot, I received some windows warnings and CHKDSK ran a lengthy check program. I tried to run GMER again and computer froze again.
I restarted and ran DDS, I post its logs.
I have just tried to load windows explorer and computer froze, will try to repost after reboot.
-
August 31st, 2010, 11:33 PM
#6
That error is caused by a malware. Don't worry about it.
GMER may stall sometimes.
In our manual, we list couple of different ways for running GMER.
-
September 1st, 2010, 09:13 PM
#7
I continue to try GMER without success. This time the scan runs but freezes part way through, and entire computer becomes unresponsive.
I also cannot find my MBAM log file from yesterday, so I ran another today. then I realized I needed to update so I did so and ran another scan. Although few were found today, yesterday more than 100 were found and removed.
MBAM:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4525
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
01/09/2010 9:08:36 PM
mbam-log-2010-09-01 (21-08-36).txt
Scan type: Quick scan
Objects scanned: 137930
Time elapsed: 11 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\sneha\AppData\Local\Windows\winhelp.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\sneha\AppData\Local\Temp\jvmxb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\sneha\AppData\Local\Temp\lqrog.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\sneha\AppData\Local\Temp\wtpvaae.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\sneha\AppData\Local\Temp\xh9kxdl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\sneha\AppData\Local\Temp\xjoqojgw.exe (Trojan.Agent.HL) -> Quarantined and deleted successfully.
C:\Users\sneha\AppData\Local\Temp\emxsarwcon.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\sneha\downloads\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\sneha\AppData\Local\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\sneha\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\sneha\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by sneha at 22:39:43.62 on 31/08/2010
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.1051 [GMT -4:00]
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\sneha\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [skypexxxxx.exe] c:\skypexxxxx.exe\skypexxxxx.exe
uRun: [Dvezuhifucizepuf] rundll32.exe "c:\users\sneha\appdata\local\oguyepiyijiw.dll",Startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\sneha\appdata\local\windows\winhelp.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\sneha\appdata\roaming\mozilla\firefox\profiles\flbqlwud.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\users\sneha\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070108.003\IDSvix86.sys [2007-8-21 212280]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-8-21 1174664]
=============== Created Last 30 ================
2010-08-26 02:31:14 0 d-----w- C:\_temp
2010-08-26 01:07:54 0 d-----w- c:\users\sneha\appdata\roaming\DCF643561188472D4B335BF8483C0CD0
2010-08-26 00:57:31 0 d-----w- c:\program files\CHM To PDF Converter PRO
2010-08-23 18:12:46 0 d-----w- c:\program files\iPod
2010-08-23 18:12:37 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-23 18:12:37 0 d-----w- c:\program files\iTunes
2010-08-23 18:01:36 0 d-----w- c:\program files\Bonjour
2010-08-19 21:28:40 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-08-19 21:28:39 0 d-----w- c:\program files\MagicDisc
2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
==================== Find3M ====================
2010-08-23 18:04:35 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-23 18:04:35 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-23 18:04:35 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-12-15 17:10:55 174 --sha-w- c:\program files\desktop.ini
2008-06-12 06:25:57 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 22:41:33.30 ==============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 08/03/2008 9:11:51 AM
System Uptime: 31/08/2010 10:31:31 PM (0 hours ago)
Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1000/667mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 104 GiB total, 5.319 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 66.747 GiB free.
E: is FIXED (NTFS) - 8 GiB total, 1.816 GiB free.
F: is CDROM (UDF)
G: is CDROM ()
H: is CDROM (CDFS)
I: is CDROM ()
J: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
-
September 1st, 2010, 09:14 PM
#8
==== Installed Programs ======================
AC3Filter (remove only)
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.3
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AV
Bonjour
ccCommon
DHTML Editing Component
DirectVobSub (remove only)
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
ESU for Microsoft Vista
Facebook Plug-In
Free Photo Converter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Doc Viewer
HP Help and Support
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0086
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
ImgBurn
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 11
Java(TM) SE Runtime Environment 6
LightScribe 1.4.136.1
LiveUpdate 3.2 (Symantec Corporation)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.11)
MSCU for Microsoft Vista
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
QuickTime
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Safari
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SPBBC 32bit
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2279264)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
Winamp
Windows Live installer
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR archiver
==== End Of File ===========================
-
September 1st, 2010, 09:47 PM
#9
Good
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
==============================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
September 2nd, 2010, 06:20 PM
#10
Hi Broni, I will follow those instructions but won't be at that computer until approx. next Tuesday. I will post everything then. thank you.
-
September 2nd, 2010, 06:23 PM
#11
No problem
-
September 9th, 2010, 04:47 PM
#12
Hi, i just ran mbr check and combo fix. The computer just restarted and combofid made its log. However both internet explorer and firefox are not functioning. When I open firefox, there is a warning "illegal operation attempted on a registry key that has been marked for deletion." double clicking on ie does nothing.
I am posting from my iPad.
I have both both logs saved.
-
September 9th, 2010, 05:09 PM
#13
I rebooted the computer, it took much longer than usual but finally restarted normally. Firefox appears to be running normally.
MBR check log:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dx6500 Notebook PC
Logical Drives Mask: 0x000001fc
Kernel Drivers (total 155):
0x81C00000 \SystemRoot\system32\ntkrnlpa.exe
0x81FA1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80461000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
0x80434000 \SystemRoot\system32\drivers\pci.sys
0x80425000 \SystemRoot\system32\drivers\volmgr.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040B000 \SystemRoot\System32\drivers\mountmgr.sys
0x80404000 \SystemRoot\system32\DRIVERS\pciide.sys
0x807F2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x807A8000 \SystemRoot\System32\drivers\volmgrx.sys
0x806EA000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x806E2000 \SystemRoot\system32\drivers\atapi.sys
0x806C4000 \SystemRoot\system32\drivers\ataport.SYS
0x80693000 \SystemRoot\system32\drivers\fltmgr.sys
0x80683000 \SystemRoot\system32\drivers\fileinfo.sys
0x8067A000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x876FC000 \SystemRoot\system32\drivers\ndis.sys
0x8064F000 \SystemRoot\system32\drivers\msrpc.sys
0x80616000 \SystemRoot\system32\drivers\NETIO.SYS
0x878F8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87692000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8765C000 \SystemRoot\system32\drivers\volsnap.sys
0x8060E000 \SystemRoot\System32\Drivers\spldr.sys
0x8764D000 \SystemRoot\System32\drivers\partmgr.sys
0x8763E000 \SystemRoot\System32\Drivers\mup.sys
0x87619000 \SystemRoot\System32\drivers\ecache.sys
0x87608000 \SystemRoot\system32\drivers\disk.sys
0x878D7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80605000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B045000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87842000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88690000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B970000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B037000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BA1A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8B815000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B02A000 \SystemRoot\System32\drivers\watchdog.sys
0x8B01F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B9DD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B011000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B803000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C1D9000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8B9C6000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x887E0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B003000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C1C1000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x87833000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8B9B2000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8C070000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x88623000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x887D0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B1AC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8C05D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C052000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C027000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x88662000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C01C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C004000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B072000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8C196000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C156000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C14B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C134000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C129000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C106000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C0F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C0E4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C5F1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C5D4000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8C5AE000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x88676000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C584000 \SystemRoot\system32\DRIVERS\ks.sys
0x88650000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C0CC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C480000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B982000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x887C0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CA56000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8CA29000 \SystemRoot\system32\drivers\portcls.sys
0x8CA04000 \SystemRoot\system32\drivers\drmk.sys
0x8EABE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8EA9D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8B994000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B1D6000 \SystemRoot\System32\Drivers\Null.SYS
0x8B1DD000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EA91000 \SystemRoot\System32\drivers\vga.sys
0x8EA70000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EB76000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EB7E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C0D9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C422000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B99D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FB2B000 \SystemRoot\System32\drivers\tcpip.sys
0x8EA37000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8EA22000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EA0E000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F679000 \SystemRoot\system32\drivers\afd.sys
0x8F647000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F631000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EA00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x88214000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8F61E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F60D000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8FAF0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C0C2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FA8E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8FA77000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FA0F000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8B935000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8B91F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8C4B4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90F42000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x97600000 \SystemRoot\System32\win32k.sys
0x8B8B2000 \SystemRoot\System32\drivers\Dxapi.sys
0x96A90000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA8200000 \SystemRoot\System32\TSDDD.dll
0xA8210000 \SystemRoot\System32\cdd.dll
0xA8220000 \SystemRoot\System32\ATMFD.DLL
0xA8EE5000 \SystemRoot\system32\drivers\luafv.sys
0xAAC61000 \SystemRoot\system32\drivers\spsys.sys
0x887A0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAB3D5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAACF9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8E52000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAB717000 \SystemRoot\system32\drivers\HTTP.sys
0xA9C0C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAAC08000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA9804000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAB23E000 \SystemRoot\system32\drivers\mrxdav.sys
0xAB302000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xADDC7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB22C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB69C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xADD76000 \SystemRoot\System32\DRIVERS\srv.sys
0xAF922000 \SystemRoot\system32\drivers\peauth.sys
0xAAD71000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8F787000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB0236000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xB1731000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070430.018\NAVEX15.SYS
0xAF800000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070430.018\NAVENG.SYS
0xD9E24000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xCC254000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F6D2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x76EA0000 \Windows\System32\ntdll.dll
Processes (total 80):
0 System Idle Process
4 System
460 C:\Windows\System32\smss.exe
588 csrss.exe
628 C:\Windows\System32\wininit.exe
640 csrss.exe
672 C:\Windows\System32\services.exe
684 C:\Windows\System32\lsass.exe
692 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\winlogon.exe
876 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\SLsvc.exe
1340 C:\Windows\System32\svchost.exe
1496 C:\Windows\System32\svchost.exe
1636 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1704 C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
1908 C:\Windows\System32\spoolsv.exe
1964 C:\Windows\System32\svchost.exe
1988 C:\Windows\System32\taskeng.exe
1996 C:\Windows\System32\dwm.exe
2044 C:\Windows\explorer.exe
752 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1260 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
2064 C:\Program Files\Bonjour\mDNSResponder.exe
2084 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
2152 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
2204 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2272 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2352 C:\Windows\System32\svchost.exe
2392 C:\Windows\System32\svchost.exe
2448 C:\Windows\System32\svchost.exe
2528 C:\Windows\System32\SearchIndexer.exe
2600 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2896 C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
3092 C:\Windows\System32\taskeng.exe
3380 C:\Program Files\Windows Defender\MSASCui.exe
3392 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3432 C:\Windows\System32\igfxtray.exe
3452 C:\Windows\System32\hkcmd.exe
3468 C:\Windows\System32\igfxpers.exe
3504 C:\Windows\RtHDVCpl.exe
3512 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3520 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3536 C:\Program Files\HP\QuickPlay\QPService.exe
3560 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3580 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3592 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3632 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3720 C:\Program Files\Java\jre6\bin\jusched.exe
3752 WmiPrvSE.exe
3820 C:\Program Files\Winamp\winampa.exe
3916 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3936 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2420 C:\Program Files\iTunes\iTunesHelper.exe
1244 C:\Program Files\Windows Sidebar\sidebar.exe
900 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3180 C:\Program Files\uTorrent\uTorrent.exe
3164 C:\Program Files\Windows Media Player\wmpnscfg.exe
2944 C:\Program Files\Windows Media Player\wmpnetwk.exe
3912 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4472 C:\Windows\System32\wbem\unsecapp.exe
4820 C:\Program Files\iPod\bin\iPodService.exe
4920 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
4452 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5164 C:\Windows\System32\wuauclt.exe
1656 C:\Program Files\Java\jre6\bin\jucheck.exe
5120 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
5740 C:\Windows\System32\igfxsrvc.exe
4320 C:\Windows\System32\conime.exe
512 C:\Program Files\Mozilla Firefox\firefox.exe
5876 taskeng.exe
5996 dllhost.exe
540 dllhost.exe
3288 C:\Users\sneha\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000019`e1709400 (NTFS)
PhysicalDrive0 Model Number: FUJITSUMHY2120BH, Rev: 890B
PhysicalDrive1 Model Number: WDCWD800BEVS-60RST0, Rev: 04.01G04
Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
74 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
-
September 9th, 2010, 05:10 PM
#14
ComboFix Log:
ComboFix 10-09-08.03 - sneha 09/09/2010 16:03:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.1154 [GMT -4:00]
Running from: c:\users\sneha\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\skypexxxxx.exe
c:\skypexxxxx.exe\config.bin
c:\skypexxxxx.exe\skypexxxxx.exe
c:\users\sneha\AppData\Local\{9F10ABB7-F265-46B1-AF38-0629B98AE180}
c:\users\sneha\AppData\Local\{9F10ABB7-F265-46B1-AF38-0629B98AE180}\chrome.manifest
c:\users\sneha\AppData\Local\{9F10ABB7-F265-46B1-AF38-0629B98AE180}\chrome\content\_cfg.js
c:\users\sneha\AppData\Local\{9F10ABB7-F265-46B1-AF38-0629B98AE180}\chrome\content\overlay.xul
c:\users\sneha\AppData\Local\{9F10ABB7-F265-46B1-AF38-0629B98AE180}\install.rdf
c:\users\sneha\AppData\Local\Windows Server
c:\users\sneha\AppData\Local\Windows Server\flags.ini
c:\users\sneha\AppData\Local\Windows Server\hlp.dat
c:\users\sneha\AppData\Local\Windows Server\server.dat
c:\users\sneha\AppData\Local\Windows Server\uses32.dat
c:\users\sneha\AppData\Roaming\DCF643561188472D4B335BF8483C0CD0
c:\users\sneha\AppData\Roaming\DCF643561188472D4B335BF8483C0CD0\enemies-names.txt
c:\users\sneha\AppData\Roaming\DCF643561188472D4B335BF8483C0CD0\local.ini
c:\users\sneha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\sneha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\sneha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\system32\drivers\gbsbi.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_usnjsvc
-------\Service_eeagtee
((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.
2010-09-09 19:59 . 2010-09-09 20:00 -------- d-----w- C:\32788R22FWJFW
2010-08-26 02:31 . 2010-08-26 02:31 -------- d-----w- C:\_temp
2010-08-26 01:07 . 2010-09-02 01:08 -------- d-----w- c:\users\sneha\AppData\Local\Windows
2010-08-26 00:57 . 2010-08-26 03:41 -------- d-----w- c:\program files\CHM To PDF Converter PRO
2010-08-23 18:20 . 2010-08-23 18:21 -------- d-----w- c:\program files\QuickTime
2010-08-23 18:17 . 2010-08-23 18:17 -------- d-----w- c:\program files\Safari
2010-08-23 18:12 . 2010-08-23 18:12 -------- d-----w- c:\program files\iPod
2010-08-23 18:12 . 2010-08-23 18:13 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-23 18:12 . 2010-08-23 18:13 -------- d-----w- c:\program files\iTunes
2010-08-23 18:01 . 2010-08-23 18:01 -------- d-----w- c:\program files\Bonjour
2010-08-19 21:28 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-08-19 21:28 . 2010-08-19 21:30 -------- d-----w- c:\program files\MagicDisc
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 20:22 . 2009-11-01 00:00 -------- d-----w- c:\users\sneha\AppData\Roaming\uTorrent
2010-09-01 01:07 . 2008-12-15 02:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 18:15 . 2010-03-03 04:08 -------- d-----w- c:\users\sneha\AppData\Roaming\Apple Computer
2010-08-23 18:12 . 2010-03-03 04:01 -------- d-----w- c:\program files\Common Files\Apple
2010-08-23 18:12 . 2010-03-03 04:04 -------- d-----w- c:\programdata\Apple Computer
2010-08-13 07:58 . 2007-08-21 08:42 -------- d-----w- c:\programdata\Microsoft Help
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-12 1232896]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-24 322352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-04-12 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 133912]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-13 431752]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\users\sneha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-8-19 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 212280]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\sneha\AppData\Roaming\Mozilla\Firefox\Profiles\flbqlwud.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\sneha\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-skypexxxxx.exe - c:\skypexxxxx.exe\skypexxxxx.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 16:26
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2010-09-09 16:36:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-09 20:36
Pre-Run: 2,324,242,432 bytes free
Post-Run: 2,967,732,224 bytes free
- - End Of File - - 9873CB34F5E4DB6431F701C7792039B7
-
September 9th, 2010, 08:19 PM
#15
"illegal operation attempted on a registry key that has been marked for deletion."
Restarting computer should fix the issue.
Your MBR seems to be infected.
Run MBRCheck again.
When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter
When the program asks you to Enter your choice, enter 2 and press the Enter key.
Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.
Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 3 for Windows Vista, and then press Enter.
Next the program will prompt for confirmation.
Type YES and hit Enter.
When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.
Then, reboot, run MBRCheck again and post new log.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|