Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

several issues... virus? junk sites, device driver, logging on issues

This is a discussion on several issues... virus? junk sites, device driver, logging on issues within the Resolved HJT Threads forums, part of the Tech Support Forum category. I have been trying to post for several days but unable to. The issues i have been having includes: my


 
 
Thread Tools Search this Thread
Old 03-31-2011, 05:37 PM   #1
Registered Member
 
Join Date: Mar 2011
Posts: 22
OS: Windows 7 Home Premium, SP1



I have been trying to post for several days but unable to. The issues i have been having includes: my driver for my NVIDIA GeForce 7400 is preventing standby, google is directing me to junk sites, and i am having issues with restarting with either it taking forever to shut down, or when it restarts, all i get is a background and pointer, but that's it.

whenever i try to copy and paste, i think that is what is preventing me from being able to post. so my dds log is attached but that's all i can do for now...
Attached Files
File Type: zip Attach.zip (3.2 KB, 34 views)
look85 is offline  
Sponsored Links
Advertisement
 
Old 04-03-2011, 07:48 AM   #2
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello Leah,

I appreciate your efforts, but I really need to see the dds.txt. That's the one with all the 'meat'

Can you please run dds.scr again and attach the dds.txt?

What about gmer? Were you able to run that?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-03-2011, 03:05 PM   #3
Registered Member
 
Join Date: Mar 2011
Posts: 22
OS: Windows 7 Home Premium, SP1



thanks for responding!

it still won't let me copy and paste so i attached the DDS file as a compressed file (wouldn't let me attach it as a .txt file). Also attached is the attach.txt file and the gmer file - i didn't originally attach that because when i didn't realize my computer was a 32 bit so i never ran it (looked up that 86 = 32 bit ;)

let me know if this helps at all.

Thanks!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 15:22:57.64 on Sun 04/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.254 [GMT -5:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\pc issues\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=userinit.exe
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244055679740
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bt1gh6is.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\owner\application data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Add to Amazon Wish List Button: [email protected] - %profile%\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2009-6-7 61440]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 StumbleUponUpdateService;StumbleUponUpdateService;"c:\program files\stumbleupon\stumbleuponupdateservice.exe" --> c:\program files\stumbleupon\StumbleUponUpdateService.exe [?]
.
=============== Created Last 30 ================
.
2011-04-03 02:59:06 -------- d-----w- c:\program files\VideoLAN
2011-04-02 17:04:39 -------- d-----w- C:\temp_dvd
2011-04-01 18:23:11 -------- d-----w- C:\DVDneXtCOPY
2011-04-01 18:23:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\DVDneXtCOPY
2011-04-01 17:54:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2011-03-30 22:44:37 0 ----a-w- c:\windows\system32\MFC71KORM.dll
2011-03-30 00:49:58 -------- d-----w- c:\program files\Panda Security
2011-03-26 18:47:26 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-21 22:08:52 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-03-21 22:08:48 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-03-21 22:08:47 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-03-21 22:08:43 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-03-21 22:08:39 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-03-21 22:08:25 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-03-21 22:08:21 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-03-21 22:08:20 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-03-21 22:08:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-03-21 22:08:15 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-03-21 22:08:14 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-03-21 2253 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2011-03-21 22:05:58 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-03-21 22:04:57 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-03-21 22:03:57 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-03-21 22:02:58 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-03-21 22:01:59 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-03-21 22:00:57 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-03-21 21:59:57 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-03-21 21:58:57 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2011-03-21 21:57:55 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-03-21 21:56:58 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2011-03-21 21:55:59 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2011-03-21 21:54:58 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-03-21 21:54:55 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2011-03-21 21:54:52 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-03-21 21:54:49 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-03-21 21:54:32 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-03-21 21:54:29 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-03-21 21:54:12 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-03-21 21:54:02 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-03-21 21:52:59 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2011-03-21 21:51:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-03-21 21:50:59 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2011-03-21 21:49:57 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2011-03-21 21:49:54 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2011-03-21 21:49:51 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-03-21 21:49:48 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2011-03-21 21:49:29 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-03-21 21:49:25 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2011-03-21 21:49:21 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-03-21 21:49:17 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2011-03-21 21:49:13 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-03-21 21:49:09 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2011-03-21 21:49:06 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2011-03-21 21:49:00 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2011-03-21 21:47:55 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2011-03-21 21:47:51 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2011-03-21 21:47:46 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2011-03-21 21:47:42 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2011-03-21 21:47:37 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2011-03-21 21:47:32 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-03-21 21:47:27 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2011-03-21 21:47:22 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2011-03-21 21:47:18 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2011-03-21 21:47:13 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2011-03-21 21:47:09 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2011-03-21 21:47:03 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2011-03-21 21:47:00 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2011-03-21 21:45:58 119296 -c--a-w- c:\windows\system32\dllcache\hpdigwia.dll
2011-03-21 21:44:58 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2011-03-21 21:43:51 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2011-03-21 21:42:58 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2011-03-21 21:41:59 50719 -c--a-w- c:\windows\system32\dllcache\e1000nt5.sys
2011-03-21 21:40:59 29531 -c--a-w- c:\windows\system32\dllcache\dgapci.sys
2011-03-21 21:39:54 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2011-03-21 21:38:59 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll
2011-03-21 21:37:39 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-03-21 21:32:23 -------- d-----w- c:\program files\Western Digital Corporation
2011-03-21 21:32:17 20992 ----a-w- c:\windows\jestertb.dll
2011-03-21 01:46:51 -------- d-----w- c:\docume~1\owner\applic~1\AVG
2011-03-20 05:54:04 -------- d-----w- c:\windows\system32\Registry Patrol
2011-03-20 05:53:47 -------- d-----w- c:\program files\Registry Patrol
2011-03-19 22:53:05 -------- d-----w- c:\docume~1\owner\applic~1\RegistryTool
2011-03-12 17:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 17:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600 Disk: WDC_WD1200BEVS-60RST0 rev.04.01G04 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86712555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x867187b0]; MOV EAX, [0x8671882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86747AB8]
3 CLASSPNP[0xF7672FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007a[0x8674B1B8]
5 ACPI[0xF74E9620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8674A940]
\Driver\atapi[0x86775620] -> IRP_MJ_CREATE -> 0x86712555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD1200BEVS-60RST0___________________04.01G04#5&1ed6e227&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8671239B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:25:08.78 ===============
Attached Files
File Type: zip Attach.zip (4.4 KB, 25 views)
File Type: zip DDS.zip (6.0 KB, 26 views)
look85 is offline  
Sponsored Links
Advertisement
 
Old 04-03-2011, 05:14 PM   #4
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome. :)

It will require more than 1 round to clean the system. Please stay with me until given the 'all clear' even if symptoms seem to abate.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-03-2011, 05:25 PM   #5
Registered Member
 
Join Date: Mar 2011
Posts: 22
OS: Windows 7 Home Premium, SP1



i disabled panda software in the tray and i checked under processed but i don't see anything that says panda softwar (but i don't have a description column, only image name). does that mean it's disabled and i'm clear to run the combofix?
look85 is offline  
Old 04-03-2011, 05:50 PM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



To be certain, run ComboFix from Safe Mode.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-03-2011, 06:26 PM   #7
Registered Member
 
Join Date: Mar 2011
Posts: 22
OS: Windows 7 Home Premium, SP1



i didn't see this reply so i went ahead and ran it anyway because i could not find that it was running anywhere:

C:\ComboFix.txt:

ComboFix 11-04-03.01 - Owner 04/03/2011 19:42:15.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.653 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\jestertb.dll
c:\windows\regedit.com
c:\windows\system32\MFC71KORM.dll
c:\windows\system32\taskmgr.com
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WMPNetworkSvc
.
.
((((((((((((((((((((((((( Files Created from 2011-03-04 to 2011-04-04 )))))))))))))))))))))))))))))))
.
.
2011-04-04 00:29 . 2011-04-04 00:30 -------- d-----w- C:\32788R22FWJFW
2011-04-03 03:00 . 2011-04-03 03:00 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2011-04-03 02:59 . 2011-04-03 02:59 -------- d-----w- c:\program files\VideoLAN
2011-04-02 17:04 . 2011-04-02 17:04 -------- d-----w- C:\temp_dvd
2011-04-01 18:23 . 2011-04-03 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DVDneXtCOPY
2011-04-01 18:23 . 2011-04-01 20:45 -------- d-----w- C:\DVDneXtCOPY
2011-04-01 18:01 . 2011-04-01 18:05 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2011-04-01 17:54 . 2011-04-01 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-03-30 00:49 . 2011-03-30 00:49 -------- d-----w- c:\program files\Panda Security
2011-03-26 18:47 . 2011-03-26 18:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-03-26 18:47 . 2011-03-30 00:13 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-21 21:59 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-03-21 21:58 . 2001-08-17 19:56 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2011-03-21 21:57 . 2001-08-17 18:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-03-21 21:56 . 2001-08-18 03:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2011-03-21 21:55 . 2001-08-18 03:36 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2011-03-21 21:54 . 2001-08-17 18:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-03-21 21:54 . 2001-08-17 17:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2011-03-21 21:54 . 2001-08-17 17:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-03-21 21:54 . 2001-08-17 17:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-03-21 21:54 . 2001-08-17 17:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-03-21 21:54 . 2001-08-18 03:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-03-21 21:54 . 2001-08-17 17:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-03-21 21:54 . 2001-08-17 18:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-03-21 21:52 . 2001-08-17 18:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2011-03-21 21:51 . 2001-08-17 18:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-03-21 21:50 . 2001-08-17 18:28 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2011-03-21 21:49 . 2001-08-18 03:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2011-03-21 21:49 . 2001-08-17 18:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2011-03-21 21:49 . 2001-08-17 18:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-03-21 21:49 . 2001-08-17 18:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2011-03-21 21:49 . 2001-08-18 03:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-03-21 21:49 . 2001-08-17 19:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2011-03-21 21:49 . 2001-08-18 03:36 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-03-21 21:49 . 2001-08-18 03:36 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2011-03-21 21:49 . 2001-08-17 19:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-03-21 21:49 . 2001-08-18 03:36 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2011-03-21 21:49 . 2001-08-18 03:36 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2011-03-21 21:49 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2011-03-21 21:47 . 2001-08-17 18:28 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2011-03-21 21:47 . 2001-08-17 18:28 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2011-03-21 21:47 . 2001-08-17 18:28 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2011-03-21 21:47 . 2001-08-17 18:28 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2011-03-21 21:47 . 2001-08-17 18:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2011-03-21 21:47 . 2001-08-18 03:36 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-03-21 21:47 . 2001-08-17 18:28 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2011-03-21 21:47 . 2001-08-17 18:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2011-03-21 21:47 . 2001-08-17 18:28 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2011-03-21 21:47 . 2001-08-17 18:28 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2011-03-21 21:47 . 2001-08-17 18:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2011-03-21 21:47 . 2001-08-18 03:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2011-03-21 21:47 . 2001-08-17 18:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2011-03-21 21:45 . 2001-08-18 03:36 119296 -c--a-w- c:\windows\system32\dllcache\hpdigwia.dll
2011-03-21 21:44 . 2001-08-17 17:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2011-03-21 21:43 . 2001-08-18 03:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2011-03-21 21:42 . 2001-08-18 03:36 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2011-03-21 21:41 . 2001-08-17 17:12 50719 -c--a-w- c:\windows\system32\dllcache\e1000nt5.sys
2011-03-21 21:40 . 2001-08-17 17:17 29531 -c--a-w- c:\windows\system32\dllcache\dgapci.sys
2011-03-21 21:39 . 2001-08-17 17:11 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2011-03-21 21:38 . 2001-08-18 03:36 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll
2011-03-21 21:37 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-03-21 21:32 . 2011-03-21 21:32 -------- d-----w- c:\program files\Western Digital Corporation
2011-03-21 01:46 . 2011-03-21 02:04 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG
2011-03-20 05:54 . 2011-03-20 05:54 -------- d-----w- c:\windows\system32\Registry Patrol
2011-03-20 05:53 . 2011-03-20 05:56 -------- d-----w- c:\program files\Registry Patrol
2011-03-19 22:53 . 2011-03-19 22:53 -------- d-----w- c:\documents and settings\Owner\Application Data\RegistryTool
2011-03-19 13:10 . 2011-03-19 13:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-16 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-16 86016]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-05 68592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 6:12 PM 130376]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [12/16/2010 6:19 PM 140608]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [6/7/2009 7:20 AM 61440]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 6:12 PM 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 6:12 PM 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 6:12 PM 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 6:12 PM 113096]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 7:41 PM 135664]
S3 StumbleUponUpdateService;StumbleUponUpdateService;"c:\program files\StumbleUpon\StumbleUponUpdateService.exe" --> c:\program files\StumbleUpon\StumbleUponUpdateService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:41]
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bt1gh6is.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Owner\Application Data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Add to Amazon Wish List Button: [email protected] - %profile%\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-03 20:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3152)
c:\windows\system32\WININET.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-04-03 20:22:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-04 01:22
ComboFix2.txt 2010-05-04 23:03
.
Pre-Run: 66,388,160,512 bytes free
Post-Run: 67,899,371,520 bytes free
.
- - End Of File - - 027992632BCA1F01C1CED72669392E1F
look85 is offline  
Old 04-03-2011, 06:43 PM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



The machine should be in much better shape, but we have a bit more to do yet.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Open notepad and copy/paste the text in the code box below into it:

Quote:
DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555

Folder::
c:\windows\system32\Registry Patrol
c:\program files\Registry Patrol
c:\docume~1\owner\applic~1\RegistryTool
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, post the C:\ComboFix.txt.

How is the machine behaving now?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-03-2011, 07:26 PM   #9
Registered Member
 
Join Date: Mar 2011
Posts: 22
OS: Windows 7 Home Premium, SP1



2 of the 3 issues seemed resolved: i restarted my computer and it shut down and logged on without too much of a lag. No blank screens or anything so i think that's good to go. i also tested out google and went to several websites without being redirected.

So the only thing NOT fixed is that my computer won't go into standby due to my Nvidia GeForce Go 7400 Driver. the message i get is 'system standby failed: the device driver for the 'NVIDIA GeForce Go 7400' device is preventing the maching from entering stadby. Please close all applications and try again. If teh problem persists, you may need to update this driver'. I tried updating it through device manager but it said the driver on my computer is the most up to date.'

I was having problems about a week or so ago with autontfs.dll files and generic host process errors and found that if i ran sfc scannow feature using my XP disk would fix it. It did... and since then i have been having this problem with my device driver.

i tried copying my combofix log but it says the submission is too long. So i'm attaching it, let me know if you have a problem with that.


ComboFix 11-04-03.01 - Owner 04/03/2011 20:58:21.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.597 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\owner\applic~1\RegistryTool
c:\docume~1\owner\applic~1\RegistryTool\Logs\2011-03-19 17-53-050.log
c:\program files\Registry Patrol
c:\program files\Registry Patrol\applications.mdb
c:\program files\Registry Patrol\MemWarp.dll
c:\program files\Registry Patrol\msado27.tlb
c:\program files\Registry Patrol\MSVBVM60.dll
c:\program files\Registry Patrol\RegistryPatrol.exe
c:\program files\Registry Patrol\SQLite3VB.dll
c:\program files\Registry Patrol\tskschd.dll
c:\windows\system32\Registry Patrol
.
.
((((((((((((((((((((((((( Files Created from 2011-03-04 to 2011-04-04 )))))))))))))))))))))))))))))))
.
.
2011-04-03 03:00 . 2011-04-03 03:00 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2011-04-03 02:59 . 2011-04-03 02:59 -------- d-----w- c:\program files\VideoLAN
2011-04-02 17:04 . 2011-04-02 17:04 -------- d-----w- C:\temp_dvd
2011-04-01 18:23 . 2011-04-03 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DVDneXtCOPY
2011-04-01 18:23 . 2011-04-01 20:45 -------- d-----w- C:\DVDneXtCOPY
2011-04-01 18:01 . 2011-04-01 18:05 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2011-04-01 17:54 . 2011-04-01 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-03-30 00:49 . 2011-03-30 00:49 -------- d-----w- c:\program files\Panda Security
2011-03-26 18:47 . 2011-03-26 18:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-03-26 18:47 . 2011-03-30 00:13 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-21 22:08 . 2008-04-13 22:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-03-21 22:08 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-03-21 22:08 . 2008-04-13 22:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-03-21 22:08 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-03-21 22:08 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-03-21 22:08 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-03-21 22:08 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-03-21 22:08 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-03-21 22:08 . 2008-04-13 16:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-03-21 22:08 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-03-21 22:08 . 2008-04-13 22:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-03-21 22:06 . 2001-08-17 18:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2011-03-21 22:05 . 2008-04-13 16:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-03-21 22:04 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-03-21 22:03 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-03-21 22:02 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-03-21 22:01 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-03-21 22:00 . 2008-04-13 16:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-03-21 21:59 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-03-21 21:58 . 2001-08-17 19:56 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2011-03-21 21:57 . 2001-08-17 18:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-03-21 21:56 . 2001-08-18 03:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2011-03-21 21:55 . 2001-08-18 03:36 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2011-03-21 21:54 . 2001-08-17 18:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-03-21 21:54 . 2001-08-17 17:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2011-03-21 21:54 . 2001-08-17 17:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-03-21 21:54 . 2001-08-17 17:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-03-21 21:54 . 2001-08-17 17:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-03-21 21:54 . 2001-08-18 03:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-03-21 21:54 . 2001-08-17 17:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-03-21 21:54 . 2001-08-17 18:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-03-21 21:52 . 2001-08-17 18:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2011-03-21 21:51 . 2001-08-17 18:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-03-21 21:50 . 2001-08-17 18:28 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2011-03-21 21:49 . 2001-08-18 03:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2011-03-21 21:49 . 2001-08-17 18:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2011-03-21 21:49 . 2001-08-17 18:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-03-21 21:49 . 2001-08-17 18:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2011-03-21 21:49 . 2001-08-18 03:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-03-21 21:49 . 2001-08-17 19:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2011-03-21 21:49 . 2001-08-18 03:36 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-03-21 21:49 . 2001-08-18 03:36 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2011-03-21 21:49 . 2001-08-17 19:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-03-21 21:49 . 2001-08-18 03:36 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2011-03-21 21:49 . 2001-08-18 03:36 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2011-03-21 21:49 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2011-03-21 21:47 . 2001-08-17 18:28 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2011-03-21 21:47 . 2001-08-17 18:28 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2011-03-21 21:47 . 2001-08-17 18:28 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2011-03-21 21:47 . 2001-08-17 18:28 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2011-03-21 21:47 . 2001-08-17 18:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2011-03-21 21:47 . 2001-08-18 03:36 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-03-21 21:47 . 2001-08-17 18:28 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2011-03-21 21:47 . 2001-08-17 18:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2011-03-21 21:47 . 2001-08-17 18:28 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2011-03-21 21:47 . 2001-08-17 18:28 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2011-03-21 21:47 . 2001-08-17 18:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2011-03-21 21:47 . 2001-08-18 03:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2011-03-21 21:47 . 2001-08-17 18:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2011-03-21 21:45 . 2001-08-18 03:36 119296 -c--a-w- c:\windows\system32\dllcache\hpdigwia.dll
2011-03-21 21:44 . 2001-08-17 17:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2011-03-21 21:43 . 2001-08-18 03:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2011-03-21 21:42 . 2001-08-18 03:36 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2011-03-21 21:41 . 2001-08-17 17:12 50719 -c--a-w- c:\windows\system32\dllcache\e1000nt5.sys
2011-03-21 21:40 . 2001-08-17 17:17 29531 -c--a-w- c:\windows\system32\dllcache\dgapci.sys
2011-03-21 21:39 . 2001-08-17 17:11 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2011-03-21 21:38 . 2001-08-18 03:36 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll
2011-03-21 21:37 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-03-21 21:32 . 2011-03-21 21:32 -------- d-----w- c:\program files\Western Digital Corporation
2011-03-21 01:46 . 2011-03-21 02:04 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG
2011-03-19 13:10 . 2011-03-19 13:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( [email protected]_23.02.16 )))))))))))))))))))))))))))))))))))))))))


**edited snapshot due to character limitations**


-- Snapshot reset to current date --
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-16 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-16 86016]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-05 68592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 6:12 PM 130376]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [12/16/2010 6:19 PM 140608]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [6/7/2009 7:20 AM 61440]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 6:12 PM 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 6:12 PM 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 6:12 PM 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 6:12 PM 113096]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 7:41 PM 135664]
S3 StumbleUponUpdateService;StumbleUponUpdateService;"c:\program files\StumbleUpon\StumbleUponUpdateService.exe" --> c:\program files\StumbleUpon\StumbleUponUpdateService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:41]
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bt1gh6is.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Owner\Application Data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Add to Amazon Wish List Button: [email protected] - %profile%\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-03 21:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-03 21:07:13
ComboFix-quarantined-files.txt 2011-04-04 02:07
ComboFix2.txt 2011-04-04 01:22
ComboFix3.txt 2010-05-04 23:03
.
Pre-Run: 67,916,599,296 bytes free
Post-Run: 67,903,143,936 bytes free
.
- - End Of File - - 9F6588ACD5D508EADDAB878CA54B2BD8
Attached Files
File Type: txt ComboFix.txt (420.3 KB, 41 views)
look85 is offline  
Old 04-03-2011, 08:00 PM   #10
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Quote:
So the only thing NOT fixed is that my computer won't go into standby due to my Nvidia GeForce Go 7400 Driver. the message i get is 'system standby failed: the device driver for the 'NVIDIA GeForce Go 7400' device is preventing the maching from entering stadby. Please close all applications and try again. If teh problem persists, you may need to update this driver'. I tried updating it through device manager but it said the driver on my computer is the most up to date.'
As the focus and expertise of this area is malware removal, when we're through here, you'd do best seeking guidance from the folks in the Video Card Support section of this forum regarding this nVidia issue.

It's important to run an online scan to search for any remnants that may be lurking. Please go to here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-03-2011, 09:17 PM   #11
Registered Member
 
Join Date: Mar 2011
Posts: 22
OS: Windows 7 Home Premium, SP1



C:\Qoobox\Quarantine\C\Program Files\Registry Patrol\RegistryPatrol.exe.vir a variant of Win32/Adware.RegistryPatrol application
C:\System Volume Information\_restore{8054ACEA-D778-4C70-816B-6D4452B36965}\RP39\A0039733.rbf a variant of Win32/Adware.ErrorRepair application
C:\System Volume Information\_restore{8054ACEA-D778-4C70-816B-6D4452B36965}\RP49\A0072122.exe probably a variant of Win32/Adware.180Solutions application
C:\System Volume Information\_restore{8054ACEA-D778-4C70-816B-6D4452B36965}\RP49\A0072123.dll probably a variant of Win32/Adware.HotBar.E application
C:\System Volume Information\_restore{8054ACEA-D778-4C70-816B-6D4452B36965}\RP49\A0072126.exe probably a variant of Win32/Adware.HotBar.E application
C:\System Volume Information\_restore{8054ACEA-D778-4C70-816B-6D4452B36965}\RP49\A0072132.dll a variant of Win32/Adware.Toolbar.Shopper.AB application
C:\System Volume Information\_restore{8054ACEA-D778-4C70-816B-6D4452B36965}\RP49\A0074377.exe a variant of Win32/Adware.RegistryPatrol application
look85 is offline  
Old 04-03-2011, 09:30 PM   #12
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Eset's findings are backups created during the course of this fix, and items located in C:\System Volume Information\, which is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be resetting/clearing the cache momentarily.


If there aren't any more problems, we have some final housekeeping to tend to now. Please do not skip this step as it will implement important cleanup procedures, as well as reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /uninstall

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.


To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - Microsoft Windows Update
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
    • SpywareBlaster is a preventative program. It sets flags in the registry to prevent the running of a specific list of bad spyware related ActiveX controls. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

  • WOT, Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE.


  • Scan here OSI - Consumer - Products for out of date & vulnerable common applications on your computer

  • BACKING UP YOUR REGISTRY
    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders System Restore unavailable by simple means. With ERUNT, you're able to restore the damaged Registry.

    Vista/Windows 7 users - see this link for proper setup of Erunt Automatically Backup your Windows Vista Registry daily using ERUNT - The Winhelponline Blog


    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-04-2011, 04:20 AM   #13
Registered Member
 
Join Date: Mar 2011
Posts: 22
OS: Windows 7 Home Premium, SP1



ran the combofix uninstall so i think the malware issue has been solved. thank you so much for your assistance!
look85 is offline  
Old 04-04-2011, 05:38 AM   #14
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome. Best wishes.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[System] Slows down to 13%-20% semi randomly.
Hello this is my first time posting on this forum. Problem: I'll run a program such as Stress Tests or CS:S and roughly within 15 minutes (give or take) I start to stutter and soon as I close the program CS:S I'll look at my processes and notice that system nt kernel is saying anywhere from...
X Myth BSOD, App Crashes And Hangs 40 03-28-2011 01:53 AM
Slow/Not responsive
My pc has lately as expected gone very slow and not as responsive. At the start-up especially. I have to wait a good 2mins before touching anything or things start to 'Not respond' and such. I was wondering if you guys could recommend me ANYTHING that I could do to speed up my pc significantly....
bhstr99 Windows 7 , Windows Vista Support 18 03-26-2011 03:38 PM
[SOLVED] Yet Another Antivira Av Virus :(
so I've gotten this virus Antivira Av that will pop up and say that I'm under attack... obviously fake. right now I'm in safe mode as i can't open anything other than the internet without Antivira closing it out. I couldn't find a save button for the Gmer log, so if necessary i can run it again...
chuckles3 Resolved HJT Threads 22 03-05-2011 10:39 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM
XP PRO no start when I push start button
I have recently formatted my primary hard drive and reloaded XP Pro. I then had issues with it wanting to start from the CD at one point but after a few reboots a second format / reinstall and numerous windows updates it seems to be working fine with the exception of ... if I turn the machine off...
cmorejava Motherboards, Bios & CPU 8 01-29-2011 10:51 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:05 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts