Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Weird computer‚??s behaviour.

This is a discussion on Weird computer‚??s behaviour. within the Resolved HJT Threads forums, part of the Tech Support Forum category. Couple of weeks back my machine started to act strangely. At one point Iíve lost connection with the internet. Iím


 
 
Thread Tools Search this Thread
Old 09-16-2009, 11:32 AM   #1
Registered Member
 
Join Date: Dec 2007
Posts: 33
OS: windows vista home premium 32-bit



Couple of weeks back my machine started to act strangely. At one point Iíve lost connection with the internet. Iím using 3G broadband via huawei modem as no other broadband is available where I live. Struggled for hours to regain it and even when I did had the trouble to load some pages. Had difficulties to launch the browsers in the first place. Ever since broken connections happen frequently. I have to fight for hours to re-establish it. Either the application canít initialize modem or the modem canít connect to a server. Have to restore system to a previous point every six hours or so, to get connected. Whatís strange about it, I Ďm using NOD32 AV and it doesnít pick up anything. MBAM scan doesnít show anything either. Been doing on- line scans. Came back clean. There is definitely something messing up with my system but I canít find out what. I probably wonít be able to sort it out on my own. Thatís why I waned to ask you guys, very kindly, to give me a hand.





DDS (Ver_09-07-30.01) - NTFSx86
Run by No.13 at 17:55:31.34 on 16/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_14
Microsoftģ Windows Vistaô Home Premium 6.0.6002.2.1252.353.1033.18.2037.1133 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dlcqcoms.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPlus\iPlusManager.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\No.13\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [DLCQCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCQtime.dll,[email protected]
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {72730CC9-12EA-439B-83D2-04BC31389BC6} = 62.40.32.33 62.40.32.34
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\no.13\appdata\roaming\mozilla\firefox\profiles\oa0wk7hp.default\
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athru6.sys [2007-7-5 873472]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-8-3 21504]

=============== Created Last 30 ================

2009-09-16 16:14 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-16 16:03 230,912 a------- c:\windows\PEV.exe
2009-09-16 16:03 161,792 a------- c:\windows\SWREG.exe
2009-09-16 16:03 98,816 a------- c:\windows\sed.exe
2009-09-16 16:03 <DIR> --d----- C:\Combo4265C
2009-09-15 21:52 <DIR> --d----- C:\ComboFix
2009-09-15 20:25 <DIR> --d----- C:\combo
2009-09-13 22:25 410,984 a------- c:\windows\system32\deploytk.dll
2009-09-13 19:42 <DIR> --d----- c:\programdata\McAfee Security Scan
2009-09-13 19:42 <DIR> --d----- c:\progra~2\McAfee Security Scan
2009-09-13 19:21 693,760 a------- c:\windows\is-P65QG.exe
2009-09-13 19:21 10,498 a------- c:\windows\is-P65QG.msg
2009-09-13 19:21 422 a------- c:\windows\is-P65QG.lst
2009-09-10 23:32 196,608 a------- c:\windows\system32\Ikeext.etl
2009-09-09 18:18 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 18:18 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-09 18:18 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 18:18 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-09 18:18 10,240 a------- c:\windows\system32\finger.exe
2009-09-09 18:18 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 18:18 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 18:18 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 18:18 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 18:18 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-09 18:18 17,920 a------- c:\windows\system32\netevent.dll
2009-09-09 18:10 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-09 18:08 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-09 18:08 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-09 18:08 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-09 18:08 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-09 18:08 513,536 a------- c:\windows\system32\wlansvc.dll
2009-09-09 18:08 65,024 a------- c:\windows\system32\wlanapi.dll
2009-09-02 12:18 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 12:18 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-25 19:27 <DIR> --d----- c:\users\no.13\Office Genuine Advantage
2009-08-25 18:54 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-08-25 18:47 2,048 a------- c:\windows\system32\tzres.dll
2009-08-24 16:10 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-24 16:10 218,624 a------- c:\windows\system32\msv1_0.dll
2009-08-24 16:10 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-24 16:10 270,848 a------- c:\windows\system32\schannel.dll
2009-08-24 16:10 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-08-24 16:10 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-24 16:10 72,704 a------- c:\windows\system32\secur32.dll
2009-08-24 16:10 9,728 a------- c:\windows\system32\lsass.exe
2009-08-24 15:06 71,680 a------- c:\windows\system32\atl.dll
2009-08-24 15:05 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-24 15:00 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-24 15:00 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-24 15:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-24 15:00 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-24 15:00 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-24 15:00 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-24 15:00 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-24 15:00 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-24 15:00 18,432 a------- c:\windows\system32\amcompat.tlb

==================== Find3M ====================

2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-29 03:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 03:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 03:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 03:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-30 21:02 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-30 21:02 51,200 a------- c:\windows\inf\infpub.dat
2009-07-30 21:02 86,016 a------- c:\windows\inf\infstor.dat
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-07 17:05 5,642 a--sh--- c:\programdata\KGyGaAvL.sys
2009-07-07 17:05 5,642 a--sh--- c:\progra~2\KGyGaAvL.sys
2009-05-28 12:27 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-16 20:52 88 a--shr-- c:\programdata\6F20A8A22A.sys
2009-03-16 20:52 88 a--shr-- c:\progra~2\6F20A8A22A.sys
2008-08-19 16:34 88 ---shr-- c:\programdata\61B8947CC5.sys
2008-08-19 16:34 88 ---shr-- c:\progra~2\61B8947CC5.sys
2008-08-04 20:44 56 a---h--- c:\programdata\ezsidmv.dat
2008-08-04 20:44 56 a---h--- c:\progra~2\ezsidmv.dat
2008-08-03 15:29 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:56:18.27
Attached Files
File Type: zip ark.zip (578 Bytes, 13 views)
File Type: zip Attach.zip (3.7 KB, 15 views)
No.13 is offline  
Sponsored Links
Advertisement
 
Old 09-20-2009, 02:49 AM   #2
Registered Member
 
Join Date: Dec 2007
Posts: 33
OS: windows vista home premium 32-bit



Bump.
No.13 is offline  
Old 09-23-2009, 12:53 PM   #3
Registered Member
 
Join Date: Dec 2007
Posts: 33
OS: windows vista home premium 32-bit



Bump?
No.13 is offline  
Sponsored Links
Advertisement
 
Old 09-23-2009, 01:58 PM   #4
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Who advised you to run ComboFix? Post the log it produced - you'll find it at C:\ComboFix.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-23-2009, 02:07 PM   #5
Registered Member
 
Join Date: Dec 2007
Posts: 33
OS: windows vista home premium 32-bit



..sorry for that. Been driven by desperation.

Here is the log:
ComboFix 09-09-20.04 - No.13 22/09/2009 12:12.5.2 - NTFSx86 NETWORK
Microsoftģ Windows Vistaô Home Premium 6.0.6002.2.1252.353.1033.18.2037.1536 [GMT 1:00]
Running from: c:\users\No.13\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-09-22 11:14 . 2009-09-22 11:14 -------- d-----w- c:\users\No.13\AppData\Local\temp
2009-09-22 11:14 . 2009-09-22 11:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-22 11:14 . 2009-09-22 11:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-21 19:04 . 2009-09-22 10:02 -------- d-----w- c:\users\No.13\AppData\Local\Adobe
2009-09-13 18:41 . 2009-09-03 10:53 30912 ----a-w- c:\users\No.13\AppData\Roaming\Mozilla\Firefox\Profiles\oa0wk7hp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-09-13 18:41 . 2009-09-03 10:53 22848 ----a-w- c:\users\No.13\AppData\Roaming\Mozilla\Firefox\Profiles\oa0wk7hp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-09-13 18:41 . 2009-09-03 10:53 19792 ----a-w- c:\users\No.13\AppData\Roaming\Mozilla\Firefox\Profiles\oa0wk7hp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-09-13 18:21 . 2009-09-13 18:21 693760 ----a-w- c:\windows\is-P65QG.exe
2009-09-13 12:35 . 2009-09-13 13:00 -------- d-----w- c:\windows\BDOSCAN8
2009-09-09 17:18 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 17:18 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 17:18 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 17:18 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 17:18 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 17:18 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 17:18 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 17:18 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 17:18 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 17:18 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 17:18 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 17:10 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 17:08 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 17:08 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 17:08 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 17:08 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 17:08 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-02 11:18 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 11:18 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-25 17:47 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-24 15:10 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-24 15:10 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-24 15:10 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-24 15:10 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-24 15:10 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-24 15:10 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-24 15:10 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-24 15:10 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-24 14:06 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-24 14:05 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-24 14:00 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-24 14:00 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-24 14:00 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-24 14:00 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-24 14:00 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-24 14:00 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 10:49 . 2009-07-03 12:55 -------- d-----w- c:\program files\iPlus
2009-09-22 10:39 . 2008-08-03 08:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-21 22:38 . 2009-03-21 11:38 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-20 20:07 . 2008-08-03 16:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-20 19:06 . 2008-08-04 19:39 -------- d-----w- c:\users\No.13\AppData\Roaming\Skype
2009-09-20 18:54 . 2008-08-04 19:43 -------- d-----w- c:\users\No.13\AppData\Roaming\skypePM
2009-09-20 16:00 . 2008-08-03 16:08 -------- d-----w- c:\program files\SpywareBlaster
2009-09-20 15:43 . 2009-09-13 21:24 -------- d-----w- c:\program files\Java
2009-09-20 11:46 . 2009-09-20 11:46 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-18 16:20 . 2009-08-01 19:29 -------- d-----w- c:\program files\Trans
2009-09-18 15:24 . 2009-07-03 13:01 -------- d-----w- c:\users\No.13\AppData\Roaming\iPlus
2009-09-18 15:24 . 2008-08-03 16:23 -------- d-----w- c:\program files\CCleaner
2009-09-18 15:13 . 2009-08-01 19:29 -------- d-----w- c:\program files\Trans(124)
2009-09-18 14:45 . 2009-09-18 14:45 -------- d-----w- c:\users\No.13\AppData\Roaming\RST
2009-09-18 14:45 . 2009-09-18 14:45 -------- d-----w- c:\program files\Trans(123)
2009-09-16 15:02 . 2008-10-05 13:11 -------- d-----w- c:\programdata\NOS
2009-09-15 13:44 . 2008-10-05 13:11 -------- d-----w- c:\program files\NOS
2009-09-15 13:44 . 2008-08-03 15:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 18:30 . 2008-08-20 17:56 -------- d-----w- c:\program files\Panda Security
2009-09-13 17:59 . 2009-08-01 22:48 -------- d-----w- c:\users\No.13\AppData\Roaming\SUPERAntiSpyware.com
2009-09-13 13:18 . 2009-08-01 22:48 -------- d-----w- c:\users\No.13\AppData\Roaming\SUPERAntiSpyware(161).com
2009-09-13 09:46 . 2009-07-06 13:29 680 ----a-w- c:\users\No.13\AppData\Local\d3d9caps.dat
2009-09-10 20:19 . 2008-11-20 17:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 20:19 . 2008-08-03 16:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-10 13:54 . 2008-08-03 15:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2008-08-03 15:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 17:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-24 14:01 . 2009-02-22 16:55 -------- d-----w- c:\program files\Corel
2009-08-24 13:41 . 2009-08-03 18:24 -------- d-----w- c:\users\No.13\AppData\Roaming\DMCache
2009-08-03 21:21 . 2008-08-03 09:11 -------- d-----w- c:\program files\ESET
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-08-01 22:48 . 2009-08-01 22:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-29 11:31 . 2009-03-31 00:08 -------- d-----w- c:\program files\dl_cats
2009-07-29 11:26 . 2009-07-29 11:26 1235670 ----a-w- c:\programdata\SPL603A.tmp
2009-07-25 04:23 . 2009-09-13 21:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 11:53 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-07 16:05 . 2008-08-04 08:23 5642 --sha-w- c:\programdata\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [email protected]_22.33.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-01 01:00 . 2009-09-22 10:43 39056 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-22 10:43 75210 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-09-13 19:56 . 2007-05-31 19:36 92032 c:\windows\System32\DriverStore\Temp\ewmdm2k.inf_89c19abb\ewusbmdm.sys
+ 2009-07-03 12:55 . 2009-02-03 11:10 23424 c:\windows\System32\DriverStore\FileRepository\ewdcsc.inf_962f9e88\ewdcsc.sys
+ 2008-07-31 04:42 . 2009-09-22 10:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-31 04:42 . 2009-09-21 22:17 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-31 04:42 . 2009-09-22 10:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-31 04:42 . 2009-09-21 22:17 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-31 04:42 . 2009-09-22 10:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-31 04:42 . 2009-09-21 22:17 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:25 . 2009-07-30 20:02 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-09-22 10:36 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-09-22 10:49 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-07-30 20:02 51200 c:\windows\inf\infpub.dat
+ 2008-08-01 01:00 . 2009-09-22 10:43 7820 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-11749585-2718979019-3156173139-1000_UserData.bin
- 2008-08-01 01:00 . 2009-09-21 21:36 7820 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-11749585-2718979019-3156173139-1000_UserData.bin
+ 2009-09-22 10:57 . 2009-09-22 10:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-21 21:30 . 2009-09-21 21:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-22 10:57 . 2009-09-22 10:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-09-21 21:30 . 2009-09-21 21:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-09-22 11:01 598782 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-09-22 11:01 104658 c:\windows\System32\perfc009.dat
+ 2009-09-22 10:21 . 2008-07-10 14:29 872192 c:\windows\System32\DriverStore\FileRepository\mod7700.inf_a7a83479\mod7700.sys
+ 2009-07-03 12:55 . 2009-02-03 11:10 101504 c:\windows\System32\DriverStore\FileRepository\ewser2k.inf_ba81a856\ewusbmdm.sys
+ 2009-09-22 10:21 . 2008-07-10 14:29 100864 c:\windows\System32\DriverStore\FileRepository\ewnet.inf_d99a5a85\ewusbnet.sys
+ 2009-07-03 12:55 . 2009-02-03 11:10 101504 c:\windows\System32\DriverStore\FileRepository\ewmdm2k.inf_c02941d9\ewusbmdm.sys
+ 2009-09-22 10:21 . 2008-07-10 14:29 103680 c:\windows\System32\DriverStore\FileRepository\ewfake.inf_ade72594\ewusbfake.sys
- 2009-04-29 16:35 . 2009-09-13 17:01 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-04-29 16:35 . 2009-09-22 10:49 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 10:25 . 2009-09-22 10:36 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-07-30 20:02 143360 c:\windows\inf\infstrng.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"DLCQCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-10-16 106496]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2008-05-30 409600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b1,f8,4b,4b,88,df,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F7492F3F-C4DF-407F-8485-CB7ED17B74B3}c:\\program files\\huawei technologies\\huawei umts data card\\3 usb modem.exe"= UDP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem
"UDP Query User{CA4ABCA9-DEC3-4E5E-8145-7BF93062D501}c:\\program files\\huawei technologies\\huawei umts data card\\3 usb modem.exe"= TCP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem
"{D817A0E2-902F-4E25-BF78-F055BC6F880D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{800E7F85-0ED3-40C5-8F25-220C243CC3BE}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{0B9C3D02-CBF1-4447-94CC-AE29FC274EC1}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"{94BEC110-53D8-4E1E-BFBB-BDB65456D5FF}"= UDP:c:\windows\System32\dlcqcoms.exe:Dell 966 Server
"{FE804CB8-F4FD-4916-9F4F-F126A7C8E2AF}"= TCP:c:\windows\System32\dlcqcoms.exe:Dell 966 Server
"{48B45608-FFFE-455A-9E12-5F6753EB2D18}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{9AD7A6EE-F9EE-41F5-B74A-1FA2403AAEE9}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{2A609B25-7946-4E3A-8A49-B52D12BD0B96}"= UDP:c:\program files\K-Lite Codec Pack\Filters\ac3config.exe:AC3Filter
"{C04761FA-DFF5-4BDF-9367-07E03AFBD1E5}"= TCP:c:\program files\K-Lite Codec Pack\Filters\ac3config.exe:AC3Filter
"{D2E969B0-56B8-4C52-8383-6839C75C5CBF}"= UDP:80:trans
"{BF027B52-E058-4BD1-B465-97A50F3A9388}"= UDP:c:\windows\System32\wuapp.exe:wuapp
"{0919A3E0-15CD-4F2C-AB6A-F50C73C2F0E7}"= TCP:c:\windows\System32\wuapp.exe:wuapp
"{69B4497E-FDB7-4FAA-9FAE-A20EE0319F70}"= UDP:c:\program files\Trans\trans.exe:Trans
"{A18ED55C-736D-48A7-8722-5E809C57B255}"= TCP:c:\program files\Trans\trans.exe:Trans
"TCP Query User{31180F1E-05C6-4452-9155-B6453C3DE3D6}c:\\users\\no.13\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\no.13\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{383A2D80-95EB-4712-B85B-F8143D811501}c:\\users\\no.13\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\no.13\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{B89323F1-CC61-4A54-902A-E6C089AE6D62}c:\\program files\\emule\\emule.exe"= Disabled:UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{DF3AD586-734D-44A9-AD3A-6E0C634ADB94}c:\\program files\\emule\\emule.exe"= Disabled:TCP:c:\program files\emule\emule.exe:eMule

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [20/02/2008 19:11 33800]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29/07/2008 04:45 904192]
S0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [18/09/2009 19:31 28544]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [20/02/2008 19:08 472320]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\System32\drivers\athru6.sys [05/07/2007 10:57 873472]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [03/08/2008 14:25 21504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-22 c:\windows\Tasks\User_Feed_Synchronization-{66C36F6E-3288-4006-B358-A717E2314EA6}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\No.13\AppData\Roaming\Mozilla\Firefox\Profiles\oa0wk7hp.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-09-22 12:14
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCQCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\users\No.13\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-11749585-2718979019-3156173139-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):f5,bf,63,db,56,43,e6,38,05,c1,66,86,04,dd,56,ea,99,85,f7,ba,b3,
db,c3,e8,1e,91,dd,20,7b,45,f9,fe,de,8f,1b,7e,2b,f1,b8,37,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-11749585-2718979019-3156173139-1000_Classes\CLSID\{8208a5d0-1a2d-4c89-b4de-572dba3531b3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000dd
"Therad"=dword:00000008

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-09-22 12:16
ComboFix-quarantined-files.txt 2009-09-22 11:16
ComboFix2.txt 2009-09-22 11:08
ComboFix3.txt 2009-09-21 22:35
ComboFix4.txt 2009-09-18 17:24

Pre-Run: 45,206,147,072 bytes free
Post-Run: 45,175,394,304 bytes free

252 --- E O F --- 2009-09-22 08:52
No.13 is offline  
Old 09-23-2009, 02:12 PM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



*sigh: You ran it lots of times. I need to see the chain of events. Go to C:\Qoobox and zip all these files together so you can attach it to your next post:

ComboFix2.txt 2009-09-22 11:08
ComboFix3.txt 2009-09-21 22:35
ComboFix4.txt 2009-09-18 17:24
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-23-2009, 02:25 PM   #7
Registered Member
 
Join Date: Dec 2007
Posts: 33
OS: windows vista home premium 32-bit



...on it.
No.13 is offline  
Old 09-23-2009, 02:26 PM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-23-2009, 02:33 PM   #9
Registered Member
 
Join Date: Dec 2007
Posts: 33
OS: windows vista home premium 32-bit



...here they are.
Attached Files
File Type: zip combo logs.zip (17.0 KB, 11 views)
No.13 is offline  
Old 09-23-2009, 02:39 PM   #10
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



I'm not seeing any malware here. Try this and see if it helps:

Click the Microsoft Vista Start logo in the bottom left corner of the screen
  • Click All Programs> Accessories
  • RIGHT-click on Command Prompt
  • Select Run As Administrator
  • In the command window type the following and then hit enter: ipconfig /flushdns
You should see the following message:
Quote:
Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-23-2009, 03:08 PM   #11
Registered Member
 
Join Date: Dec 2007
Posts: 33
OS: windows vista home premium 32-bit



Done. Thank you for helping. Sorry for tempering with the system on my own. See, Ií m using couple of applications to access on- line markets in order to source the work. Canít afford to stay off. And as things ainít going too good these days canít afford a new computer either. Really grateful for help. Iíll let you know if things improved (I mean with computer, with work they probably wonít). Thanks again.
No.13 is offline  
Old 09-23-2009, 05:53 PM   #12
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome. Let's hope this works for you. If not, we'll keep trying until we figure it out.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-25-2009, 12:06 PM   #13
Registered Member
 
Join Date: Dec 2007
Posts: 33
OS: windows vista home premium 32-bit



Hi Ried
It turns out - the modem was faulty. I twisted it slightly - by an accident - and I observed that the signal strength indicator gone up. I kept it this twisted and went on the internet. I was flaying. Bought a new modem. Wish I spotted this before I started to take apart the system. I messed up - pretty much everything. It used to be a stable and reliable machine. Now half of the applications ainít working cos of missing files. Register probably looks as if the tornado just went over it. Itíll be a while before I sort it all out. I donít suppose you know any magic command that would bring the system back to orderÖor do you? Anyway, Iím good now. At least I have an internet where the page loads quicker than it takes to smoke away a cigarette (never smoke as much as I did for the last few weeks)
Thank you Ried very much and best of luck to you.

PS.

Öany suggestions as to, how to sort out the system quicker will be most appreciatedÖ
No.13 is offline  
Old 09-25-2009, 12:11 PM   #14
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Well, your earliest system restore point is 9/15/09 . I don't know when you did what you did, but does this seem like a date that might help put things back the way they were?

What applications are giving error messages?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-25-2009, 01:38 PM   #15
Registered Member
 
Join Date: Dec 2007
Posts: 33
OS: windows vista home premium 32-bit



..WellÖthis one is gone. I did lots of restores since -in order to keep myself on. Applications? Been using the modem from another broadband provider for a while. This one gives me a trouble. Apart from that - since I got proper internet Iíve managed to reinstall, most of them. For the rest - I think I have some discs. And one Öbut I didnít want to mention it (office2003) cos itís cracked. Donít trouble yourself with that Ried. Once I get hold of things, Iíll crack it again.
Thank you, once again. It has been a honourÖ.
I think the work you guys do here isÖ.malverous ( and using that word I do not implicate anything)
No.13 is offline  
Old 09-25-2009, 01:49 PM   #16
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Oh, please don't crack it. Besides being illegal, and against our forum policy, most cracks are laced with the latest, nastiest of rootkits.

You should be back in business now. Best of luck in finding work.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:31 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts