Possible Virus

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Possible Virus11th June 2011, 8:06 pm

My internet browsers have been running very very slow and freezing alot.Also my computer is freezeing at shutdown and startup usually taking a few times to restart.Any help would be greatly appreciated

Re: Possible Virus11th June 2011, 8:07 pm

OTL Extras logfile created on: 6/11/2011 1:47:51 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\XP PRO SP3 User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 81.89% Memory free
5.09 Gb Paging File | 4.65 Gb Available in Paging File | 91.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 883.03 Gb Free Space | 94.80% Space Free | Partition Type: NTFS

Computer Name: XP-44C44E360303 | User Name: XP PRO SP3 User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
"67:UDP" = 67:UDP:*:Enabled:DHCP Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sony\EverQuest II\EQ2VoiceService.exe" = C:\Program Files\Sony\EverQuest II\EQ2VoiceService.exe:*:Enabled:EQ2VoiceService -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Documents and Settings\XP PRO SP3 User\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\XP PRO SP3 User\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Program Files\StarCraft II\Versions\Base16939\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16939\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\Program Files\Funcom\Age of Conan\ConanPatcher.exe" = C:\Program Files\Funcom\Age of Conan\ConanPatcher.exe:*:Enabled:Age of Conan Update Manager -- (Funcom)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Funcom\Age of Conan\AgeOfConan.exe" = C:\Program Files\Funcom\Age of Conan\AgeOfConan.exe:*:Enabled:Age of Conan ConanLiveWin32 v2.02.0@160818 -- (Funcom)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 SP1 Redistributable
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118892567}" = Monopoly City
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0B406B-DF08-49EF-8702-FA45752C135F}" = Verizon Download Manager
"{8C30E1DC-D83E-4A90-AD02-1A275FC71033}" = Nero 7 Premium
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9B26742-06BE-3B75-B1DE-7B91B5956A04}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"1Click DVD Copy 4.1" = 1Click DVD Copy 4.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.2.84
"CopyToDVD_is1" = CopyToDVD
"DVD X Utilities V2.1.1_is1" = DVD X Utilities V2.1.1
"IconPackager" = IconPackager
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Kristanix Right Click Image Converter" = Right Click Image Converter
"LClock" = LClock
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Unlocker" = Unlocker 1.8.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"Sportsbook.com" = Sportsbook.com

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2011 11:00:25 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The configuration registry database
is corrupt. for C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 6/11/2011 11:00:59 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - The configuration registry database
is corrupt.

Error - 6/11/2011 11:20:37 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The configuration registry database
is corrupt. for C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 6/11/2011 11:20:37 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - The configuration registry database
is corrupt.

Error - 6/11/2011 11:21:47 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The configuration registry database
is corrupt. for C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 6/11/2011 11:21:47 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - The configuration registry database
is corrupt.

Error - 6/11/2011 11:21:47 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The configuration registry database
is corrupt. for C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 6/11/2011 11:21:47 AM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - The configuration registry database
is corrupt.

Error - 6/11/2011 12:59:56 PM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The configuration registry database
is corrupt. for C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application
Data\Microsoft\Windows\\UsrClass.dat

Error - 6/11/2011 12:59:56 PM | Computer Name = XP-44C44E360303 | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - The configuration registry database
is corrupt.

[ System Events ]
Error - 6/11/2011 12:31:37 PM | Computer Name = XP-44C44E360303 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/11/2011 12:33:42 PM | Computer Name = XP-44C44E360303 | Source = nvgts | ID = 262149
Description = A parity error was detected on \Device\Scsi\nvgts2.

Error - 6/11/2011 12:33:42 PM | Computer Name = XP-44C44E360303 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/11/2011 12:35:12 PM | Computer Name = XP-44C44E360303 | Source = nvgts | ID = 262149
Description = A parity error was detected on \Device\Scsi\nvgts2.

Error - 6/11/2011 12:35:12 PM | Computer Name = XP-44C44E360303 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/11/2011 12:35:42 PM | Computer Name = XP-44C44E360303 | Source = nvgts | ID = 262149
Description = A parity error was detected on \Device\Scsi\nvgts2.

Error - 6/11/2011 12:35:42 PM | Computer Name = XP-44C44E360303 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/11/2011 1:00:10 PM | Computer Name = XP-44C44E360303 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 6/11/2011 1:00:10 PM | Computer Name = XP-44C44E360303 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McciCMService service
to connect.

Error - 6/11/2011 1:00:10 PM | Computer Name = XP-44C44E360303 | Source = Service Control Manager | ID = 7000
Description = The McciCMService service failed to start due to the following error:
%%1053

< End of report >

Re: Possible Virus11th June 2011, 8:12 pm

Having problems sending the other report keeps saying connection was an erroe

Re: Possible Virus13th June 2011, 4:45 pm

Can you attach the logs instead?

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Possible Virus DXwU4

Re: Possible Virus14th June 2011, 1:01 am

OTL logfile created on: 6/11/2011 1:47:50 PM - Run 1~[Filtered]~

Re: Possible Virus14th June 2011, 1:05 am

When i copy and past the otl it comes up full then posts as that also... when I try to attach the log it says file is not valid

Re: Possible Virus14th June 2011, 3:58 pm

Okay, please upload them to Mediafire.com and post the share URL here.

Re: Possible Virus15th June 2011, 10:41 pm

I uploaded it hears the OTL Link http://www.mediafire.com/?8d2spt4comjovha

Re: Possible Virus18th June 2011, 12:06 am

bump

Re: Possible Virus20th June 2011, 2:40 am

Were u able to see the OTL or did i do something wrong?

Re: Possible Virus21st June 2011, 3:12 am

Hi,

Would you like to get rid of Ask Toolbar?

............................................................................................
I'm livin' life in the fast lane.

Re: Possible Virus21st June 2011, 9:45 pm

yes i tried to find it but couldnt

Re: Possible Virus22nd June 2011, 1:10 am

Hi,

Please download ComboFix Possible Virus Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

............................................................................................
I'm livin' life in the fast lane.

Re: Possible Virus22nd June 2011, 3:24 am

ComboFix 11-06-21.05 - XP PRO SP3 User 06/21/2011 23:03:36.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2931 [GMT -4:00]
Running from: c:\documents and settings\XP PRO SP3 User\Desktop\commy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\0200000068e42d671270C.manifest
c:\documents and settings\LocalService\Application Data\0200000068e42d671270O.manifest
c:\documents and settings\LocalService\Application Data\0200000068e42d671270P.manifest
c:\documents and settings\LocalService\Application Data\0200000068e42d671270S.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671270C.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671270O.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671270P.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671270S.manifest
c:\documents and settings\XP PRO SP3 User\0.34171473515149076.exe
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}\chrome.manifest
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}\chrome\xulcache.jar
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}\defaults\preferences\xulcache.js
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-22 to 2011-06-22 )))))))))))))))))))))))))))))))
.
.
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\program files\Raxco
2011-06-18 18:01 . 2011-06-18 18:01 -------- d-----w- c:\program files\DiskTrix
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\IObit
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\program files\IObit
2011-06-18 13:49 . 2011-06-18 13:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-16 20:26 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-12 14:58 . 2011-06-12 14:58 0 ---ha-w- c:\documents and settings\XP PRO SP3 User\nwfumzidgw.tmp
2011-06-12 03:36 . 2011-06-12 03:36 175616 ----a-w- c:\windows\system32\MPG4DMOD32.dll
2011-06-12 03:36 . 2011-06-12 03:36 775168 ----a-w- c:\windows\system32\kbdnec32.exe
2011-06-12 03:36 . 2011-06-12 03:36 775168 ----a-w- c:\windows\system32\mshtmler32.exe
2011-06-12 03:36 . 2011-06-12 03:36 350720 ----a-w- c:\windows\system32\azroles32.dll
2011-06-10 02:20 . 2011-06-10 02:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-06 04:12 . 2011-06-06 04:12 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Citrix
2011-06-02 21:54 . 2011-06-02 21:54 -------- d-----w- C:\NVIDIA
2011-06-02 21:24 . 2011-06-02 21:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2011-06-02 02:26 . 2011-06-02 02:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2011-06-02 02:25 . 2011-06-02 02:25 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Funcom
2011-06-02 02:21 . 2011-06-04 01:01 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Xfire
2011-06-02 02:21 . 2011-06-02 02:21 -------- d-----w- c:\program files\Xfire
2011-06-02 02:18 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-06-02 02:13 . 2011-06-02 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\media center programs
2011-06-02 02:13 . 2011-06-02 02:13 -------- d-----w- c:\program files\Funcom
2011-05-27 03:21 . 2011-05-27 03:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-05-26 14:57 . 2011-05-26 14:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 06:09 . 2009-04-14 00:03 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2009-04-14 00:03 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2009-04-14 00:03 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2009-04-14 00:03 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2009-04-14 00:03 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2009-04-14 00:03 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2009-04-14 00:03 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2009-04-14 00:03 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2009-04-14 00:03 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2009-04-14 00:03 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2009-04-14 00:03 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-02 15:31 . 2009-07-21 14:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-05-01 11:11 . 2011-03-31 18:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D7F23B4-52D8-4281-9049-59E58F87FA04}]
2011-06-12 03:36 350720 ----a-w- c:\windows\system32\azroles32.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1875F6F-629F-1803-DEA7-6D668C1CD327}]
2011-06-12 03:36 175616 ----a-w- c:\windows\system32\MPG4DMOD32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
"DVDXGhost"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2010-01-05 124928]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\ExecuteHooker.dll" [2005-11-14 90112]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^XP PRO SP3 User^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\XP PRO SP3 User\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Documents and Settings\\XP PRO SP3 User\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\ConanPatcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\AgeOfConan.exe"=
"c:\\WINDOWS\\system32\\mshtmler32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"67:UDP"= 67:UDP:DHCP Server
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 118784]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/2/2011 5:55 PM 2214504]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [9/29/2010 7:00 AM 206120]
R2 srservice32;System Restore Service ;c:\windows\system32\mshtmler32.exe [6/11/2011 11:36 PM 775168]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [9/29/2010 7:00 AM 185640]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/9/2009 9:35 AM 1358720]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2010-02-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
2011-06-22 c:\windows\Tasks\User_Feed_Synchronization-{479ED8AD-700D-40D2-AAC4-5341B9455E95}.job
- c:\windows\system32\msfeedssync.exe [2009-07-21 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride =
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.unlimitedcomputers.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-21 23:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\LClock\LC.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\kbdnec32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2011-06-21 23:19:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-22 03:19
ComboFix2.txt 2010-08-14 01:53
ComboFix3.txt 2010-08-14 01:27
.
Pre-Run: 945,698,906,112 bytes free
Post-Run: 946,118,447,104 bytes free
.
- - End Of File - - 1EF70F5147E6DCF882A87392E695767D

Re: Possible Virus22nd June 2011, 3:25 am

Also it mite have been from Internet explorer its no longer working

Re: Possible Virus23rd June 2011, 4:41 am

Hi,

Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

............................................................................................
I'm livin' life in the fast lane.

Re: Possible Virus25th June 2011, 10:52 pm

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6949

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/25/2011 6:41:31 PM
mbam-log-2011-06-25 (18-41-31).txt

Scan type: Quick scan
Objects scanned: 187007
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
c:\WINDOWS\system32\mshtmler32.exe (Trojan.Agent) -> 324 -> Unloaded process successfully.
c:\WINDOWS\system32\kbdnec32.exe (Trojan.Agent) -> 804 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{750FDF0E-2A26-11D1-A3EA-080036587F03} (Trojan.FakeAlert) -> Value: {750FDF0E-2A26-11D1-A3EA-080036587F03} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application Data\tkv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application Data\tkv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application Data\tkv.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\mshtmler32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kbdnec32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\xp pro sp3 user\my documents\downloads\ophcrack-win32-installer-3.3.1.exe (PSWTool.OphCrack) -> Quarantined and deleted successfully.
c:\documents and settings\xp pro sp3 user\local settings\application data\0sy03.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\xp pro sp3 user\local settings\application data\tkv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\updatususer\application data\0200000068e42d671270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\updatususer\application data\0200000068e42d671270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\updatususer\application data\0200000068e42d671270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\updatususer\application data\0200000068e42d671270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000068e42d671270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000068e42d671270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000068e42d671270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000068e42d671270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

Re: Possible Virus26th June 2011, 5:22 am

Hi,

Could you please re-run ComboFix?

............................................................................................
I'm livin' life in the fast lane.

Re: Possible Virus26th June 2011, 1:47 pm

NP
ComboFix 11-06-25.05 - XP PRO SP3 User 06/26/2011 9:31.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2943 [GMT -4:00]
Running from: c:\documents and settings\XP PRO SP3 User\Desktop\commy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}\chrome.manifest
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}\chrome\xulcache.jar
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}\defaults\preferences\xulcache.js
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))
.
.
2011-06-26 13:29 . 2011-06-26 13:29 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-06-26 13:29 . 2011-06-26 13:29 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-06-26 13:29 . 2011-06-26 13:29 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-06-26 13:29 . 2011-06-26 13:29 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-06-26 13:29 . 2011-06-26 13:29 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-06-26 13:29 . 2011-06-26 13:29 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-06-26 13:29 . 2011-06-26 13:29 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-06-26 13:29 . 2011-06-26 13:29 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-06-26 13:29 . 2011-06-26 13:29 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-06-26 13:29 . 2011-06-26 13:29 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-06-26 13:29 . 2011-06-26 13:29 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-06-26 13:29 . 2011-06-26 13:29 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-06-26 13:28 . 2011-06-26 13:28 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-06-26 13:28 . 2011-06-26 13:28 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-06-26 13:28 . 2011-06-26 13:28 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-06-26 13:28 . 2011-06-26 13:28 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-06-26 13:28 . 2011-06-26 13:28 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-06-25 22:34 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-25 22:34 . 2011-06-25 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-25 22:34 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 00:26 . 2011-06-25 01:16 -------- d-----w- c:\program files\SBR Poker
2011-06-22 20:01 . 2011-04-30 08:50 766464 ------w- c:\windows\system32\dllcache\vgx.dll
2011-06-22 02:41 . 2011-06-22 03:20 -------- d-----w- C:\commy
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\program files\Raxco
2011-06-18 18:01 . 2011-06-18 18:01 -------- d-----w- c:\program files\DiskTrix
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\IObit
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\program files\IObit
2011-06-18 13:49 . 2011-06-18 13:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-16 20:26 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-12 14:58 . 2011-06-12 14:58 0 ---ha-w- c:\documents and settings\XP PRO SP3 User\nwfumzidgw.tmp
2011-06-12 03:36 . 2011-06-12 03:36 175616 ----a-w- c:\windows\system32\MPG4DMOD32.dll
2011-06-12 03:36 . 2011-06-12 03:36 350720 ----a-w- c:\windows\system32\azroles32.dll
2011-06-10 02:20 . 2011-06-10 02:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-06 04:12 . 2011-06-06 04:12 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Citrix
2011-06-02 21:54 . 2011-06-02 21:54 -------- d-----w- C:\NVIDIA
2011-06-02 21:24 . 2011-06-02 21:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2011-06-02 02:26 . 2011-06-02 02:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2011-06-02 02:25 . 2011-06-02 02:25 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Funcom
2011-06-02 02:21 . 2011-06-04 01:01 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Xfire
2011-06-02 02:21 . 2011-06-02 02:21 -------- d-----w- c:\program files\Xfire
2011-06-02 02:18 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-06-02 02:13 . 2011-06-02 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\media center programs
2011-06-02 02:13 . 2011-06-02 02:13 -------- d-----w- c:\program files\Funcom
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 06:09 . 2009-04-14 00:03 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2009-04-14 00:03 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2009-04-14 00:03 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2009-04-14 00:03 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2009-04-14 00:03 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2009-04-14 00:03 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2009-04-14 00:03 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2009-04-14 00:03 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2009-04-14 00:03 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2009-04-14 00:03 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2009-04-14 00:03 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-02 15:31 . 2009-07-21 14:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:49 . 2008-06-19 20:42 841216 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:49 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:49 . 2010-07-28 13:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:49 . 2008-06-19 20:42 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 11:36 . 2008-06-19 20:42 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-05-01 11:11 . 2011-03-31 18:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-22_03.16.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-26 13:28 . 2011-06-26 13:28 16384 c:\windows\temp\Perflib_Perfdata_5a4.dat
+ 2011-06-26 13:28 . 2011-06-26 13:28 16384 c:\windows\temp\Perflib_Perfdata_44c.dat
+ 2008-04-14 12:00 . 2011-04-25 15:49 44544 c:\windows\system32\pngfilt.dll
- 2008-04-14 12:00 . 2010-01-05 09:57 44544 c:\windows\system32\pngfilt.dll
- 2009-07-21 14:57 . 2010-01-05 09:57 52224 c:\windows\system32\msfeedsbs.dll
+ 2009-07-21 14:57 . 2011-04-25 15:49 52224 c:\windows\system32\msfeedsbs.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 27648 c:\windows\system32\jsproxy.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 27648 c:\windows\system32\jsproxy.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 44544 c:\windows\system32\iernonce.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 44544 c:\windows\system32\iernonce.dll
- 2008-06-19 20:42 . 2010-01-01 06:55 70656 c:\windows\system32\ie4uinit.exe
+ 2008-06-19 20:42 . 2011-04-25 11:35 70656 c:\windows\system32\ie4uinit.exe
- 2008-06-19 20:42 . 2010-01-05 09:57 63488 c:\windows\system32\icardie.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 63488 c:\windows\system32\icardie.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-31 15:33 . 2011-04-25 11:35 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2009-12-31 15:33 . 2010-01-01 06:55 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2010-01-05 10:00 . 2010-01-05 09:57 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 44544 c:\windows\system32\dllcache\iernonce.dll
- 2010-07-28 13:41 . 2010-01-05 09:57 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2010-07-28 13:41 . 2011-04-25 15:49 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-12-31 15:33 . 2010-01-01 06:55 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-12-31 15:33 . 2011-04-25 11:35 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-01-05 10:00 . 2011-04-25 15:49 63488 c:\windows\system32\dllcache\icardie.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 63488 c:\windows\system32\dllcache\icardie.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 17408 c:\windows\system32\dllcache\corpol.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 17408 c:\windows\system32\dllcache\corpol.dll
+ 2011-06-25 13:55 . 2011-06-25 14:16 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-21 15:05 . 2009-07-21 15:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-07-21 15:05 . 2011-06-25 14:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-06-25 13:55 . 2011-06-25 14:16 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-06-23 10:41 . 2010-01-05 09:57 44544 c:\windows\ie7updates\KB2530548-IE7\pngfilt.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 52224 c:\windows\ie7updates\KB2530548-IE7\msfeedsbs.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 27648 c:\windows\ie7updates\KB2530548-IE7\jsproxy.dll
+ 2011-06-23 10:41 . 2010-01-01 06:55 13824 c:\windows\ie7updates\KB2530548-IE7\ieudinit.exe
+ 2011-06-23 10:41 . 2010-01-05 09:57 44544 c:\windows\ie7updates\KB2530548-IE7\iernonce.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 78336 c:\windows\ie7updates\KB2530548-IE7\ieencode.dll
+ 2011-06-23 10:41 . 2010-01-01 06:55 70656 c:\windows\ie7updates\KB2530548-IE7\ie4uinit.exe
+ 2011-06-23 10:41 . 2010-01-05 09:57 63488 c:\windows\ie7updates\KB2530548-IE7\icardie.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 17408 c:\windows\ie7updates\KB2530548-IE7\corpol.dll
- 2008-04-14 12:00 . 2010-01-05 09:57 233472 c:\windows\system32\webcheck.dll
+ 2008-04-14 12:00 . 2011-04-25 15:49 233472 c:\windows\system32\webcheck.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 434176 c:\windows\system32\vbscript.dll
+ 2008-04-14 12:00 . 2011-03-04 06:45 434176 c:\windows\system32\vbscript.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 105984 c:\windows\system32\url.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 105984 c:\windows\system32\url.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 102912 c:\windows\system32\occache.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 102912 c:\windows\system32\occache.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 671232 c:\windows\system32\mstime.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 671232 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2011-04-25 15:49 193024 c:\windows\system32\msrating.dll
- 2008-04-14 12:00 . 2010-01-05 09:57 193024 c:\windows\system32\msrating.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 478208 c:\windows\system32\mshtmled.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 468480 c:\windows\system32\msfeeds.dll
- 2008-04-14 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2008-04-14 12:00 . 2011-03-04 06:45 512000 c:\windows\system32\jscript.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 268288 c:\windows\system32\iertutil.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 268288 c:\windows\system32\iertutil.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 193024 c:\windows\system32\iepeers.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 388608 c:\windows\system32\iedkcs32.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 388608 c:\windows\system32\iedkcs32.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 380928 c:\windows\system32\ieapfltr.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 380928 c:\windows\system32\ieapfltr.dll
- 2008-06-19 20:42 . 2009-12-18 06:58 161792 c:\windows\system32\ieakui.dll
+ 2008-06-19 20:42 . 2011-04-21 10:33 161792 c:\windows\system32\ieakui.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 230400 c:\windows\system32\ieaksie.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 230400 c:\windows\system32\ieaksie.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 153088 c:\windows\system32\ieakeng.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 153088 c:\windows\system32\ieakeng.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 132608 c:\windows\system32\extmgr.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 132608 c:\windows\system32\extmgr.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 214528 c:\windows\system32\dxtrans.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 214528 c:\windows\system32\dxtrans.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 347136 c:\windows\system32\dxtmsft.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 347136 c:\windows\system32\dxtmsft.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 841216 c:\windows\system32\dllcache\wininet.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 841216 c:\windows\system32\dllcache\wininet.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 233472 c:\windows\system32\dllcache\webcheck.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2008-05-09 10:53 . 2011-03-04 06:45 434176 c:\windows\system32\dllcache\vbscript.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 105984 c:\windows\system32\dllcache\url.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 105984 c:\windows\system32\dllcache\url.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 102912 c:\windows\system32\dllcache\occache.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 102912 c:\windows\system32\dllcache\occache.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 671232 c:\windows\system32\dllcache\mstime.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 671232 c:\windows\system32\dllcache\mstime.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 193024 c:\windows\system32\dllcache\msrating.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 193024 c:\windows\system32\dllcache\msrating.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 468480 c:\windows\system32\dllcache\msfeeds.dll
- 2010-03-02 12:14 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2010-03-02 12:14 . 2011-03-04 06:45 512000 c:\windows\system32\dllcache\jscript.dll
+ 2009-12-18 13:05 . 2011-04-21 10:34 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2010-01-05 10:00 . 2011-04-25 15:49 268288 c:\windows\system32\dllcache\iertutil.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 193024 c:\windows\system32\dllcache\iepeers.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 388608 c:\windows\system32\dllcache\iedkcs32.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 388608 c:\windows\system32\dllcache\iedkcs32.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2009-12-18 13:04 . 2009-12-18 06:58 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2009-12-18 13:04 . 2011-04-21 10:33 161792 c:\windows\system32\dllcache\ieakui.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 132608 c:\windows\system32\dllcache\extmgr.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 132608 c:\windows\system32\dllcache\extmgr.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 124928 c:\windows\system32\dllcache\advpack.dll
- 2010-01-05 10:00 . 2010-01-05 09:57 124928 c:\windows\system32\dllcache\advpack.dll
- 2008-06-19 20:42 . 2010-01-05 09:57 124928 c:\windows\system32\advpack.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 124928 c:\windows\system32\advpack.dll
+ 2011-06-23 10:41 . 2008-06-19 20:42 765952 c:\windows\ie7updates\KB2544521-IE7\vgx.dll
+ 2011-06-23 10:41 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2544521-IE7\spuninst\updspapi.dll
+ 2011-06-23 10:41 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2544521-IE7\spuninst\spuninst.exe
+ 2011-06-23 10:41 . 2010-01-05 09:57 841216 c:\windows\ie7updates\KB2530548-IE7\wininet.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 233472 c:\windows\ie7updates\KB2530548-IE7\webcheck.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 105984 c:\windows\ie7updates\KB2530548-IE7\url.dll
+ 2011-06-23 10:41 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2530548-IE7\spuninst\updspapi.dll
+ 2011-06-23 10:41 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2530548-IE7\spuninst\spuninst.exe
+ 2011-06-23 10:41 . 2010-01-05 09:57 102912 c:\windows\ie7updates\KB2530548-IE7\occache.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 671232 c:\windows\ie7updates\KB2530548-IE7\mstime.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 193024 c:\windows\ie7updates\KB2530548-IE7\msrating.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 477696 c:\windows\ie7updates\KB2530548-IE7\mshtmled.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 459264 c:\windows\ie7updates\KB2530548-IE7\msfeeds.dll
+ 2011-06-23 10:41 . 2009-12-18 07:00 634632 c:\windows\ie7updates\KB2530548-IE7\iexplore.exe
+ 2011-06-23 10:41 . 2010-01-05 09:57 268288 c:\windows\ie7updates\KB2530548-IE7\iertutil.dll
+ 2011-06-23 10:41 . 2010-01-05 10:00 192512 c:\windows\ie7updates\KB2530548-IE7\iepeers.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 388608 c:\windows\ie7updates\KB2530548-IE7\iedkcs32.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 380928 c:\windows\ie7updates\KB2530548-IE7\ieapfltr.dll
+ 2011-06-23 10:41 . 2009-12-18 06:58 161792 c:\windows\ie7updates\KB2530548-IE7\ieakui.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 230400 c:\windows\ie7updates\KB2530548-IE7\ieaksie.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 153088 c:\windows\ie7updates\KB2530548-IE7\ieakeng.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 132608 c:\windows\ie7updates\KB2530548-IE7\extmgr.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 214528 c:\windows\ie7updates\KB2530548-IE7\dxtrans.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 347136 c:\windows\ie7updates\KB2530548-IE7\dxtmsft.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 124928 c:\windows\ie7updates\KB2530548-IE7\advpack.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 1172480 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2011-04-25 15:49 3610624 c:\windows\system32\mshtml.dll
+ 2008-06-19 20:42 . 2011-04-25 15:49 6081024 c:\windows\system32\ieframe.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 1172480 c:\windows\system32\dllcache\urlmon.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 3610624 c:\windows\system32\dllcache\mshtml.dll
+ 2010-01-05 10:00 . 2011-04-25 15:49 6081024 c:\windows\system32\dllcache\ieframe.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 1170944 c:\windows\ie7updates\KB2530548-IE7\urlmon.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 3602944 c:\windows\ie7updates\KB2530548-IE7\mshtml.dll
+ 2011-06-23 10:41 . 2010-01-05 09:57 6071296 c:\windows\ie7updates\KB2530548-IE7\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D7F23B4-52D8-4281-9049-59E58F87FA04}]
2011-06-12 03:36 350720 ----a-w- c:\windows\system32\azroles32.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1875F6F-629F-1803-DEA7-6D668C1CD327}]
2011-06-12 03:36 175616 ----a-w- c:\windows\system32\MPG4DMOD32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-25 2424192]
"DVDXGhost"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2011-04-25 124928]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\ExecuteHooker.dll" [2005-11-14 90112]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^XP PRO SP3 User^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\XP PRO SP3 User\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Documents and Settings\\XP PRO SP3 User\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\ConanPatcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\AgeOfConan.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"67:UDP"= 67:UDP:DHCP Server
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 118784]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/2/2011 5:55 PM 2214504]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [9/29/2010 7:00 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [9/29/2010 7:00 AM 185640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/25/2011 6:34 PM 22712]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/9/2009 9:35 AM 1358720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/25/2011 6:34 PM 366640]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/25/2011 6:34 PM 39984]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2010-02-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
2011-06-26 c:\windows\Tasks\User_Feed_Synchronization-{479ED8AD-700D-40D2-AAC4-5341B9455E95}.job
- c:\windows\system32\msfeedssync.exe [2009-07-21 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride =
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.unlimitedcomputers.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-26 09:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-26 09:43:03
ComboFix-quarantined-files.txt 2011-06-26 13:42
ComboFix2.txt 2011-06-22 03:19
ComboFix3.txt 2010-08-14 01:53
ComboFix4.txt 2010-08-14 01:27
.
Pre-Run: 946,152,046,592 bytes free
Post-Run: 946,152,148,992 bytes free
.
- - End Of File - - 361127DD53C083C9518BC81A4086FC97

Re: Possible Virus27th June 2011, 4:30 am

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

............................................................................................
I'm livin' life in the fast lane.

Re: Possible Virus29th June 2011, 8:00 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.21300 (vista_ldr.110420-1745)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=8be9eb6812be404db99562e15e4f44bc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-29 03:24:31
# local_time=2011-06-28 11:24:31 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=77483
# found=48
# cleaned=48
# scan_time=2731
C:\Documents and Settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{deaf61f4-dc5f-4d97-8f44-82491aa3eedd}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{deaf61f4-dc5f-4d97-8f44-82491aa3eedd}\chrome\xulcache.jar JS/Agent.NDB trojan (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\12\21b718cc-24b7169d a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\12\21b718cc-45497a69 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\12\21b718cc-5f416e79 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\12\21b718cc-65e49341 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\12\21b718cc-690b5364 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\12\21b718cc-70fae36b a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\16\14d1d290-36cefbf0 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\3\3958e6c3-3595a008 a variant of Java/TrojanDownloader.OpenStream.NBF trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\33\2cc07e61-27072665 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\33\2cc07e61-288eb7a3 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\33\2cc07e61-41569012 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\33\2cc07e61-4fa81347 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\33\2cc07e61-63436d1e a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\33\2cc07e61-6b727b42 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\48\13673cb0-3e855151 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\56\2915c078-4917ef87 a variant of Win32/Kryptik.PMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Application Data\Sun\Java\Deployment\cache\6.0\60\10bb59bc-20dcaf6b Java/TrojanDownloader.Agent.NCM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\nedmkmhnicpbfmhehjfkckallimfmpmb\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\Local Settings\temp\NOD1DA5.tmp JS/Agent.NDB trojan (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\XP PRO SP3 User\My Documents\BACKUP MEDIA\Software Backup Disc.iso Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\XP PRO SP3 User\0.34171473515149076.exe.vir a variant of Win32/Kryptik.OYY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{938185b4-3363-46e6-8131-913c73cd9438}\chrome\xulcache.jar.vir JS/Agent.NDB trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aa993050-d8a1-4363-835c-f9422294ee72}\chrome\xulcache.jar.vir JS/Agent.NDB trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP332\A0153928.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP332\A0154954.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP332\A0155953.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP332\A0160983.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP333\A0160990.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP334\A0161716.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP339\A0166954.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP339\A0166972.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP340\A0167393.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP340\A0167536.exe a variant of Win32/Kryptik.OYY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP340\A0167537.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP343\A0167902.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP343\A0168888.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP344\A0170090.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP344\A0170172.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP344\A0170198.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP345\A0170202.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP345\A0170222.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D895D878-2BE8-4131-B450-FC6CC5EAD934}\RP346\A0170242.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\azroles32.dll a variant of Win32/Kryptik.NHY trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\MPG4DMOD32.dll a variant of Win32/Kryptik.OKQ trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

Re: Possible Virus30th June 2011, 2:29 am

Hi,

Could you please re-run ComboFix?

............................................................................................
I'm livin' life in the fast lane.

Re: Possible Virus1st July 2011, 4:20 am

Yes no Problem

ComboFix 11-06-30.03 - XP PRO SP3 User 06/30/2011 23:31:05.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2939 [GMT -4:00]
Running from: c:\documents and settings\XP PRO SP3 User\Desktop\commy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363C.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363O.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363P.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363S.manifest
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-06-30 03:04 . 2011-06-30 03:05 162304 --sha-w- c:\windows\system32\MP4SDMOD32.dll
2011-06-30 03:04 . 2011-06-30 03:04 561664 ----a-w- c:\windows\system32\kbdnec32.exe
2011-06-30 03:04 . 2011-06-30 03:04 561664 ----a-w- c:\windows\system32\apphelp32.exe
2011-06-30 03:04 . 2011-06-30 03:04 362496 ----a-w- c:\windows\system32\azroles32.dll
2011-06-29 02:36 . 2011-06-29 02:36 -------- d-----w- c:\program files\ESET
2011-06-25 22:34 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-25 22:34 . 2011-06-25 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-25 22:34 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 00:26 . 2011-06-25 01:16 -------- d-----w- c:\program files\SBR Poker
2011-06-22 20:01 . 2011-04-30 08:50 766464 ------w- c:\windows\system32\dllcache\vgx.dll
2011-06-22 02:41 . 2011-06-22 03:20 -------- d-----w- C:\commy
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\program files\Raxco
2011-06-18 18:01 . 2011-06-18 18:01 -------- d-----w- c:\program files\DiskTrix
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\IObit
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\program files\IObit
2011-06-18 13:49 . 2011-06-18 13:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-16 20:26 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-12 14:58 . 2011-06-12 14:58 0 ---ha-w- c:\documents and settings\XP PRO SP3 User\nwfumzidgw.tmp
2011-06-10 02:20 . 2011-06-10 02:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-06 04:12 . 2011-06-06 04:12 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Citrix
2011-06-02 21:54 . 2011-06-02 21:54 -------- d-----w- C:\NVIDIA
2011-06-02 21:24 . 2011-06-02 21:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2011-06-02 02:26 . 2011-06-02 02:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2011-06-02 02:25 . 2011-06-02 02:25 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Funcom
2011-06-02 02:21 . 2011-06-04 01:01 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\Xfire
2011-06-02 02:21 . 2011-06-02 02:21 -------- d-----w- c:\program files\Xfire
2011-06-02 02:18 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-06-02 02:13 . 2011-06-02 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\media center programs
2011-06-02 02:13 . 2011-06-02 02:13 -------- d-----w- c:\program files\Funcom
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 06:09 . 2009-04-14 00:03 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2009-04-14 00:03 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2009-04-14 00:03 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2009-04-14 00:03 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2009-04-14 00:03 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2009-04-14 00:03 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2009-04-14 00:03 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2009-04-14 00:03 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2009-04-14 00:03 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2009-04-14 00:03 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2009-04-14 00:03 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-02 15:31 . 2009-07-21 14:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:49 . 2008-06-19 20:42 841216 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:49 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:49 . 2010-07-28 13:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:49 . 2008-06-19 20:42 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 11:36 . 2008-06-19 20:42 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-05-01 11:11 . 2011-03-31 18:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-26_13.40.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-30 05:12 . 2011-06-30 05:12 16384 c:\windows\temp\Perflib_Perfdata_664.dat
+ 2011-07-01 03:27 . 2011-07-01 03:27 16384 c:\windows\temp\Perflib_Perfdata_4dc.dat
+ 2009-06-25 08:25 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D7F23B4-52D8-4281-9049-59E58F87FA04}]
2011-06-30 03:04 362496 ----a-w- c:\windows\system32\azroles32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-25 2424192]
"DVDXGhost"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2011-04-25 124928]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\ExecuteHooker.dll" [2005-11-14 90112]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^XP PRO SP3 User^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\XP PRO SP3 User\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Documents and Settings\\XP PRO SP3 User\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\ConanPatcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\AgeOfConan.exe"=
"c:\\WINDOWS\\system32\\apphelp32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"67:UDP"= 67:UDP:DHCP Server
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 118784]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/2/2011 5:55 PM 2214504]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [9/29/2010 7:00 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [9/29/2010 7:00 AM 185640]
R2 upnphost32;Universal Plug and Play Device Host ;c:\windows\system32\apphelp32.exe [6/29/2011 11:04 PM 561664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/25/2011 6:34 PM 22712]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/9/2009 9:35 AM 1358720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/25/2011 6:34 PM 366640]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/25/2011 6:34 PM 39984]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2010-02-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
2011-07-01 c:\windows\Tasks\User_Feed_Synchronization-{479ED8AD-700D-40D2-AAC4-5341B9455E95}.job
- c:\windows\system32\msfeedssync.exe [2009-07-21 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride =
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.unlimitedcomputers.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-30 23:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-30 23:42:10
ComboFix-quarantined-files.txt 2011-07-01 03:42
ComboFix2.txt 2011-06-26 13:43
ComboFix3.txt 2011-06-22 03:19
ComboFix4.txt 2010-08-14 01:53
ComboFix5.txt 2011-06-30 05:07
.
Pre-Run: 945,995,718,656 bytes free
Post-Run: 945,993,609,216 bytes free
.
- - End Of File - - 16643BDF98226111D9C6B432DFA23E55

Re: Possible Virus2nd July 2011, 4:30 am

Hi,

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\MP4SDMOD32.dll
c:\windows\system32\kbdnec32.exe
c:\windows\system32\apphelp32.exe
c:\windows\system32\azroles32.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D7F23B4-52D8-4281-9049-59E58F87FA04}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\apphelp32.exe"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

............................................................................................
I'm livin' life in the fast lane.

Re: Possible Virus3rd July 2011, 4:48 pm

ComboFix 11-07-02.03 - XP PRO SP3 User 07/03/2011 12:30:57.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2944 [GMT -4:00]
Running from: c:\documents and settings\XP PRO SP3 User\Desktop\commy.exe
Command switches used :: C:\CFScript.txt
.
FILE ::
"c:\windows\system32\apphelp32.exe"
"c:\windows\system32\azroles32.dll"
"c:\windows\system32\kbdnec32.exe"
"c:\windows\system32\MP4SDMOD32.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363C.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363O.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363P.manifest
c:\documents and settings\UpdatusUser\Application Data\0200000068e42d671363S.manifest
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aea1f9fb-2941-4f78-a3b8-4b734aec0506}
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aea1f9fb-2941-4f78-a3b8-4b734aec0506}\chrome.manifest
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aea1f9fb-2941-4f78-a3b8-4b734aec0506}\chrome\xulcache.jar
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aea1f9fb-2941-4f78-a3b8-4b734aec0506}\defaults\preferences\xulcache.js
c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\extensions\{aea1f9fb-2941-4f78-a3b8-4b734aec0506}\install.rdf
c:\windows\system32\apphelp32.exe
c:\windows\system32\azroles32.dll
c:\windows\system32\kbdnec32.exe
c:\windows\system32\MP4SDMOD32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_upnphost32
-------\Service_upnphost32
.
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 16:38 . 2011-06-30 03:04 561664 ----a-w- c:\windows\system32\azroles32.exe
2011-07-03 16:11 . 2011-07-03 16:11 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-03 16:11 . 2011-07-03 16:11 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 02:36 . 2011-06-29 02:36 -------- d-----w- c:\program files\ESET
2011-06-25 22:34 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-25 22:34 . 2011-06-25 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-25 22:34 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 00:26 . 2011-06-25 01:16 -------- d-----w- c:\program files\SBR Poker
2011-06-22 20:01 . 2011-04-30 08:50 766464 ------w- c:\windows\system32\dllcache\vgx.dll
2011-06-22 02:41 . 2011-06-22 03:20 -------- d-----w- C:\commy
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\program files\Raxco
2011-06-18 18:01 . 2011-06-18 18:01 -------- d-----w- c:\program files\DiskTrix
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\IObit
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\program files\IObit
2011-06-18 13:49 . 2011-06-18 13:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-16 20:26 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-12 14:58 . 2011-06-12 14:58 0 ---ha-w- c:\documents and settings\XP PRO SP3 User\nwfumzidgw.tmp
2011-06-10 02:20 . 2011-06-10 02:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-06 04:12 . 2011-06-06 04:12 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Local Settings\Application Data\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 06:09 . 2009-04-14 00:03 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2009-04-14 00:03 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2009-04-14 00:03 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2009-04-14 00:03 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-02 21:55 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-06-02 21:55 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 06:09 . 2011-06-02 21:55 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 06:09 . 2011-06-02 21:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-02 21:55 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2009-04-14 00:03 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2009-04-14 00:03 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2009-04-14 00:03 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2011-06-02 21:55 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2009-04-14 00:03 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2009-04-14 00:03 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2009-04-14 00:03 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2009-04-14 00:03 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-02 15:31 . 2009-07-21 14:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:49 . 2008-06-19 20:42 841216 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:49 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:49 . 2010-07-28 13:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:49 . 2008-06-19 20:42 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 11:36 . 2008-06-19 20:42 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-07-03 16:11 . 2011-03-31 18:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-26_13.40.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-03 16:42 . 2011-07-03 16:42 16384 c:\windows\temp\Perflib_Perfdata_7c4.dat
+ 2011-07-03 16:27 . 2011-07-03 16:27 16384 c:\windows\temp\Perflib_Perfdata_7a0.dat
+ 2011-07-03 16:40 . 2011-07-03 16:40 16384 c:\windows\temp\Perflib_Perfdata_6c0.dat
+ 2011-07-03 16:40 . 2011-07-03 16:40 16384 c:\windows\temp\Perflib_Perfdata_564.dat
+ 2009-06-25 08:25 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-25 2424192]
"DVDXGhost"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2011-04-25 124928]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\ExecuteHooker.dll" [2005-11-14 90112]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^XP PRO SP3 User^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\XP PRO SP3 User\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Documents and Settings\\XP PRO SP3 User\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\ConanPatcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Funcom\\Age of Conan\\AgeOfConan.exe"=
"c:\\WINDOWS\\system32\\azroles32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"67:UDP"= 67:UDP:DHCP Server
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 Dot3svc32;Wired AutoConfig ;c:\windows\system32\azroles32.exe [7/3/2011 12:38 PM 561664]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 118784]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/2/2011 5:55 PM 2214504]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [9/29/2010 7:00 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [9/29/2010 7:00 AM 185640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/25/2011 6:34 PM 22712]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/9/2009 9:35 AM 1358720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/25/2011 6:34 PM 366640]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/25/2011 6:34 PM 39984]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2010-02-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
2011-07-03 c:\windows\Tasks\User_Feed_Synchronization-{479ED8AD-700D-40D2-AAC4-5341B9455E95}.job
- c:\windows\system32\msfeedssync.exe [2009-07-21 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride =
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.unlimitedcomputers.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 12:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2680)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\LClock\LC.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\kbdnec32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2011-07-03 12:45:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-03 16:45
ComboFix2.txt 2011-07-01 03:42
ComboFix3.txt 2011-06-26 13:43
ComboFix4.txt 2011-06-22 03:19
ComboFix5.txt 2011-07-03 16:22
.
Pre-Run: 945,997,746,176 bytes free
Post-Run: 945,984,434,176 bytes free
.
- - End Of File - - 0F8416135E0E6AEE25647E6CAAB84E70

Re: Possible Virus6th July 2011, 12:56 am

This infection is being persistent.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\azroles32.exe

Rootkit::
c:\windows\system32\azroles32.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\azroles32.exe"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

............................................................................................
I'm livin' life in the fast lane.

Re: Possible Virus6th July 2011, 11:23 pm

Here is the log...also it will not allow me to connect to Mozilla firefox anymore says it is running a proxy that wont allow it to connect to the server and everytime i try to go into the options it freezes

ComboFix 11-07-06.03 - XP PRO SP3 User 07/06/2011 18:46:46.6.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2941 [GMT -4:00]
Running from: c:\documents and settings\XP PRO SP3 User\Desktop\commy.exe
Command switches used :: c:\documents and settings\XP PRO SP3 User\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\azroles32.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\0200000068e42d671367C.manifest
c:\documents and settings\LocalService\Application Data\0200000068e42d671367O.manifest
c:\documents and settings\LocalService\Application Data\0200000068e42d671367P.manifest
c:\documents and settings\LocalService\Application Data\0200000068e42d671367S.manifest
c:\documents and settings\XP PRO SP3 User\Application Data\dwm.exe
c:\documents and settings\XP PRO SP3 User\Application Data\Microsoft\conhost.exe
c:\windows\system32\azroles32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Dot3svc32
-------\Service_Dot3svc32
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-06 22:57 . 2011-07-06 22:57 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-07-06 22:57 . 2011-07-06 22:57 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-07-06 22:57 . 2011-07-06 22:57 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-07-06 22:57 . 2011-07-06 22:57 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-07-06 22:57 . 2011-07-06 22:57 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-07-06 22:57 . 2011-07-06 22:57 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-07-06 22:57 . 2011-07-06 22:57 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-07-06 22:57 . 2011-07-06 22:57 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-07-06 22:56 . 2011-07-06 22:56 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-07-06 22:56 . 2011-07-06 22:56 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-07-06 22:56 . 2011-07-06 22:56 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-07-06 22:56 . 2011-07-06 22:56 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-07-06 22:56 . 2011-07-06 22:56 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-07-06 22:56 . 2011-07-06 22:56 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-07-06 22:56 . 2011-07-06 22:56 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-07-06 22:56 . 2011-07-06 22:56 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-07-06 22:56 . 2011-07-06 22:56 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-07-06 22:54 . 2011-06-30 03:04 561664 ----a-w- c:\windows\system32\MP4SDMOD32.exe
2011-07-04 11:25 . 2011-07-04 11:25 160256 --sha-w- c:\windows\system32\azroles32.dll
2011-07-04 11:25 . 2011-06-30 03:04 561664 ----a-w- c:\windows\system32\kbdnec32.exe
2011-07-03 16:11 . 2011-07-03 16:11 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-03 16:11 . 2011-07-03 16:11 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 02:36 . 2011-06-29 02:36 -------- d-----w- c:\program files\ESET
2011-06-25 22:34 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-25 22:34 . 2011-06-25 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-25 22:34 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 00:26 . 2011-06-25 01:16 -------- d-----w- c:\program files\SBR Poker
2011-06-22 20:01 . 2011-04-30 08:50 766464 ------w- c:\windows\system32\dllcache\vgx.dll
2011-06-22 02:41 . 2011-06-22 03:20 -------- d-----w- C:\commy
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2011-06-18 23:49 . 2011-06-18 23:49 -------- d-----w- c:\program files\Raxco
2011-06-18 18:01 . 2011-06-18 18:01 -------- d-----w- c:\program files\DiskTrix
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\documents and settings\XP PRO SP3 User\Application Data\IObit
2011-06-18 14:44 . 2011-06-18 14:44 -------- d-----w- c:\program files\IObit
2011-06-18 13:49 . 2011-06-18 13:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-16 20:26 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-12 14:58 . 2011-06-12 14:58 0 ---ha-w- c:\documents and settings\XP PRO SP3 User\nwfumzidgw.tmp
2011-06-10 02:20 . 2011-06-10 02:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 06:09 . 2009-04-14 00:03 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2009-04-14 00:03 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2009-04-14 00:03 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2009-04-14 00:03 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-02 21:55 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-06-02 21:55 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 06:09 . 2011-06-02 21:55 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 06:09 . 2011-06-02 21:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-02 21:55 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2009-04-14 00:03 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2009-04-14 00:03 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2009-04-14 00:03 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2011-06-02 21:55 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2009-04-14 00:03 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2009-04-14 00:03 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2009-04-14 00:03 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2009-04-14 00:03 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-02 15:31 . 2009-07-21 14:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:49 . 2008-06-19 20:42 841216 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:49 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:49 . 2010-07-28 13:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:49 . 2008-06-19 20:42 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 11:36 . 2008-06-19 20:42 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-07-03 16:11 . 2011-03-31 18:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-26_13.40.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-06 22:56 . 2011-07-06 22:56 16384 c:\windows\temp\Perflib_Perfdata_778.dat
+ 2011-07-06 22:43 . 2011-07-06 22:43 16384 c:\windows\temp\Perflib_Perfdata_6ec.dat
+ 2011-07-06 22:56 . 2011-07-06 22:56 16384 c:\windows\temp\Perflib_Perfdata_158.dat
+ 2009-06-25 08:25 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-25 2424192]
"DVDXGhost"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-01 33624064]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2011-04-25 124928]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files\DVD X Studios\DVD X Utilities V2.1.1\DVDGhost\ExecuteHooker.dll" [2005-11-14 90112]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^XP PRO SP3 User^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\XP PRO SP3 User\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Documents and Settings\\XP PRO SP3 User\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\WINDOWS\\system32\\MP4SDMOD32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"67:UDP"= 67:UDP:DHCP Server
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 BITS32;Background Intelligent Transfer Service ;c:\windows\system32\MP4SDMOD32.exe [7/6/2011 6:54 PM 561664]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 118784]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/2/2011 5:55 PM 2214504]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [9/29/2010 7:00 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [9/29/2010 7:00 AM 185640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/25/2011 6:34 PM 22712]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/9/2009 9:35 AM 1358720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/25/2011 6:34 PM 366640]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/25/2011 6:34 PM 39984]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2010-02-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
2011-07-06 c:\windows\Tasks\User_Feed_Synchronization-{479ED8AD-700D-40D2-AAC4-5341B9455E95}.job
- c:\windows\system32\msfeedssync.exe [2009-07-21 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:62889
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.unlimitedcomputers.co.uk/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62889
FF - prefs.js: network.proxy.type - 1
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-06 18:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1280)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\LClock\LC.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\kbdnec32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2011-07-06 19:01:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-06 23:01
ComboFix2.txt 2011-07-03 16:46
ComboFix3.txt 2011-07-01 03:42
ComboFix4.txt 2011-06-26 13:43
ComboFix5.txt 2011-07-06 22:40
.
Pre-Run: 965,649,383,424 bytes free
Post-Run: 965,647,994,880 bytes free
.
- - End Of File - - 6B97F81981AB087841F676A2F52A2731

Re: Possible Virus7th July 2011, 3:02 am

Hi,

Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

............................................................................................
I'm livin' life in the fast lane.

Re: Possible Virus7th July 2011, 8:15 pm

aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-07 16:04:56
-----------------------------
16:04:56.671 OS Version: Windows 5.1.2600 Service Pack 3
16:04:56.671 Number of processors: 4 586 0x502
16:04:56.671 ComputerName: XP-44C44E360303 UserName: XP PRO SP3 User
16:04:59.468 Initialize success
16:07:10.640 AVAST engine defs: 11070701
16:07:48.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts2Port3Path1Target1Lun0
16:07:48.031 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
16:07:48.031 Device \Driver\nvgts -> DriverStartIo 8b1bc31b
16:07:48.031 Disk 0 MBR read error 0
16:07:48.031 Disk 0 MBR scan
16:07:48.031 Disk 0 unknown MBR code
16:07:48.031 MBR BIOS signature not found 0
16:07:48.031 Disk 0 scanning sectors +1953520065
16:07:48.031 Disk 0 scanning C:\WINDOWS\system32\drivers
16:07:55.609 Service scanning
16:07:56.421 Disk 0 trace - called modules:
16:07:56.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8b1bc4d0]<<
16:07:56.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b206438]
16:07:56.421 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x8b207170]
16:07:56.421 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> [0x8b2073a0]
16:07:56.421 \Driver\nvgts[0x8b2304c0] -> IRP_MJ_CREATE -> 0x8b1bc4d0
16:07:58.328 AVAST engine scan C:\WINDOWS
16:09:14.906 AVAST engine scan C:\Documents and Settings\XP PRO SP3 User
16:09:14.937 AVAST engine scan C:\Documents and Settings\All Users
16:09:14.937 Scan finished successfully
16:09:45.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\XP PRO SP3 User\Desktop\MBR.dat"
16:09:45.359 The log file has been saved successfully to "C:\Documents and Settings\XP PRO SP3 User\Desktop\aswMBR.txt"

Re: Possible Virus8th July 2011, 3:56 am

Hi,
Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

............................................................................................
I'm livin' life in the fast lane.

Re: Possible Virus9th July 2011, 2:51 am

2011/07/08 22:51:19.0812 2612 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/08 22:51:20.0250 2612 ================================================================================
2011/07/08 22:51:20.0250 2612 SystemInfo:
2011/07/08 22:51:20.0250 2612
2011/07/08 22:51:20.0250 2612 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/08 22:51:20.0250 2612 Product type: Workstation
2011/07/08 22:51:20.0250 2612 ComputerName: XP-44C44E360303
2011/07/08 22:51:20.0250 2612 UserName: XP PRO SP3 User
2011/07/08 22:51:20.0250 2612 Windows directory: C:\WINDOWS
2011/07/08 22:51:20.0250 2612 System windows directory: C:\WINDOWS
2011/07/08 22:51:20.0250 2612 Processor architecture: Intel x86
2011/07/08 22:51:20.0250 2612 Number of processors: 4
2011/07/08 22:51:20.0250 2612 Page size: 0x1000
2011/07/08 22:51:20.0250 2612 Boot type: Normal boot
2011/07/08 22:51:20.0250 2612 ================================================================================
2011/07/08 22:51:20.0515 2612 Initialize success

Re: Possible Virus9th July 2011, 10:21 pm

Try running it again please.

............................................................................................
I'm livin' life in the fast lane.

Re: Possible Virus10th July 2011, 5:18 am

2011/07/10 01:17:22.0046 2596 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/10 01:17:22.0578 2596 ================================================================================
2011/07/10 01:17:22.0578 2596 SystemInfo:
2011/07/10 01:17:22.0578 2596
2011/07/10 01:17:22.0578 2596 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/10 01:17:22.0578 2596 Product type: Workstation
2011/07/10 01:17:22.0578 2596 ComputerName: XP-44C44E360303
2011/07/10 01:17:22.0578 2596 UserName: XP PRO SP3 User
2011/07/10 01:17:22.0578 2596 Windows directory: C:\WINDOWS
2011/07/10 01:17:22.0578 2596 System windows directory: C:\WINDOWS
2011/07/10 01:17:22.0578 2596 Processor architecture: Intel x86
2011/07/10 01:17:22.0578 2596 Number of processors: 4
2011/07/10 01:17:22.0578 2596 Page size: 0x1000
2011/07/10 01:17:22.0578 2596 Boot type: Normal boot
2011/07/10 01:17:22.0578 2596 ================================================================================
2011/07/10 01:17:22.0921 2596 Initialize success
2011/07/10 01:17:26.0031 2500 ================================================================================
2011/07/10 01:17:26.0031 2500 Scan started
2011/07/10 01:17:26.0031 2500 Mode: Manual;
2011/07/10 01:17:26.0031 2500 ================================================================================
2011/07/10 01:17:26.0718 2500 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/10 01:17:26.0765 2500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/10 01:17:26.0859 2500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/10 01:17:26.0906 2500 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/10 01:17:27.0015 2500 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/07/10 01:17:27.0187 2500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/10 01:17:27.0265 2500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/10 01:17:27.0359 2500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/10 01:17:27.0406 2500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/10 01:17:27.0468 2500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/10 01:17:27.0515 2500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/10 01:17:27.0578 2500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/10 01:17:27.0609 2500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/10 01:17:27.0671 2500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/10 01:17:27.0812 2500 DefragFS (4bb22f61e7257ed353a39130b3ed2461) C:\WINDOWS\system32\drivers\DefragFS.sys
2011/07/10 01:17:27.0875 2500 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/10 01:17:27.0953 2500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/10 01:17:28.0031 2500 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/10 01:17:28.0171 2500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/10 01:17:28.0234 2500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/10 01:17:28.0265 2500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/10 01:17:28.0312 2500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/10 01:17:28.0390 2500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/10 01:17:28.0453 2500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/10 01:17:28.0484 2500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/10 01:17:28.0531 2500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/10 01:17:28.0562 2500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/10 01:17:28.0593 2500 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/10 01:17:28.0640 2500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/10 01:17:28.0718 2500 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/10 01:17:28.0765 2500 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/10 01:17:28.0796 2500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/10 01:17:28.0875 2500 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/10 01:17:28.0968 2500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/10 01:17:29.0109 2500 IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/10 01:17:29.0187 2500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/10 01:17:29.0281 2500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/10 01:17:29.0296 2500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/10 01:17:29.0312 2500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/10 01:17:29.0375 2500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/10 01:17:29.0406 2500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/10 01:17:29.0437 2500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/10 01:17:29.0453 2500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/10 01:17:29.0531 2500 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/10 01:17:29.0562 2500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/10 01:17:29.0609 2500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/10 01:17:29.0656 2500 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/10 01:17:29.0687 2500 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/10 01:17:29.0734 2500 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/10 01:17:29.0843 2500 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
2011/07/10 01:17:29.0875 2500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/10 01:17:29.0890 2500 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/10 01:17:29.0937 2500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/10 01:17:29.0984 2500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/10 01:17:30.0093 2500 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/10 01:17:30.0156 2500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/10 01:17:30.0187 2500 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/10 01:17:30.0203 2500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/10 01:17:30.0218 2500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/10 01:17:30.0250 2500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/10 01:17:30.0375 2500 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/10 01:17:30.0421 2500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/10 01:17:30.0468 2500 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/10 01:17:30.0515 2500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/10 01:17:30.0562 2500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/10 01:17:30.0593 2500 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/10 01:17:30.0625 2500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/10 01:17:30.0687 2500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/10 01:17:30.0781 2500 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/10 01:17:30.0875 2500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/10 01:17:30.0906 2500 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/07/10 01:17:30.0921 2500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/10 01:17:31.0156 2500 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/10 01:17:31.0390 2500 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\drivers\nvatabus.sys
2011/07/10 01:17:31.0421 2500 NVENETFD (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/07/10 01:17:31.0468 2500 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/07/10 01:17:31.0500 2500 nvnetbus (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/07/10 01:17:31.0531 2500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/10 01:17:31.0593 2500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/10 01:17:31.0609 2500 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/07/10 01:17:31.0640 2500 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/07/10 01:17:31.0671 2500 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/07/10 01:17:31.0718 2500 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2011/07/10 01:17:31.0734 2500 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/10 01:17:31.0765 2500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/10 01:17:31.0781 2500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/10 01:17:31.0812 2500 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/10 01:17:31.0875 2500 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/10 01:17:31.0890 2500 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/10 01:17:31.0921 2500 Pcouffin (5b68c60b01dac03d895ec1ca0a0365da) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/07/10 01:17:32.0078 2500 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/07/10 01:17:32.0093 2500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/10 01:17:32.0125 2500 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/10 01:17:32.0156 2500 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/10 01:17:32.0171 2500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/10 01:17:32.0250 2500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/10 01:17:32.0281 2500 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/10 01:17:32.0375 2500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/10 01:17:32.0390 2500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/10 01:17:32.0437 2500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/10 01:17:32.0453 2500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/10 01:17:32.0484 2500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/10 01:17:32.0515 2500 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/10 01:17:32.0625 2500 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/10 01:17:32.0718 2500 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/10 01:17:32.0734 2500 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/10 01:17:32.0796 2500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/10 01:17:32.0875 2500 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/10 01:17:32.0937 2500 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/10 01:17:32.0984 2500 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/10 01:17:33.0062 2500 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/10 01:17:33.0156 2500 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/10 01:17:33.0187 2500 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/10 01:17:33.0234 2500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/10 01:17:33.0265 2500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/10 01:17:33.0375 2500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/10 01:17:33.0437 2500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/10 01:17:33.0468 2500 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/10 01:17:33.0484 2500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/10 01:17:33.0515 2500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/10 01:17:33.0562 2500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/10 01:17:33.0656 2500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/10 01:17:33.0703 2500 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/10 01:17:33.0750 2500 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/10 01:17:33.0765 2500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/10 01:17:33.0796 2500 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/10 01:17:33.0812 2500 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/10 01:17:33.0890 2500 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/10 01:17:33.0906 2500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/10 01:17:33.0937 2500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/10 01:17:33.0984 2500 VIAHdAudAddService (242a8309b952f7ca9e220d3439955b0e) C:\WINDOWS\system32\drivers\viahduaa.sys
2011/07/10 01:17:34.0078 2500 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/10 01:17:34.0171 2500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/10 01:17:34.0203 2500 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/07/10 01:17:34.0234 2500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/10 01:17:34.0296 2500 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/10 01:17:34.0343 2500 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/10 01:17:34.0375 2500 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/10 01:17:34.0500 2500 Boot (0x1200) (2bb6e9e9ae6099cf5f4b52c7a6aa7d66) \Device\Harddisk0\DR0\Partition0
2011/07/10 01:17:34.0515 2500 ================================================================================
2011/07/10 01:17:34.0515 2500 Scan finished
2011/07/10 01:17:34.0515 2500 ================================================================================
2011/07/10 01:17:34.0515 0684 Detected object count: 0
2011/07/10 01:17:34.0515 0684 Actual detected object count: 0

Re: Possible Virus11th July 2011, 4:56 am

Hi,

Could you please boot into Safe Mode and run this?:

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\MP4SDMOD32.exe
c:\windows\system32\azroles32.dll
c:\windows\system32\kbdnec32.exe

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:62889

Firefox::
FF - ProfilePath - c:\documents and settings\XP PRO SP3 User\Application Data\Mozilla\Firefox\Profiles\fmorhb5n.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62889
FF - prefs.js: network.proxy.type - 1

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\MP4SDMOD32.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

............................................................................................
I'm livin' life in the fast lane.

Possible Virus

descriptionPossible Virus11th June 2011, 8:06 pm

descriptionRe: Possible Virus11th June 2011, 8:07 pm

descriptionRe: Possible Virus11th June 2011, 8:12 pm

descriptionRe: Possible Virus13th June 2011, 4:45 pm

descriptionRe: Possible Virus14th June 2011, 1:01 am

descriptionRe: Possible Virus14th June 2011, 1:05 am

descriptionRe: Possible Virus14th June 2011, 3:58 pm

descriptionRe: Possible Virus15th June 2011, 10:41 pm

descriptionRe: Possible Virus18th June 2011, 12:06 am

descriptionRe: Possible Virus20th June 2011, 2:40 am

descriptionRe: Possible Virus21st June 2011, 3:12 am

descriptionRe: Possible Virus21st June 2011, 9:45 pm

descriptionRe: Possible Virus22nd June 2011, 1:10 am

descriptionRe: Possible Virus22nd June 2011, 3:24 am

descriptionRe: Possible Virus22nd June 2011, 3:25 am

descriptionRe: Possible Virus23rd June 2011, 4:41 am

descriptionRe: Possible Virus25th June 2011, 10:52 pm

descriptionRe: Possible Virus26th June 2011, 5:22 am

descriptionRe: Possible Virus26th June 2011, 1:47 pm

descriptionRe: Possible Virus27th June 2011, 4:30 am

descriptionRe: Possible Virus29th June 2011, 8:00 pm

descriptionRe: Possible Virus30th June 2011, 2:29 am

descriptionRe: Possible Virus1st July 2011, 4:20 am

descriptionRe: Possible Virus2nd July 2011, 4:30 am

descriptionRe: Possible Virus3rd July 2011, 4:48 pm

descriptionRe: Possible Virus6th July 2011, 12:56 am

descriptionRe: Possible Virus6th July 2011, 11:23 pm

descriptionRe: Possible Virus7th July 2011, 3:02 am

descriptionRe: Possible Virus7th July 2011, 8:15 pm

descriptionRe: Possible Virus8th July 2011, 3:56 am

descriptionRe: Possible Virus9th July 2011, 2:51 am

descriptionRe: Possible Virus9th July 2011, 10:21 pm

descriptionRe: Possible Virus10th July 2011, 5:18 am

descriptionRe: Possible Virus11th July 2011, 4:56 am

descriptionRe: Possible Virus

Possible Virus11th June 2011, 8:06 pm

Re: Possible Virus11th June 2011, 8:07 pm

Re: Possible Virus11th June 2011, 8:12 pm

Re: Possible Virus13th June 2011, 4:45 pm

Re: Possible Virus14th June 2011, 1:01 am

Re: Possible Virus14th June 2011, 1:05 am

Re: Possible Virus14th June 2011, 3:58 pm

Re: Possible Virus15th June 2011, 10:41 pm

Re: Possible Virus18th June 2011, 12:06 am

Re: Possible Virus20th June 2011, 2:40 am

Re: Possible Virus21st June 2011, 3:12 am

Re: Possible Virus21st June 2011, 9:45 pm

Re: Possible Virus22nd June 2011, 1:10 am

Re: Possible Virus22nd June 2011, 3:24 am

Re: Possible Virus22nd June 2011, 3:25 am

Re: Possible Virus23rd June 2011, 4:41 am

Re: Possible Virus25th June 2011, 10:52 pm

Re: Possible Virus26th June 2011, 5:22 am

Re: Possible Virus26th June 2011, 1:47 pm

Re: Possible Virus27th June 2011, 4:30 am

Re: Possible Virus29th June 2011, 8:00 pm

Re: Possible Virus30th June 2011, 2:29 am

Re: Possible Virus1st July 2011, 4:20 am

Re: Possible Virus2nd July 2011, 4:30 am

Re: Possible Virus3rd July 2011, 4:48 pm

Re: Possible Virus6th July 2011, 12:56 am

Re: Possible Virus6th July 2011, 11:23 pm

Re: Possible Virus7th July 2011, 3:02 am

Re: Possible Virus7th July 2011, 8:15 pm

Re: Possible Virus8th July 2011, 3:56 am

Re: Possible Virus9th July 2011, 2:51 am

Re: Possible Virus9th July 2011, 10:21 pm

Re: Possible Virus10th July 2011, 5:18 am

Re: Possible Virus11th July 2011, 4:56 am

Re: Possible Virus