ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > General Software

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 06-15-2011, 06:02 AM   #1
Byte Member
 
Join Date: Feb 2006
Posts: 90
Default Netflix problem

Recently had various virus' infecting my computer. Got them fixed using malwarebytes and combo fix. Computer seems to be back to normal now. Although, ever since clearing the virus' I have been getting a error when trying to stream Netflix Instant movies which I had never encountered before. Cant be a coincidence.

The exact details of the netflix error is..."Internet connection problem. Error code: N8202. An internet or home network connection is preventing playback. Please check your internet connection and try again".

There is nothing wrong with my internet connection. Anyone know what could be causing this? thanks.
Jacknife is offline   Reply With Quote
Sponsored Links
Old 06-15-2011, 02:54 PM   #2
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: Where ever Fluffy is
Age: 44
Posts: 29,393
Default

Just because you ran malwarebytes and combofix doesn't mean you are totally clean. Please do the following.

Please post the malwarebytes and combofix logs and then also a hijackthis log.

The combofix log is located at C:\combofix.txt, copy and paste the entire contents back here. Open malwarebytes, click on the logs tab, and then open the log that removed infections and copy and paste it back here.


Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces
__________________
MB - Gigabyte 970A-UD3 || CPU - FX8350|| PSU - Corsair CMPSU-650TX 650W || Memory - Corsair Vengeance 8GB (2 x 4GB) DDR3 1600 || GPU - Sapphire HD6870 1GB || HDD's - 500GB SATA III WD Caviar Black, 120GB Corsair Force 3 SSD|| Monitor - ASUS VE278Q Black 27" || OS - Windows 7 || Case - Cooler Master HAF 912 || Cpu cooler - CM Hyper 212 Plus
johnb35 is online now   Reply With Quote
Old 06-15-2011, 06:28 PM   #3
Byte Member
 
Join Date: Feb 2006
Posts: 90
Default

Note: No problem streaming other video and audio, only Netflix video.

--------------------------------------------

Combofix log:

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\DELL\Application Data\Kernel32.exe
c:\documents and settings\DELL\Application Data\Local
c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\sykecnxztiww.avi.ddr
c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\sykecnxztiww.avi
c:\documents and settings\DELL\Local Settings\Application Data\ClientUpdate.exe
c:\documents and settings\DELL\Start Menu\Programs\Windows XP Recovery
c:\documents and settings\DELL\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk
c:\documents and settings\DELL\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk
c:\documents and settings\DELL\Templates\8f2gvu11wnj076224dw377dm
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-06 20:42 . 2011-06-06 20:42 388096 ----a-r- c:\documents and settings\DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-06 20:42 . 2011-06-06 20:42 -------- d-----w- c:\program files\Trend Micro
2011-06-06 01:13 . 2011-06-06 01:13 -------- d-----w- c:\program files\Windows Defender
2011-06-05 18:41 . 2011-06-05 19:21 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-05 18:36 . 2011-06-05 18:41 -------- d-----w- C:\34dc47b5e2cbb0538ed98d5951
2011-06-04 23:36 . 2011-06-04 23:36 -------- d-----w- c:\program files\CCleaner
2011-06-04 21:23 . 2011-06-04 21:24 316400 ----a-w- c:\program files\Mozilla Firefox\0.9452440027994198.exe
2011-05-31 16:02 . 2011-06-05 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-31 16:02 . 2011-06-04 23:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-25 02:07 . 2011-05-25 02:07 -------- d-----w- c:\documents and settings\DELL\Application Data\Malwarebytes
2011-05-25 02:07 . 2011-06-04 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-25 02:07 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-25 01:34 . 2011-06-04 23:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 00:04 . 2011-06-05 03:43 -------- d-----w- c:\documents and settings\Administrator
2011-05-24 23:13 . 2011-05-24 23:13 88641 ----a-w- c:\program files\Mozilla Firefox\0.8960176907769898.exe
2011-05-18 04:51 . 2011-05-18 04:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-05-25 02:35 . 2008-04-14 05:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-03-16 17:28 . 2011-04-20 05:30 16704 ----a-w- c:\windows\system32\roboot.exe
2011-05-06 19:11 . 2011-05-06 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-06-15 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-05-06 2815192]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2009 10:27 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [6/14/2009 10:27 PM 19024]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.s ys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.s ys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 crclltan;crclltan;\??\c:\windows\system32\drivers\ crclltan.sys --> c:\windows\system32\drivers\crclltan.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 02:19]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183 CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\a9alw23v.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Registry Reviver - c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
Notify-TPSvc - TPSvc.dll
SafeBoot-05718470.sys
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-06 22:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oapngklhmnmbkanpfhkfeeldcpgcob"=hex:64,61,61,69,6 5,61,62,64,00,85
"oalpaiekpljnkcdjfidcpjocghinoe"=hex:69,61,6b,63,6 1,68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
"nafpcjgjbfelmgffbkikhegjljnp"=hex:69,61,6b,63,61, 68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|•€|•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\ \Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01 CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2011-06-06 22:42:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-07 02:42
.
Pre-Run: 157,165,346,816 bytes free
Post-Run: 157,204,094,976 bytes free
.
- - End Of File - - E3E375BC9F1876368AB1E27D8B3A2078


---------------------------------------------

Malwarebytes log #1

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6773

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/5/2011 4:15:22 PM
mbam-log-2011-06-05 (16-15-22).txt

Scan type: Quick scan
Objects scanned: 147594
Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\dgmwvfdydk.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\DELL\local settings\Temp\jar_cache2110695217888490566.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.


-----------------------------

Malwarebytes log #2

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6850

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/13/2011 6:20:39 PM
mbam-log-2011-06-13 (18-20-39).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 176839
Time elapsed: 9 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{a7508371-b227-4af3-8639-2f2992598d29}\RP1\A0000115.sys (Rootkit.Patch) -> Quarantined and deleted successfully.

----------------------------------

Hijackthis scan

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:27:08 PM, on 6/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183 CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 7798 bytes

Last edited by Jacknife; 06-15-2011 at 06:30 PM.
Jacknife is offline   Reply With Quote
Old 06-16-2011, 03:04 AM   #4
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: Where ever Fluffy is
Age: 44
Posts: 29,393
Default

Since you omitted the first part of the combofix log, I don't know where combofix is located at. If its not located on the desktop, please move it there now so you can perform the following procedure.


1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:
Driver::
is3srv
szkg5
szkgfs
crclltan

Reglock::
[HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Componen ts\h||A~*]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!




ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
__________________
MB - Gigabyte 970A-UD3 || CPU - FX8350|| PSU - Corsair CMPSU-650TX 650W || Memory - Corsair Vengeance 8GB (2 x 4GB) DDR3 1600 || GPU - Sapphire HD6870 1GB || HDD's - 500GB SATA III WD Caviar Black, 120GB Corsair Force 3 SSD|| Monitor - ASUS VE278Q Black 27" || OS - Windows 7 || Case - Cooler Master HAF 912 || Cpu cooler - CM Hyper 212 Plus
johnb35 is online now   Reply With Quote
Old 06-16-2011, 06:11 AM   #5
Byte Member
 
Join Date: Feb 2006
Posts: 90
Default

ComboFix 11-06-06.02 - DELL 06/16/2011 1:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.526 [GMT -4:00]
Running from: c:\documents and settings\DELL\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DELL\Desktop\CFScript.txt
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-13 21:07 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 20:42 . 2011-06-06 20:42 388096 ----a-r- c:\documents and settings\DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-06 20:42 . 2011-06-06 20:42 -------- d-----w- c:\program files\Trend Micro
2011-06-06 18:37 . 2011-06-06 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-06-06 01:13 . 2011-06-06 01:13 -------- d-----w- c:\program files\Windows Defender
2011-06-05 18:41 . 2011-06-05 19:21 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-05 18:36 . 2011-06-05 18:41 -------- d-----w- C:\34dc47b5e2cbb0538ed98d5951
2011-06-04 23:36 . 2011-06-04 23:36 -------- d-----w- c:\program files\CCleaner
2011-06-04 21:23 . 2011-06-04 21:24 316400 ----a-w- c:\program files\Mozilla Firefox\0.9452440027994198.exe
2011-05-31 16:02 . 2011-06-05 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-31 16:02 . 2011-06-04 23:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-25 02:07 . 2011-05-25 02:07 -------- d-----w- c:\documents and settings\DELL\Application Data\Malwarebytes
2011-05-25 02:07 . 2011-06-04 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-25 02:07 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-25 01:34 . 2011-06-13 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 00:04 . 2011-06-05 03:43 -------- d-----w- c:\documents and settings\Administrator
2011-05-24 23:13 . 2011-05-24 23:13 88641 ----a-w- c:\program files\Mozilla Firefox\0.8960176907769898.exe
2011-05-18 04:51 . 2011-06-13 14:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-05-25 02:35 . 2008-04-14 05:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-06 19:11 . 2011-05-06 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-07_02.39.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-16 00:58 . 2011-06-16 00:58 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
- 2010-10-18 01:42 . 2010-10-18 01:42 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-10-18 01:42 . 2011-06-13 04:10 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-13 14:28 . 2011-06-13 14:28 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Pl ugin.exe
+ 2010-10-05 19:50 . 2011-06-13 14:28 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-10-05 19:50 . 2011-05-18 04:51 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-06-13 04:10 . 2011-06-13 04:10 20314624 c:\windows\Installer\125cd6.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-06-15 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [BU]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\05718470.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/4/2011 6:02 PM 366640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [6/13/2011 5:07 PM 22712]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.s ys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.s ys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 crclltan;crclltan;\??\c:\windows\system32\drivers\ crclltan.sys --> c:\windows\system32\drivers\crclltan.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 02:19]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183 CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\a9alw23v.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-16 01:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oapngklhmnmbkanpfhkfeeldcpgcob"=hex:64,61,61,69,6 5,61,62,64,00,85
"oalpaiekpljnkcdjfidcpjocghinoe"=hex:69,61,6b,63,6 1,68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
"nafpcjgjbfelmgffbkikhegjljnp"=hex:69,61,6b,63,61, 68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|•€|•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\ \Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01 CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(404)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-16 01:09:11
ComboFix-quarantined-files.txt 2011-06-16 05:09
ComboFix2.txt 2011-06-07 02:42
.
Pre-Run: 156,791,312,384 bytes free
Post-Run: 156,800,942,080 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 465B2BCE409B03F6DD4E784D37E6D57F
Jacknife is offline   Reply With Quote
Old 06-16-2011, 10:02 PM   #6
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: Where ever Fluffy is
Age: 44
Posts: 29,393
Default

PLease delete the combofix file you have and download the latest one here to your desktop.

http://download.bleepingcomputer.com...7/ComboFix.exe

You may need to right click on that link and click on open in new window for the download to appear.

Then rerun the following script as the one you just did, didn't do anything.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:
Driver::
is3srv
szkg5
szkgfs
crclltan

Reglock::
[HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Componen ts\h||A~*]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!




ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
__________________
MB - Gigabyte 970A-UD3 || CPU - FX8350|| PSU - Corsair CMPSU-650TX 650W || Memory - Corsair Vengeance 8GB (2 x 4GB) DDR3 1600 || GPU - Sapphire HD6870 1GB || HDD's - 500GB SATA III WD Caviar Black, 120GB Corsair Force 3 SSD|| Monitor - ASUS VE278Q Black 27" || OS - Windows 7 || Case - Cooler Master HAF 912 || Cpu cooler - CM Hyper 212 Plus
johnb35 is online now   Reply With Quote
Old 06-16-2011, 11:16 PM   #7
Byte Member
 
Join Date: Feb 2006
Posts: 90
Default

ComboFix 11-06-16.01 - DELL 06/16/2011 18:06:13.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.547 [GMT -4:00]
Running from: c:\documents and settings\DELL\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DELL\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
.
----- BITS: Possible infected sites -----
.
hxxp://go2.microj+|Cv+@J:NGD_DQ{zcxLJS@|@z#[@AIM Software Upgrade.S-1-5-21-776561741-1060284298-1547161642-1003XtD$?MdI.2?*7\? MdI.2?*7\MdI.2?*7\6VwoQZCDHMU
hxxp://go2.micro
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SZKG5
-------\Legacy_SZKGFS
-------\Service_crclltan
-------\Service_is3srv
-------\Service_szkg5
-------\Service_szkgfs
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-13 21:07 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 20:42 . 2011-06-06 20:42 388096 ----a-r- c:\documents and settings\DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-06 20:42 . 2011-06-06 20:42 -------- d-----w- c:\program files\Trend Micro
2011-06-06 18:37 . 2011-06-06 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-06-06 01:13 . 2011-06-06 01:13 -------- d-----w- c:\program files\Windows Defender
2011-06-05 18:41 . 2011-06-05 19:21 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-05 18:36 . 2011-06-05 18:41 -------- d-----w- C:\34dc47b5e2cbb0538ed98d5951
2011-06-04 23:36 . 2011-06-04 23:36 -------- d-----w- c:\program files\CCleaner
2011-06-04 21:23 . 2011-06-04 21:24 316400 ----a-w- c:\program files\Mozilla Firefox\0.9452440027994198.exe
2011-05-31 16:02 . 2011-06-05 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-31 16:02 . 2011-06-04 23:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-25 02:07 . 2011-05-25 02:07 -------- d-----w- c:\documents and settings\DELL\Application Data\Malwarebytes
2011-05-25 02:07 . 2011-06-04 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-25 02:07 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-25 01:34 . 2011-06-13 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 00:04 . 2011-06-05 03:43 -------- d-----w- c:\documents and settings\Administrator
2011-05-24 23:13 . 2011-05-24 23:13 88641 ----a-w- c:\program files\Mozilla Firefox\0.8960176907769898.exe
2011-05-18 04:51 . 2011-06-13 14:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-05-25 02:35 . 2008-04-14 05:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-06 19:11 . 2011-05-06 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-07_02.39.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-16 22:12 . 2011-06-16 22:12 16384 c:\windows\Temp\Perflib_Perfdata_25c.dat
- 2010-10-18 01:42 . 2010-10-18 01:42 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-10-18 01:42 . 2011-06-13 04:10 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-13 14:28 . 2011-06-13 14:28 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Pl ugin.exe
+ 2010-10-05 19:50 . 2011-06-13 14:28 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-10-05 19:50 . 2011-05-18 04:51 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-06-13 04:10 . 2011-06-13 04:10 20314624 c:\windows\Installer\125cd6.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-06-15 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [BU]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\05718470.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/4/2011 6:02 PM 366640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [6/13/2011 5:07 PM 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 02:19]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183 CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\a9alw23v.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-16 18:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oapngklhmnmbkanpfhkfeeldcpgcob"=hex:64,61,61,69,6 5,61,62,64,00,85
"oalpaiekpljnkcdjfidcpjocghinoe"=hex:69,61,6b,63,6 1,68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
"nafpcjgjbfelmgffbkikhegjljnp"=hex:69,61,6b,63,61, 68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|•€|•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\ \Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01 CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2012)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2011-06-16 18:14:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-16 22:14
ComboFix2.txt 2011-06-16 05:09
ComboFix3.txt 2011-06-07 02:42
.
Pre-Run: 157,070,192,640 bytes free
Post-Run: 156,992,278,528 bytes free
.
- - End Of File - - 110CD67DEED034B736AD317512994A3D
Jacknife is offline   Reply With Quote
Old 06-16-2011, 11:32 PM   #8
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: Where ever Fluffy is
Age: 44
Posts: 29,393
Default

Can you tell me how the system is running now? Are you still having problems with netflix?

Also i would like for you to upload these files to www.virustotal.com and give me the resulting links from them.

c:\program files\Mozilla Firefox\0.9452440027994198.exe
c:\program files\Mozilla Firefox\0.8960176907769898.exe

Browse to each file separately and upload them to the site and then when you get the results just copy and paste the link from your browswer in your reply. I will need to 2 links in your next reply and an update on how the system is working.
__________________
MB - Gigabyte 970A-UD3 || CPU - FX8350|| PSU - Corsair CMPSU-650TX 650W || Memory - Corsair Vengeance 8GB (2 x 4GB) DDR3 1600 || GPU - Sapphire HD6870 1GB || HDD's - 500GB SATA III WD Caviar Black, 120GB Corsair Force 3 SSD|| Monitor - ASUS VE278Q Black 27" || OS - Windows 7 || Case - Cooler Master HAF 912 || Cpu cooler - CM Hyper 212 Plus
johnb35 is online now   Reply With Quote
Old 06-17-2011, 07:08 PM   #9
Byte Member
 
Join Date: Feb 2006
Posts: 90
Default

Netflix still does not play. There is another computer in this house and Netflix streams fine on that, so it is not any problem with the internet connection or Netflix account. I tried temporarily disabling the newly downloaded virus/spyware programs on here in case they were somehow blocking access, but same result. Other than the problem streaming netflix video's that started when/after the computer ran into a few virus's, the system is running just fine.

And here are the virustotal links.


http://www.virustotal.com/file-scan/...362-1308333279

http://www.virustotal.com/file-scan/...600-1308332380
Jacknife is offline   Reply With Quote
Old 06-17-2011, 08:46 PM   #10
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: Where ever Fluffy is
Age: 44
Posts: 29,393
Default

Okay, both of those are nasties, lets get rid of them.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2.Copy the text in the below code box

Code:
File::
c:\program files\Mozilla Firefox\0.9452440027994198.exe
c:\program files\Mozilla Firefox\0.8960176907769898.exe


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!




ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Then do the following.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.
__________________
MB - Gigabyte 970A-UD3 || CPU - FX8350|| PSU - Corsair CMPSU-650TX 650W || Memory - Corsair Vengeance 8GB (2 x 4GB) DDR3 1600 || GPU - Sapphire HD6870 1GB || HDD's - 500GB SATA III WD Caviar Black, 120GB Corsair Force 3 SSD|| Monitor - ASUS VE278Q Black 27" || OS - Windows 7 || Case - Cooler Master HAF 912 || Cpu cooler - CM Hyper 212 Plus
johnb35 is online now   Reply With Quote

Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Citi Virtual Account Number problem.. f-16 General Software 2 10-30-2012 11:27 PM
Problem with computer freezing.. linked with graphics card? wetwillie42 Video Cards and Monitors 5 12-22-2008 05:21 AM
Severe Problem.. Please help! ahmedhossam Computer Networking and Servers 2 08-09-2008 03:20 AM
LCD problem Kilauea Laptops, Tablets and Smartphones 2 06-16-2008 04:12 AM
Problem Problem Problem Problem lally07 Computer Games and Consoles 3 03-10-2008 08:46 PM


All times are GMT +1. The time now is 12:20 AM.


Powered by: vBulletin Version 3.8.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2002-2014 Computer Forum