Netflix problem

Discussion in 'General Software' started by Jacknife, Jun 15, 2011.

  1. Jacknife

    Jacknife New Member

    Messages:
    92
    Recently had various virus' infecting my computer. Got them fixed using malwarebytes and combo fix. Computer seems to be back to normal now. Although, ever since clearing the virus' I have been getting a error when trying to stream Netflix Instant movies which I had never encountered before. Cant be a coincidence.

    The exact details of the netflix error is..."Internet connection problem. Error code: N8202. An internet or home network connection is preventing playback. Please check your internet connection and try again".

    There is nothing wrong with my internet connection. Anyone know what could be causing this? thanks.
     
  2. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,257
    Just because you ran malwarebytes and combofix doesn't mean you are totally clean. Please do the following.

    Please post the malwarebytes and combofix logs and then also a hijackthis log.

    The combofix log is located at C:\combofix.txt, copy and paste the entire contents back here. Open malwarebytes, click on the logs tab, and then open the log that removed infections and copy and paste it back here.


    Download the HijackThis installer from here.
    Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

    Click Do a system scan and save a logfile

    Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

    Post the logfile that HijackThis produces
     
  3. Jacknife

    Jacknife New Member

    Messages:
    92
    Note: No problem streaming other video and audio, only Netflix video.

    --------------------------------------------

    Combofix log:

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\DELL\Application Data\Kernel32.exe
    c:\documents and settings\DELL\Application Data\Local
    c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\1.ddi
    c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\settings.ddi
    c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\sykecnxztiww.avi.ddr
    c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
    c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
    c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\sykecnxztiww.avi
    c:\documents and settings\DELL\Local Settings\Application Data\ClientUpdate.exe
    c:\documents and settings\DELL\Start Menu\Programs\Windows XP Recovery
    c:\documents and settings\DELL\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk
    c:\documents and settings\DELL\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk
    c:\documents and settings\DELL\Templates\8f2gvu11wnj076224dw377dm
    .
    Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-06 20:42 . 2011-06-06 20:42 388096 ----a-r- c:\documents and settings\DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-06 20:42 . 2011-06-06 20:42 -------- d-----w- c:\program files\Trend Micro
    2011-06-06 01:13 . 2011-06-06 01:13 -------- d-----w- c:\program files\Windows Defender
    2011-06-05 18:41 . 2011-06-05 19:21 -------- d-----w- c:\windows\system32\MpEngineStore
    2011-06-05 18:36 . 2011-06-05 18:41 -------- d-----w- C:\34dc47b5e2cbb0538ed98d5951
    2011-06-04 23:36 . 2011-06-04 23:36 -------- d-----w- c:\program files\CCleaner
    2011-06-04 21:23 . 2011-06-04 21:24 316400 ----a-w- c:\program files\Mozilla Firefox\0.9452440027994198.exe
    2011-05-31 16:02 . 2011-06-05 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-05-31 16:02 . 2011-06-04 23:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-25 02:07 . 2011-05-25 02:07 -------- d-----w- c:\documents and settings\DELL\Application Data\Malwarebytes
    2011-05-25 02:07 . 2011-06-04 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-05-25 02:07 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-25 01:34 . 2011-06-04 23:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-25 00:04 . 2011-06-05 03:43 -------- d-----w- c:\documents and settings\Administrator
    2011-05-24 23:13 . 2011-05-24 23:13 88641 ----a-w- c:\program files\Mozilla Firefox\0.8960176907769898.exe
    2011-05-18 04:51 . 2011-05-18 04:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-25 02:35 . 2008-04-14 05:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2011-03-16 17:28 . 2011-04-20 05:30 16704 ----a-w- c:\windows\system32\roboot.exe
    2011-05-06 19:11 . 2011-05-06 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
    "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2009 10:27 PM 164048]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2009 10:27 PM 19024]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
    S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
    S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
    S1 crclltan;crclltan;\??\c:\windows\system32\drivers\crclltan.sys --> c:\windows\system32\drivers\crclltan.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WUAUSERV
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-07 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 02:19]
    .
    2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
    .
    2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
    .
    2011-06-07 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\a9alw23v.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Registry Reviver - c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe
    HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    Notify-TPSvc - TPSvc.dll
    SafeBoot-05718470.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-06 22:40
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "oapngklhmnmbkanpfhkfeeldcpgcob"=hex:64,61,61,69,65,61,62,64,00,85
    "oalpaiekpljnkcdjfidcpjocghinoe"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
    6f,68,61,65,00,ff
    "nafpcjgjbfelmgffbkikhegjljnp"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
    6f,68,61,65,00,ff
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
    "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3920)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Logitech\Video\FxSvr2.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-06 22:42:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-07 02:42
    .
    Pre-Run: 157,165,346,816 bytes free
    Post-Run: 157,204,094,976 bytes free
    .
    - - End Of File - - E3E375BC9F1876368AB1E27D8B3A2078


    ---------------------------------------------

    Malwarebytes log #1

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6773

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    6/5/2011 4:15:22 PM
    mbam-log-2011-06-05 (16-15-22).txt

    Scan type: Quick scan
    Objects scanned: 147594
    Time elapsed: 1 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\all users\application data\dgmwvfdydk.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
    c:\documents and settings\DELL\local settings\Temp\jar_cache2110695217888490566.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.


    -----------------------------

    Malwarebytes log #2

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6850

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    6/13/2011 6:20:39 PM
    mbam-log-2011-06-13 (18-20-39).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 176839
    Time elapsed: 9 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\system volume information\_restore{a7508371-b227-4af3-8639-2f2992598d29}\RP1\A0000115.sys (Rootkit.Patch) -> Quarantined and deleted successfully.

    ----------------------------------

    Hijackthis scan

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:27:08 PM, on 6/15/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    --
    End of file - 7798 bytes
     
    Last edited: Jun 15, 2011
  4. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,257
    Since you omitted the first part of the combofix log, I don't know where combofix is located at. If its not located on the desktop, please move it there now so you can perform the following procedure.


    1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
    It must be Notepad, not Wordpad.
    2. Copy the text in the below code box

    Code:
    Driver::
    is3srv
    szkg5
    szkgfs
    crclltan
    
    Reglock::
    [HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•A~*]

    3. Go to the Notepad window and click Edit > Paste
    4. Then click File > Save
    5. Name the file CFScript.txt - Save the file to your Desktop
    6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


    [​IMG]

    ComboFix will begin to execute, just follow the prompts.
    After reboot (in case it asks to reboot), it will produce a log for you.
    Post that log (Combofix.txt) in your next reply.
     
  5. Jacknife

    Jacknife New Member

    Messages:
    92
    ComboFix 11-06-06.02 - DELL 06/16/2011 1:06.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.526 [GMT -4:00]
    Running from: c:\documents and settings\DELL\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\DELL\Desktop\CFScript.txt
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-13 21:07 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-06 20:42 . 2011-06-06 20:42 388096 ----a-r- c:\documents and settings\DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-06 20:42 . 2011-06-06 20:42 -------- d-----w- c:\program files\Trend Micro
    2011-06-06 18:37 . 2011-06-06 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2011-06-06 01:13 . 2011-06-06 01:13 -------- d-----w- c:\program files\Windows Defender
    2011-06-05 18:41 . 2011-06-05 19:21 -------- d-----w- c:\windows\system32\MpEngineStore
    2011-06-05 18:36 . 2011-06-05 18:41 -------- d-----w- C:\34dc47b5e2cbb0538ed98d5951
    2011-06-04 23:36 . 2011-06-04 23:36 -------- d-----w- c:\program files\CCleaner
    2011-06-04 21:23 . 2011-06-04 21:24 316400 ----a-w- c:\program files\Mozilla Firefox\0.9452440027994198.exe
    2011-05-31 16:02 . 2011-06-05 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-05-31 16:02 . 2011-06-04 23:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-25 02:07 . 2011-05-25 02:07 -------- d-----w- c:\documents and settings\DELL\Application Data\Malwarebytes
    2011-05-25 02:07 . 2011-06-04 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-05-25 02:07 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-25 01:34 . 2011-06-13 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-25 00:04 . 2011-06-05 03:43 -------- d-----w- c:\documents and settings\Administrator
    2011-05-24 23:13 . 2011-05-24 23:13 88641 ----a-w- c:\program files\Mozilla Firefox\0.8960176907769898.exe
    2011-05-18 04:51 . 2011-06-13 14:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-25 02:35 . 2008-04-14 05:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2011-05-06 19:11 . 2011-05-06 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-07_02.39.49 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-06-16 00:58 . 2011-06-16 00:58 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
    - 2010-10-18 01:42 . 2010-10-18 01:42 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2010-10-18 01:42 . 2011-06-13 04:10 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2011-06-13 14:28 . 2011-06-13 14:28 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe
    + 2010-10-05 19:50 . 2011-06-13 14:28 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    - 2010-10-05 19:50 . 2011-05-18 04:51 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    + 2011-06-13 04:10 . 2011-06-13 04:10 20314624 c:\windows\Installer\125cd6.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [BU]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
    "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05718470.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/4/2011 6:02 PM 366640]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2011 5:07 PM 22712]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
    S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
    S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
    S1 crclltan;crclltan;\??\c:\windows\system32\drivers\crclltan.sys --> c:\windows\system32\drivers\crclltan.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-16 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 02:19]
    .
    2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
    .
    2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
    .
    2011-06-16 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\a9alw23v.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-16 01:07
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "oapngklhmnmbkanpfhkfeeldcpgcob"=hex:64,61,61,69,65,61,62,64,00,85
    "oalpaiekpljnkcdjfidcpjocghinoe"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
    6f,68,61,65,00,ff
    "nafpcjgjbfelmgffbkikhegjljnp"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
    6f,68,61,65,00,ff
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
    "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(404)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-06-16 01:09:11
    ComboFix-quarantined-files.txt 2011-06-16 05:09
    ComboFix2.txt 2011-06-07 02:42
    .
    Pre-Run: 156,791,312,384 bytes free
    Post-Run: 156,800,942,080 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 465B2BCE409B03F6DD4E784D37E6D57F
     
  6. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,257
    PLease delete the combofix file you have and download the latest one here to your desktop.

    http://download.bleepingcomputer.co...13b03f635d08e9644a3a9d0/4dfa6ec7/ComboFix.exe

    You may need to right click on that link and click on open in new window for the download to appear.

    Then rerun the following script as the one you just did, didn't do anything.

    1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
    It must be Notepad, not Wordpad.
    2. Copy the text in the below code box

    Code:
    Driver::
    is3srv
    szkg5
    szkgfs
    crclltan
    
    Reglock::
    [HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•A~*]
    3. Go to the Notepad window and click Edit > Paste
    4. Then click File > Save
    5. Name the file CFScript.txt - Save the file to your Desktop
    6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


    [​IMG]

    ComboFix will begin to execute, just follow the prompts.
    After reboot (in case it asks to reboot), it will produce a log for you.
    Post that log (Combofix.txt) in your next reply.
     
  7. Jacknife

    Jacknife New Member

    Messages:
    92
    ComboFix 11-06-16.01 - DELL 06/16/2011 18:06:13.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.547 [GMT -4:00]
    Running from: c:\documents and settings\DELL\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\DELL\Desktop\CFScript.txt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    .
    ----- BITS: Possible infected sites -----
    .
    hxxp://go2.microj+|Cv+@J:NGD_DQ{zcxLJS@|@z#[@AIM Software Upgrade.S-1-5-21-776561741-1060284298-1547161642-1003XtD$?MdI.2?*7\? MdI.2?*7\MdI.2?*7\6VwoQZCDHMU
    hxxp://go2.micro
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_SZKG5
    -------\Legacy_SZKGFS
    -------\Service_crclltan
    -------\Service_is3srv
    -------\Service_szkg5
    -------\Service_szkgfs
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-13 21:07 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-06 20:42 . 2011-06-06 20:42 388096 ----a-r- c:\documents and settings\DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-06 20:42 . 2011-06-06 20:42 -------- d-----w- c:\program files\Trend Micro
    2011-06-06 18:37 . 2011-06-06 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2011-06-06 01:13 . 2011-06-06 01:13 -------- d-----w- c:\program files\Windows Defender
    2011-06-05 18:41 . 2011-06-05 19:21 -------- d-----w- c:\windows\system32\MpEngineStore
    2011-06-05 18:36 . 2011-06-05 18:41 -------- d-----w- C:\34dc47b5e2cbb0538ed98d5951
    2011-06-04 23:36 . 2011-06-04 23:36 -------- d-----w- c:\program files\CCleaner
    2011-06-04 21:23 . 2011-06-04 21:24 316400 ----a-w- c:\program files\Mozilla Firefox\0.9452440027994198.exe
    2011-05-31 16:02 . 2011-06-05 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-05-31 16:02 . 2011-06-04 23:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-25 02:07 . 2011-05-25 02:07 -------- d-----w- c:\documents and settings\DELL\Application Data\Malwarebytes
    2011-05-25 02:07 . 2011-06-04 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-05-25 02:07 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-25 01:34 . 2011-06-13 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-25 00:04 . 2011-06-05 03:43 -------- d-----w- c:\documents and settings\Administrator
    2011-05-24 23:13 . 2011-05-24 23:13 88641 ----a-w- c:\program files\Mozilla Firefox\0.8960176907769898.exe
    2011-05-18 04:51 . 2011-06-13 14:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-25 02:35 . 2008-04-14 05:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2011-05-06 19:11 . 2011-05-06 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-07_02.39.49 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-06-16 22:12 . 2011-06-16 22:12 16384 c:\windows\Temp\Perflib_Perfdata_25c.dat
    - 2010-10-18 01:42 . 2010-10-18 01:42 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2010-10-18 01:42 . 2011-06-13 04:10 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2011-06-13 14:28 . 2011-06-13 14:28 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe
    + 2010-10-05 19:50 . 2011-06-13 14:28 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    - 2010-10-05 19:50 . 2011-05-18 04:51 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    + 2011-06-13 04:10 . 2011-06-13 04:10 20314624 c:\windows\Installer\125cd6.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [BU]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
    "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05718470.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/4/2011 6:02 PM 366640]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2011 5:07 PM 22712]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-16 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 02:19]
    .
    2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
    .
    2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
    .
    2011-06-16 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\a9alw23v.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-16 18:12
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "oapngklhmnmbkanpfhkfeeldcpgcob"=hex:64,61,61,69,65,61,62,64,00,85
    "oalpaiekpljnkcdjfidcpjocghinoe"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
    6f,68,61,65,00,ff
    "nafpcjgjbfelmgffbkikhegjljnp"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
    6f,68,61,65,00,ff
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
    "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2012)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Logitech\Video\FxSvr2.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-16 18:14:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-16 22:14
    ComboFix2.txt 2011-06-16 05:09
    ComboFix3.txt 2011-06-07 02:42
    .
    Pre-Run: 157,070,192,640 bytes free
    Post-Run: 156,992,278,528 bytes free
    .
    - - End Of File - - 110CD67DEED034B736AD317512994A3D
     
  8. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,257
    Can you tell me how the system is running now? Are you still having problems with netflix?

    Also i would like for you to upload these files to www.virustotal.com and give me the resulting links from them.

    c:\program files\Mozilla Firefox\0.9452440027994198.exe
    c:\program files\Mozilla Firefox\0.8960176907769898.exe

    Browse to each file separately and upload them to the site and then when you get the results just copy and paste the link from your browswer in your reply. I will need to 2 links in your next reply and an update on how the system is working.
     
  9. Jacknife

    Jacknife New Member

    Messages:
    92
    Netflix still does not play. There is another computer in this house and Netflix streams fine on that, so it is not any problem with the internet connection or Netflix account. I tried temporarily disabling the newly downloaded virus/spyware programs on here in case they were somehow blocking access, but same result. Other than the problem streaming netflix video's that started when/after the computer ran into a few virus's, the system is running just fine.

    And here are the virustotal links.


    http://www.virustotal.com/file-scan/report.html?id=0ce3de7ac551d4a8dea2af4a37ca47c5e9cc5a35952a177a1bf184a4421a0362-1308333279

    http://www.virustotal.com/file-scan/report.html?id=311ee006fa310e4209f17bff9b34797f5066cea3cfecd65fdc5d9a71bb47c600-1308332380
     
  10. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,257
    Okay, both of those are nasties, lets get rid of them.

    1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
    It must be Notepad, not Wordpad.
    2.Copy the text in the below code box

    Code:
    File::
    c:\program files\Mozilla Firefox\0.9452440027994198.exe
    c:\program files\Mozilla Firefox\0.8960176907769898.exe


    3. Go to the Notepad window and click Edit > Paste
    4. Then click File > Save
    5. Name the file CFScript.txt - Save the file to your Desktop
    6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


    [​IMG]

    ComboFix will begin to execute, just follow the prompts.
    After reboot (in case it asks to reboot), it will produce a log for you.
    Post that log (Combofix.txt) in your next reply.

    Then do the following.

    Please download and run the ESET Online Scanner
    Disable any antivirus/security programs.
    IMPORTANT! UN-check Remove found threats
    Accept any security warnings from your browser.
    Check Scan archives
    Click Start
    ESET will then download updates, install and then start scanning your system.
    When the scan is done, push list of found threats
    Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
    If no threats are found then it won't produce a log.
     
  11. Jacknife

    Jacknife New Member

    Messages:
    92
    ComboFix 11-06-17.04 - DELL 06/17/2011 16:12:44.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.607 [GMT -4:00]
    Running from: c:\documents and settings\DELL\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\DELL\Desktop\CFScript.txt
    .
    FILE ::
    "c:\program files\Mozilla Firefox\0.8960176907769898.exe"
    "c:\program files\Mozilla Firefox\0.9452440027994198.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Mozilla Firefox\0.8960176907769898.exe
    c:\program files\Mozilla Firefox\0.9452440027994198.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-13 21:07 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-06 20:42 . 2011-06-06 20:42 388096 ----a-r- c:\documents and settings\DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-06 20:42 . 2011-06-06 20:42 -------- d-----w- c:\program files\Trend Micro
    2011-06-06 18:37 . 2011-06-06 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2011-06-06 01:13 . 2011-06-06 01:13 -------- d-----w- c:\program files\Windows Defender
    2011-06-05 18:41 . 2011-06-05 19:21 -------- d-----w- c:\windows\system32\MpEngineStore
    2011-06-05 18:36 . 2011-06-05 18:41 -------- d-----w- C:\34dc47b5e2cbb0538ed98d5951
    2011-06-04 23:36 . 2011-06-04 23:36 -------- d-----w- c:\program files\CCleaner
    2011-05-31 16:02 . 2011-06-05 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-05-31 16:02 . 2011-06-04 23:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-25 02:07 . 2011-05-25 02:07 -------- d-----w- c:\documents and settings\DELL\Application Data\Malwarebytes
    2011-05-25 02:07 . 2011-06-04 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-05-25 02:07 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-25 01:34 . 2011-06-13 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-25 00:04 . 2011-06-05 03:43 -------- d-----w- c:\documents and settings\Administrator
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-13 14:28 . 2011-05-18 04:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-25 02:35 . 2008-04-14 05:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2011-05-06 19:11 . 2011-05-06 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-07_02.39.49 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-06-17 17:04 . 2011-06-17 17:04 16384 c:\windows\Temp\Perflib_Perfdata_2f4.dat
    - 2010-10-18 01:42 . 2010-10-18 01:42 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2010-10-18 01:42 . 2011-06-13 04:10 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2011-06-13 14:28 . 2011-06-13 14:28 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe
    + 2010-10-05 19:50 . 2011-06-13 14:28 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    - 2010-10-05 19:50 . 2011-05-18 04:51 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    + 2011-06-13 04:10 . 2011-06-13 04:10 20314624 c:\windows\Installer\125cd6.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [BU]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
    "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05718470.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/4/2011 6:02 PM 366640]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2011 5:07 PM 22712]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-17 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 02:19]
    .
    2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
    .
    2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
    .
    2011-06-17 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\a9alw23v.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-17 16:16
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "oapngklhmnmbkanpfhkfeeldcpgcob"=hex:64,61,61,69,65,61,62,64,00,85
    "oalpaiekpljnkcdjfidcpjocghinoe"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
    6f,68,61,65,00,ff
    "nafpcjgjbfelmgffbkikhegjljnp"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
    6f,68,61,65,00,ff
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
    "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
    .
    Completion time: 2011-06-17 16:17:53
    ComboFix-quarantined-files.txt 2011-06-17 20:17
    ComboFix2.txt 2011-06-16 22:14
    ComboFix3.txt 2011-06-16 05:09
    ComboFix4.txt 2011-06-07 02:42
    .
    Pre-Run: 156,910,751,744 bytes free
    Post-Run: 156,894,117,888 bytes free
    .
    - - End Of File - - 8F659D6DB7D5580B5ED4647E103886A6

    ----------------------------------------------

    ESET Online Scanner Log:

    C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\10\1ebc464a-15364614 multiple threats
    C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\15\11eb9a0f-6f01c4db Java/TrojanDownloader.OpenStream.NBZ trojan
    C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\18\2250f692-2e068e19 multiple threats
    C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\34\37db3fe2-1b0e294d Java/TrojanDownloader.Agent.ME trojan
    C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\42\5d76256a-140b7f8a multiple threats
    C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\46\19f0136e-4302273f multiple threats
    C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\51\6051b73-54a93da6 Java/TrojanDownloader.OpenStream.NBN trojan
    C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\63\256f397f-1cad5736 multiple threats
    C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\8\54743f48-6fb5e87d multiple threats
    C:\Documents and Settings\DELL\My Documents\Downloads\crack2.rar a variant of Win32/Keygen.AO application
    C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\0.8960176907769898.exe.vir a variant of Win32/Kryptik.DG trojan
    C:\System Volume Information\_restore{A7508371-B227-4AF3-8639-2F2992598D29}\RP10\A0001409.exe a variant of Win32/Kryptik.DG trojan
     
  12. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,257
    You have any cracked software installed? You have a keygen on your system.

    Please delete this file.

    C:\Documents and Settings\DELL\My Documents\Downloads\crack2.rar

    Then do the following to delete your java cache.

    To clear the Java Plug-in cache:
    1.Click Start > Control Panel.
    2.Double-click the Java icon in the control panel.
    The Java Control Panel appears.

    [​IMG]

    3.Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.

    [​IMG]

    4.Click Delete Files.
    The Delete Temporary Files dialog box appears.

    [​IMG]

    5.Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    6.Click OK on Temporary Files Settings window.



    Then please navigate to C:\qoobox and in that folder will be a file named "add-remove programs.txt", open that file and then copy the contents and paste it back here.
     
  13. Jacknife

    Jacknife New Member

    Messages:
    92
    Adobe Audition 2.0
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.3
    Adobe Shockwave Player 11.5
    AIM 7
    Audacity 1.2.6
    Broadcom Gigabit Integrated Controller
    CCleaner
    DivX Setup
    Download Updater (AOL LLC)
    dsi
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    HiJackThis
    Java(TM) 6 Update 13
    Logitech QuickCam Software
    Logitech® Camera Driver
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSVCRT
    OpenOffice.org 3.1
    Picasa 3
    PowerDVD
    SBR Poker 1.0.0
    Segoe UI
    Skype Toolbars
    Skype™ 5.3
    SoundMAX
    Spybot - Search & Destroy
    VC80CRTRedist - 8.0.50727.4053
    WebFldrs XP
    Windows Defender
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinRAR archiver
    XP Codec Pack
     
  14. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,257
    If you have any illegal or non genuine (pirated) software installed please uninstall it.

    also need you to uninstall the following programs.

    Adobe Reader 8.1.3
    Java(TM) 6 Update 13


    Then go here to download the latest versions of adobe reader and java

    http://get.adobe.com/reader/?promoid=BUIGO

    uncheck mcafee security scan plus before downloading.

    http://www.java.com/en/download/index.jsp

    Please download and install an antivirus program, my recommendation would be either AVAST or Microsoft Security Essentials.

    Please try netflix again and give me an update on it.
     
  15. Jacknife

    Jacknife New Member

    Messages:
    92
    All the programs on here are legitimate, not sure why there was a keygen downloaded.

    Unfortunately, after doing everything you mentioned, Netflix still gets the same error. I tried uninstalling/reinstalling Microsoft silverlight which is what Netflix uses for it's streaming video's, but same result.
     
  16. Jacknife

    Jacknife New Member

    Messages:
    92
    Downloaded a different browser and Netflix played fine. So I guess Mozilla FireFox was the root of the problem. Any ideas on how to fix the problem in Mozilla?

    Thanks for the help.
     
  17. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,257
    Try uninstalling firefox and then reboot and then reinstall it.
     

Share This Page