Netflix problem

Jacknife

New Member
Recently had various virus' infecting my computer. Got them fixed using malwarebytes and combo fix. Computer seems to be back to normal now. Although, ever since clearing the virus' I have been getting a error when trying to stream Netflix Instant movies which I had never encountered before. Cant be a coincidence.

The exact details of the netflix error is..."Internet connection problem. Error code: N8202. An internet or home network connection is preventing playback. Please check your internet connection and try again".

There is nothing wrong with my internet connection. Anyone know what could be causing this? thanks.
 

johnb35

Administrator
Staff member
Just because you ran malwarebytes and combofix doesn't mean you are totally clean. Please do the following.

Please post the malwarebytes and combofix logs and then also a hijackthis log.

The combofix log is located at C:\combofix.txt, copy and paste the entire contents back here. Open malwarebytes, click on the logs tab, and then open the log that removed infections and copy and paste it back here.


Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces
 

Jacknife

New Member
Note: No problem streaming other video and audio, only Netflix video.

--------------------------------------------

Combofix log:

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\DELL\Application Data\Kernel32.exe
c:\documents and settings\DELL\Application Data\Local
c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\sykecnxztiww.avi.ddr
c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\documents and settings\DELL\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\sykecnxztiww.avi
c:\documents and settings\DELL\Local Settings\Application Data\ClientUpdate.exe
c:\documents and settings\DELL\Start Menu\Programs\Windows XP Recovery
c:\documents and settings\DELL\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk
c:\documents and settings\DELL\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk
c:\documents and settings\DELL\Templates\8f2gvu11wnj076224dw377dm
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-06 20:42 . 2011-06-06 20:42 388096 ----a-r- c:\documents and settings\DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-06 20:42 . 2011-06-06 20:42 -------- d-----w- c:\program files\Trend Micro
2011-06-06 01:13 . 2011-06-06 01:13 -------- d-----w- c:\program files\Windows Defender
2011-06-05 18:41 . 2011-06-05 19:21 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-05 18:36 . 2011-06-05 18:41 -------- d-----w- C:\34dc47b5e2cbb0538ed98d5951
2011-06-04 23:36 . 2011-06-04 23:36 -------- d-----w- c:\program files\CCleaner
2011-06-04 21:23 . 2011-06-04 21:24 316400 ----a-w- c:\program files\Mozilla Firefox\0.9452440027994198.exe
2011-05-31 16:02 . 2011-06-05 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-31 16:02 . 2011-06-04 23:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-25 02:07 . 2011-05-25 02:07 -------- d-----w- c:\documents and settings\DELL\Application Data\Malwarebytes
2011-05-25 02:07 . 2011-06-04 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-25 02:07 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-25 01:34 . 2011-06-04 23:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 00:04 . 2011-06-05 03:43 -------- d-----w- c:\documents and settings\Administrator
2011-05-24 23:13 . 2011-05-24 23:13 88641 ----a-w- c:\program files\Mozilla Firefox\0.8960176907769898.exe
2011-05-18 04:51 . 2011-05-18 04:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 02:35 . 2008-04-14 05:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-03-16 17:28 . 2011-04-20 05:30 16704 ----a-w- c:\windows\system32\roboot.exe
2011-05-06 19:11 . 2011-05-06 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2009 10:27 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2009 10:27 PM 19024]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 crclltan;crclltan;\??\c:\windows\system32\drivers\crclltan.sys --> c:\windows\system32\drivers\crclltan.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 02:19]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\a9alw23v.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Registry Reviver - c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
Notify-TPSvc - TPSvc.dll
SafeBoot-05718470.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-06 22:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oapngklhmnmbkanpfhkfeeldcpgcob"=hex:64,61,61,69,65,61,62,64,00,85
"oalpaiekpljnkcdjfidcpjocghinoe"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
"nafpcjgjbfelmgffbkikhegjljnp"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-06 22:42:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-07 02:42
.
Pre-Run: 157,165,346,816 bytes free
Post-Run: 157,204,094,976 bytes free
.
- - End Of File - - E3E375BC9F1876368AB1E27D8B3A2078


---------------------------------------------

Malwarebytes log #1

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6773

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/5/2011 4:15:22 PM
mbam-log-2011-06-05 (16-15-22).txt

Scan type: Quick scan
Objects scanned: 147594
Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\dgmwvfdydk.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\DELL\local settings\Temp\jar_cache2110695217888490566.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.


-----------------------------

Malwarebytes log #2

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6850

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/13/2011 6:20:39 PM
mbam-log-2011-06-13 (18-20-39).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 176839
Time elapsed: 9 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{a7508371-b227-4af3-8639-2f2992598d29}\RP1\A0000115.sys (Rootkit.Patch) -> Quarantined and deleted successfully.

----------------------------------

Hijackthis scan

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:27:08 PM, on 6/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 7798 bytes
 
Last edited:

johnb35

Administrator
Staff member
Since you omitted the first part of the combofix log, I don't know where combofix is located at. If its not located on the desktop, please move it there now so you can perform the following procedure.


1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:
Driver::
is3srv
szkg5
szkgfs
crclltan

Reglock::
[HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•A~*]


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 

Jacknife

New Member
ComboFix 11-06-06.02 - DELL 06/16/2011 1:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.526 [GMT -4:00]
Running from: c:\documents and settings\DELL\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DELL\Desktop\CFScript.txt
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-13 21:07 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 20:42 . 2011-06-06 20:42 388096 ----a-r- c:\documents and settings\DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-06 20:42 . 2011-06-06 20:42 -------- d-----w- c:\program files\Trend Micro
2011-06-06 18:37 . 2011-06-06 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-06-06 01:13 . 2011-06-06 01:13 -------- d-----w- c:\program files\Windows Defender
2011-06-05 18:41 . 2011-06-05 19:21 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-05 18:36 . 2011-06-05 18:41 -------- d-----w- C:\34dc47b5e2cbb0538ed98d5951
2011-06-04 23:36 . 2011-06-04 23:36 -------- d-----w- c:\program files\CCleaner
2011-06-04 21:23 . 2011-06-04 21:24 316400 ----a-w- c:\program files\Mozilla Firefox\0.9452440027994198.exe
2011-05-31 16:02 . 2011-06-05 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-31 16:02 . 2011-06-04 23:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-25 02:07 . 2011-05-25 02:07 -------- d-----w- c:\documents and settings\DELL\Application Data\Malwarebytes
2011-05-25 02:07 . 2011-06-04 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-25 02:07 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-25 01:34 . 2011-06-13 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 00:04 . 2011-06-05 03:43 -------- d-----w- c:\documents and settings\Administrator
2011-05-24 23:13 . 2011-05-24 23:13 88641 ----a-w- c:\program files\Mozilla Firefox\0.8960176907769898.exe
2011-05-18 04:51 . 2011-06-13 14:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 02:35 . 2008-04-14 05:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-06 19:11 . 2011-05-06 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-07_02.39.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-16 00:58 . 2011-06-16 00:58 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
- 2010-10-18 01:42 . 2010-10-18 01:42 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-10-18 01:42 . 2011-06-13 04:10 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-13 14:28 . 2011-06-13 14:28 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe
+ 2010-10-05 19:50 . 2011-06-13 14:28 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-10-05 19:50 . 2011-05-18 04:51 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-06-13 04:10 . 2011-06-13 04:10 20314624 c:\windows\Installer\125cd6.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [BU]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05718470.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/4/2011 6:02 PM 366640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2011 5:07 PM 22712]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 crclltan;crclltan;\??\c:\windows\system32\drivers\crclltan.sys --> c:\windows\system32\drivers\crclltan.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 02:19]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\a9alw23v.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-16 01:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oapngklhmnmbkanpfhkfeeldcpgcob"=hex:64,61,61,69,65,61,62,64,00,85
"oalpaiekpljnkcdjfidcpjocghinoe"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
"nafpcjgjbfelmgffbkikhegjljnp"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(404)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-16 01:09:11
ComboFix-quarantined-files.txt 2011-06-16 05:09
ComboFix2.txt 2011-06-07 02:42
.
Pre-Run: 156,791,312,384 bytes free
Post-Run: 156,800,942,080 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 465B2BCE409B03F6DD4E784D37E6D57F
 

johnb35

Administrator
Staff member
PLease delete the combofix file you have and download the latest one here to your desktop.

http://download.bleepingcomputer.co...13b03f635d08e9644a3a9d0/4dfa6ec7/ComboFix.exe

You may need to right click on that link and click on open in new window for the download to appear.

Then rerun the following script as the one you just did, didn't do anything.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:
Driver::
is3srv
szkg5
szkgfs
crclltan

Reglock::
[HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•A~*]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 

Jacknife

New Member
ComboFix 11-06-16.01 - DELL 06/16/2011 18:06:13.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.547 [GMT -4:00]
Running from: c:\documents and settings\DELL\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DELL\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
.
----- BITS: Possible infected sites -----
.
hxxp://go2.microj+|Cv+@J:NGD_DQ{zcxLJS@|@z#[@AIM Software Upgrade.S-1-5-21-776561741-1060284298-1547161642-1003XtD$?MdI.2?*7\? MdI.2?*7\MdI.2?*7\6VwoQZCDHMU
hxxp://go2.micro
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SZKG5
-------\Legacy_SZKGFS
-------\Service_crclltan
-------\Service_is3srv
-------\Service_szkg5
-------\Service_szkgfs
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-13 21:07 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 20:42 . 2011-06-06 20:42 388096 ----a-r- c:\documents and settings\DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-06 20:42 . 2011-06-06 20:42 -------- d-----w- c:\program files\Trend Micro
2011-06-06 18:37 . 2011-06-06 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-06-06 01:13 . 2011-06-06 01:13 -------- d-----w- c:\program files\Windows Defender
2011-06-05 18:41 . 2011-06-05 19:21 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-05 18:36 . 2011-06-05 18:41 -------- d-----w- C:\34dc47b5e2cbb0538ed98d5951
2011-06-04 23:36 . 2011-06-04 23:36 -------- d-----w- c:\program files\CCleaner
2011-06-04 21:23 . 2011-06-04 21:24 316400 ----a-w- c:\program files\Mozilla Firefox\0.9452440027994198.exe
2011-05-31 16:02 . 2011-06-05 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-31 16:02 . 2011-06-04 23:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-25 02:07 . 2011-05-25 02:07 -------- d-----w- c:\documents and settings\DELL\Application Data\Malwarebytes
2011-05-25 02:07 . 2011-06-04 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-25 02:07 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-25 01:34 . 2011-06-13 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 00:04 . 2011-06-05 03:43 -------- d-----w- c:\documents and settings\Administrator
2011-05-24 23:13 . 2011-05-24 23:13 88641 ----a-w- c:\program files\Mozilla Firefox\0.8960176907769898.exe
2011-05-18 04:51 . 2011-06-13 14:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 02:35 . 2008-04-14 05:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-06 19:11 . 2011-05-06 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-07_02.39.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-16 22:12 . 2011-06-16 22:12 16384 c:\windows\Temp\Perflib_Perfdata_25c.dat
- 2010-10-18 01:42 . 2010-10-18 01:42 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-10-18 01:42 . 2011-06-13 04:10 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-13 14:28 . 2011-06-13 14:28 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe
+ 2010-10-05 19:50 . 2011-06-13 14:28 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-10-05 19:50 . 2011-05-18 04:51 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-06-13 04:10 . 2011-06-13 04:10 20314624 c:\windows\Installer\125cd6.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [BU]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05718470.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/4/2011 6:02 PM 366640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2011 5:07 PM 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 02:19]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\a9alw23v.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-16 18:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oapngklhmnmbkanpfhkfeeldcpgcob"=hex:64,61,61,69,65,61,62,64,00,85
"oalpaiekpljnkcdjfidcpjocghinoe"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
"nafpcjgjbfelmgffbkikhegjljnp"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2012)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-16 18:14:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-16 22:14
ComboFix2.txt 2011-06-16 05:09
ComboFix3.txt 2011-06-07 02:42
.
Pre-Run: 157,070,192,640 bytes free
Post-Run: 156,992,278,528 bytes free
.
- - End Of File - - 110CD67DEED034B736AD317512994A3D
 

johnb35

Administrator
Staff member
Can you tell me how the system is running now? Are you still having problems with netflix?

Also i would like for you to upload these files to www.virustotal.com and give me the resulting links from them.

c:\program files\Mozilla Firefox\0.9452440027994198.exe
c:\program files\Mozilla Firefox\0.8960176907769898.exe

Browse to each file separately and upload them to the site and then when you get the results just copy and paste the link from your browswer in your reply. I will need to 2 links in your next reply and an update on how the system is working.
 

Jacknife

New Member
Netflix still does not play. There is another computer in this house and Netflix streams fine on that, so it is not any problem with the internet connection or Netflix account. I tried temporarily disabling the newly downloaded virus/spyware programs on here in case they were somehow blocking access, but same result. Other than the problem streaming netflix video's that started when/after the computer ran into a few virus's, the system is running just fine.

And here are the virustotal links.


http://www.virustotal.com/file-scan/report.html?id=0ce3de7ac551d4a8dea2af4a37ca47c5e9cc5a35952a177a1bf184a4421a0362-1308333279

http://www.virustotal.com/file-scan/report.html?id=311ee006fa310e4209f17bff9b34797f5066cea3cfecd65fdc5d9a71bb47c600-1308332380
 

johnb35

Administrator
Staff member
Okay, both of those are nasties, lets get rid of them.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2.Copy the text in the below code box

Code:
File::
c:\program files\Mozilla Firefox\0.9452440027994198.exe
c:\program files\Mozilla Firefox\0.8960176907769898.exe



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Then do the following.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.
 

Jacknife

New Member
ComboFix 11-06-17.04 - DELL 06/17/2011 16:12:44.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.607 [GMT -4:00]
Running from: c:\documents and settings\DELL\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DELL\Desktop\CFScript.txt
.
FILE ::
"c:\program files\Mozilla Firefox\0.8960176907769898.exe"
"c:\program files\Mozilla Firefox\0.9452440027994198.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\0.8960176907769898.exe
c:\program files\Mozilla Firefox\0.9452440027994198.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-13 21:07 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 20:42 . 2011-06-06 20:42 388096 ----a-r- c:\documents and settings\DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-06 20:42 . 2011-06-06 20:42 -------- d-----w- c:\program files\Trend Micro
2011-06-06 18:37 . 2011-06-06 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-06-06 01:13 . 2011-06-06 01:13 -------- d-----w- c:\program files\Windows Defender
2011-06-05 18:41 . 2011-06-05 19:21 -------- d-----w- c:\windows\system32\MpEngineStore
2011-06-05 18:36 . 2011-06-05 18:41 -------- d-----w- C:\34dc47b5e2cbb0538ed98d5951
2011-06-04 23:36 . 2011-06-04 23:36 -------- d-----w- c:\program files\CCleaner
2011-05-31 16:02 . 2011-06-05 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-31 16:02 . 2011-06-04 23:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-25 02:07 . 2011-05-25 02:07 -------- d-----w- c:\documents and settings\DELL\Application Data\Malwarebytes
2011-05-25 02:07 . 2011-06-04 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-25 02:07 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-25 01:34 . 2011-06-13 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 00:04 . 2011-06-05 03:43 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-13 14:28 . 2011-05-18 04:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 02:35 . 2008-04-14 05:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-06 19:11 . 2011-05-06 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-07_02.39.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-17 17:04 . 2011-06-17 17:04 16384 c:\windows\Temp\Perflib_Perfdata_2f4.dat
- 2010-10-18 01:42 . 2010-10-18 01:42 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-10-18 01:42 . 2011-06-13 04:10 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-13 14:28 . 2011-06-13 14:28 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe
+ 2010-10-05 19:50 . 2011-06-13 14:28 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-10-05 19:50 . 2011-05-18 04:51 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-06-13 04:10 . 2011-06-13 04:10 20314624 c:\windows\Installer\125cd6.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [BU]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05718470.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/4/2011 6:02 PM 366640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2011 5:07 PM 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 1:39 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 02:19]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 17:39]
.
2011-06-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\a9alw23v.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 16:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776561741-1060284298-1547161642-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B68D7736-24CF-49C7-3225-00928671B9F7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oapngklhmnmbkanpfhkfeeldcpgcob"=hex:64,61,61,69,65,61,62,64,00,85
"oalpaiekpljnkcdjfidcpjocghinoe"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
"nafpcjgjbfelmgffbkikhegjljnp"=hex:69,61,6b,63,61,68,66,6f,66,6e,6c,61,6f,68,
6f,68,61,65,00,ff
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
Completion time: 2011-06-17 16:17:53
ComboFix-quarantined-files.txt 2011-06-17 20:17
ComboFix2.txt 2011-06-16 22:14
ComboFix3.txt 2011-06-16 05:09
ComboFix4.txt 2011-06-07 02:42
.
Pre-Run: 156,910,751,744 bytes free
Post-Run: 156,894,117,888 bytes free
.
- - End Of File - - 8F659D6DB7D5580B5ED4647E103886A6

----------------------------------------------

ESET Online Scanner Log:

C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\10\1ebc464a-15364614 multiple threats
C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\15\11eb9a0f-6f01c4db Java/TrojanDownloader.OpenStream.NBZ trojan
C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\18\2250f692-2e068e19 multiple threats
C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\34\37db3fe2-1b0e294d Java/TrojanDownloader.Agent.ME trojan
C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\42\5d76256a-140b7f8a multiple threats
C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\46\19f0136e-4302273f multiple threats
C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\51\6051b73-54a93da6 Java/TrojanDownloader.OpenStream.NBN trojan
C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\63\256f397f-1cad5736 multiple threats
C:\Documents and Settings\DELL\Application Data\Sun\Java\Deployment\cache\6.0\8\54743f48-6fb5e87d multiple threats
C:\Documents and Settings\DELL\My Documents\Downloads\crack2.rar a variant of Win32/Keygen.AO application
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\0.8960176907769898.exe.vir a variant of Win32/Kryptik.DG trojan
C:\System Volume Information\_restore{A7508371-B227-4AF3-8639-2F2992598D29}\RP10\A0001409.exe a variant of Win32/Kryptik.DG trojan
 

johnb35

Administrator
Staff member
You have any cracked software installed? You have a keygen on your system.

Please delete this file.

C:\Documents and Settings\DELL\My Documents\Downloads\crack2.rar

Then do the following to delete your java cache.

To clear the Java Plug-in cache:
1.Click Start > Control Panel.
2.Double-click the Java icon in the control panel.
The Java Control Panel appears.

plugin_cache1.jpg


3.Click Settings under Temporary Internet Files.
The Temporary Files Settings dialog box appears.

plugin_cache2.jpg


4.Click Delete Files.
The Delete Temporary Files dialog box appears.

plugin_cache3.jpg


5.Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
6.Click OK on Temporary Files Settings window.



Then please navigate to C:\qoobox and in that folder will be a file named "add-remove programs.txt", open that file and then copy the contents and paste it back here.
 

Jacknife

New Member
Adobe Audition 2.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
AIM 7
Audacity 1.2.6
Broadcom Gigabit Integrated Controller
CCleaner
DivX Setup
Download Updater (AOL LLC)
dsi
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
Java(TM) 6 Update 13
Logitech QuickCam Software
Logitech® Camera Driver
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
OpenOffice.org 3.1
Picasa 3
PowerDVD
SBR Poker 1.0.0
Segoe UI
Skype Toolbars
Skype™ 5.3
SoundMAX
Spybot - Search & Destroy
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Windows Defender
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
XP Codec Pack
 

johnb35

Administrator
Staff member
If you have any illegal or non genuine (pirated) software installed please uninstall it.

also need you to uninstall the following programs.

Adobe Reader 8.1.3
Java(TM) 6 Update 13


Then go here to download the latest versions of adobe reader and java

http://get.adobe.com/reader/?promoid=BUIGO

uncheck mcafee security scan plus before downloading.

http://www.java.com/en/download/index.jsp

Please download and install an antivirus program, my recommendation would be either AVAST or Microsoft Security Essentials.

Please try netflix again and give me an update on it.
 

Jacknife

New Member
All the programs on here are legitimate, not sure why there was a keygen downloaded.

Unfortunately, after doing everything you mentioned, Netflix still gets the same error. I tried uninstalling/reinstalling Microsoft silverlight which is what Netflix uses for it's streaming video's, but same result.
 

Jacknife

New Member
Downloaded a different browser and Netflix played fine. So I guess Mozilla FireFox was the root of the problem. Any ideas on how to fix the problem in Mozilla?

Thanks for the help.
 
Top