 |  |  |  |  |  |  |  |
extmgr32.dll problem
 |
Shareaza was reinstalled on 10-24-08. This is a new computer that I built several months ago but I just recently got internet on 10-21, and I had shareaza installed with no virus protection at all. Tried downloading a program to convert mpg to dvd, and it was a virus. I had to reformat my computer that time. First and the last time I'd try to get a program off of P2P. I just use P2P sharing for old movies and old music that I just can't seem to find anywhere else. Now I have Norton Internet Security. Everything you see installed I or my roommate payed for. Here is the new ComboFix log. Thanks again.
ComboFix 08-11-16.05 - Richard Fedie 2008-11-17 12:34:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2915 [GMT -6:00]
Running from: c:\documents and settings\Richard Fedie\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.
2008-11-16 02:18 . 2008-11-16 02:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-16 02:17 . 2008-11-16 02:17 <DIR> d-------- c:\documents and settings\Administrator
2008-11-15 19:00 . 2008-11-16 01:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2008-11-15 16:17 . 2008-11-15 16:40 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-11-14 21:16 . 2008-11-14 21:16 <DIR> d-------- c:\documents and settings\Diana\Application Data\Malwarebytes
2008-11-14 20:38 . 2008-11-14 20:38 <DIR> d-------- c:\documents and settings\Scott\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-14 19:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-13 23:29 . 2008-11-13 23:29 <DIR> d-------- c:\program files\Windows Defender
2008-11-13 21:59 . 2008-11-13 22:07 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-11-13 21:59 . 2008-11-13 22:07 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-11-13 21:50 . 2008-04-14 06:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-13 19:50 . 2008-11-13 19:50 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\ErrorSmart
2008-11-13 18:46 . 2008-11-15 20:52 8,269 --a------ c:\windows\GnuHashes.ini
2008-11-13 18:36 . 2008-11-16 14:00 <DIR> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-11-13 18:36 . 2008-11-16 13:58 135,168 --a------ c:\windows\system32\extmgr32.dll
2008-11-13 18:36 . 2008-11-15 20:44 1,848 --ahs---- c:\windows\system32\GroupPolicy000.dat
2008-11-11 18:12 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-08 11:36 . 2008-11-08 11:36 <DIR> d-------- c:\program files\Common Files\SWF Studio
2008-11-04 18:27 . 2008-11-04 18:27 0 --a------ c:\windows\PowerReg.dat
2008-11-04 18:21 . 2008-11-04 18:21 <DIR> d-------- c:\program files\Infogrames Interactive
2008-11-02 16:58 . 2008-11-02 16:58 <DIR> d-------- c:\documents and settings\Diana\Application Data\HP
2008-11-02 02:11 . 2008-11-05 21:41 <DIR> d-------- C:\CreatePhotoCalendars
2008-11-01 22:51 . 2008-11-01 22:51 <DIR> d-------- c:\program files\Nova Development
2008-11-01 22:51 . 2008-11-01 22:51 <DIR> d-------- c:\program files\Common Files\Nova Development
2008-10-30 11:42 . 2008-10-30 11:42 <DIR> d-------- c:\windows\Sun
2008-10-30 11:41 . 2008-10-30 11:41 <DIR> d-------- c:\program files\Java
2008-10-30 11:41 . 2008-11-03 23:23 <DIR> d-------- c:\program files\Google
2008-10-30 11:41 . 2008-10-30 11:41 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-30 11:41 . 2008-10-30 11:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-28 17:09 . 2008-10-28 17:09 0 --a------ c:\windows\system32\sam.ini
2008-10-28 14:25 . 2008-10-28 19:12 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-10-28 12:19 . 2008-10-28 12:19 <DIR> d-------- c:\documents and settings\Scott\Application Data\Atari
2008-10-28 12:08 . 2008-10-28 12:08 <DIR> d-------- c:\documents and settings\Scott\Application Data\DivX
2008-10-26 20:48 . 2008-10-26 20:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-10-26 19:30 . 2008-10-26 19:30 <DIR> d-------- c:\documents and settings\Scott\Application Data\Yahoo!
2008-10-26 18:59 . 2008-10-26 18:59 <DIR> d-------- c:\documents and settings\Diana\Application Data\Yahoo!
2008-10-26 18:19 . 2008-10-26 18:19 <DIR> d-------- c:\program files\Electronic Arts
2008-10-26 18:08 . 2008-10-26 18:08 <DIR> d-------- c:\program files\Rockstar Games
2008-10-26 18:05 . 2008-10-26 18:05 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Yahoo!
2008-10-26 17:59 . 2008-11-04 07:44 <DIR> d-------- c:\program files\Yahoo!
2008-10-26 17:59 . 2008-10-27 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-26 17:56 . 2008-10-26 17:56 <DIR> d-------- c:\program files\Yahoo! Games
2008-10-26 17:42 . 2008-10-26 17:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\HP
2008-10-26 17:31 . 2008-10-26 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-10-26 17:31 . 2007-11-08 08:59 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-10-26 17:31 . 2007-10-20 17:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2008-10-26 17:29 . 2008-10-26 17:29 <DIR> d-------- c:\program files\Common Files\HP
2008-10-26 17:29 . 2008-11-03 23:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-10-26 17:28 . 2008-11-03 23:18 <DIR> d-------- c:\program files\HP
2008-10-26 17:28 . 2008-04-13 23:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-10-26 17:28 . 2008-04-13 23:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-10-26 17:28 . 2008-04-13 23:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-26 17:27 . 2008-04-13 23:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-26 17:27 . 2008-04-13 23:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-26 17:25 . 2008-10-26 17:32 157,388 --a------ c:\windows\hphins26.dat
2008-10-26 17:25 . 2007-12-12 18:01 787 --------- c:\windows\hphmdl26.dat
2008-10-25 22:43 . 2008-10-25 22:43 <DIR> d-------- c:\documents and settings\Scott\Application Data\mioObjects
2008-10-25 16:49 . 2008-10-25 16:49 <DIR> d-------- c:\program files\3D Sports Car Screensaver
2008-10-25 16:49 . 2008-02-14 16:56 10,006,528 --a------ c:\windows\system32\3D Sports Car Screensaver.scr
2008-10-25 16:49 . 2008-02-14 13:16 3,141 --a------ c:\windows\system32\3D Sports Car Screensaver.html
2008-10-25 16:44 . 2008-10-25 16:44 <DIR> d-------- c:\program files\3D Asteroids
2008-10-25 16:41 . 2008-10-28 17:20 882 --a------ c:\windows\eReg.dat
2008-10-25 16:39 . 2008-10-27 18:52 <DIR> d-------- c:\program files\Maxis
2008-10-25 16:37 . 1999-11-24 20:29 196,608 --a------ c:\windows\system32\anfysave.scr
2008-10-25 16:31 . 2008-10-25 16:31 <DIR> d-------- c:\program files\Running Clock 3D Screensaver
2008-10-25 16:31 . 2008-10-25 16:31 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\TERMINAL Studio
2008-10-25 16:31 . 2008-02-14 19:36 3,661,824 --a------ c:\windows\system32\Running Clock 3D Screensaver.scr
2008-10-25 16:31 . 2005-09-21 15:08 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-10-25 16:31 . 2005-09-21 15:08 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-10-25 16:31 . 2006-02-15 17:26 92,216 --a------ c:\windows\system32\bass.dll
2008-10-25 16:31 . 2008-02-14 19:55 3,177 --a------ c:\windows\system32\Running Clock 3D Screensaver.html
2008-10-25 16:29 . 2008-10-25 16:36 <DIR> d-------- c:\program files\Cities of Earth
2008-10-25 16:29 . 2007-09-24 00:08 2,789,376 --a------ c:\windows\system32\Cities.scr
2008-10-25 16:26 . 2008-10-25 16:26 <DIR> d-------- c:\program files\Free Matrix Reality Screensaver
2008-10-25 16:26 . 2008-07-28 12:20 3,403,776 --a------ c:\windows\system32\Free Matrix Reality Screensaver.scr
2008-10-25 16:26 . 2005-09-05 07:01 1,056,768 --a------ c:\windows\system32\FreeImage.dll
2008-10-25 16:26 . 2005-12-21 18:05 245,760 --a------ c:\windows\system32\ImxEx.dll
2008-10-25 16:22 . 2008-10-25 16:22 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\mioObjects
2008-10-25 16:22 . 2008-10-25 16:22 359,431 --a------ c:\windows\system32\mioengine.exe
2008-10-25 16:20 . 2008-10-25 16:20 <DIR> d-------- c:\program files\Proactive Information Corporation
2008-10-25 16:20 . 2004-06-21 16:47 474,431 --a------ c:\windows\system32\Realtime Weather Screen Saver 4.02.scr
2008-10-25 16:20 . 2004-08-28 02:06 61,440 --a------ c:\windows\UnDeploy.exe
2008-10-25 15:32 . 2008-10-25 15:32 <DIR> d-------- c:\documents and settings\Scott\Application Data\Symantec
2008-10-25 15:32 . 2008-10-25 15:32 <DIR> d-------- c:\documents and settings\Scott\Application Data\Shareaza
2008-10-25 15:32 . 2008-11-15 20:33 <DIR> d-------- c:\documents and settings\Scott
2008-10-25 15:25 . 2008-10-25 15:25 <DIR> d-------- c:\documents and settings\Diana\Application Data\Symantec
2008-10-25 15:25 . 2008-10-25 15:25 <DIR> d-------- c:\documents and settings\Diana\Application Data\Shareaza
2008-10-25 15:24 . 2008-11-15 23:04 <DIR> d-------- c:\documents and settings\Diana
2008-10-25 15:18 . 2008-10-25 15:18 <DIR> d-------- c:\program files\Abassis Finance Manager
2008-10-25 15:14 . 2008-10-25 15:14 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Atari
2008-10-25 15:11 . 2008-10-25 15:11 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Leadertech
2008-10-25 15:08 . 2008-10-25 15:08 <DIR> d-------- c:\program files\Atari
2008-10-25 15:01 . 2008-10-25 15:01 74,582 --a------ c:\windows\Uninstal.exe
2008-10-25 14:59 . 2008-10-25 14:59 <DIR> d-------- c:\program files\Free 3D Valley Screensaver
2008-10-25 14:59 . 2008-10-25 14:59 <DIR> d-------- c:\program files\Active Volcano 3D Screensaver
2008-10-25 14:59 . 2008-07-28 10:10 8,073,216 --a------ c:\windows\system32\Free 3D Valley Screensaver.scr
2008-10-25 14:59 . 2008-02-14 17:02 6,008,832 --a------ c:\windows\system32\Active Volcano 3D Screensaver.scr
2008-10-25 14:59 . 2008-02-14 13:38 3,186 --a------ c:\windows\system32\Active Volcano 3D Screensaver.html
2008-10-25 14:58 . 2008-10-25 15:04 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\MechCAD
2008-10-25 14:58 . 2007-02-13 14:53 13,619,200 --a------ c:\windows\system32\Solar System 3D Screensaver.scr
2008-10-25 14:58 . 2007-02-09 13:05 3,226 --a------ c:\windows\system32\SolarSystem3DScreensaver.html
2008-10-25 14:56 . 2008-10-25 14:58 <DIR> d-------- c:\program files\Astro Gemini Software
2008-10-25 14:56 . 2008-10-25 14:56 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Astro Gemini Software
2008-10-25 14:56 . 2008-08-28 10:25 7,938,048 --a------ c:\windows\system32\Planet Earth 3D Screensaver.scr
2008-10-25 14:56 . 2007-11-06 16:46 106,496 --a------ c:\windows\system32\Astro Gemini Screensaver Manager.scr
2008-10-25 14:54 . 2004-10-06 18:38 3,446,272 --a------ c:\windows\Light Driver 2.stg
2008-10-25 14:54 . 2004-10-06 18:22 794,624 --a------ c:\windows\Light Driver 2.scr
2008-10-25 14:54 . 1999-06-25 10:55 149,504 --a------ c:\windows\UNWISE.EXE
2008-10-25 14:52 . 2007-11-23 13:18 9,005,490 --a------ c:\windows\kaleidoscopia.exe
2008-10-25 14:52 . 2008-10-25 14:52 639,995 --a------ c:\windows\unins000.exe
2008-10-25 14:52 . 2007-12-03 09:32 280,064 --a------ c:\windows\kaleidoscopia.scr
2008-10-25 14:52 . 2008-10-25 14:52 894 --a------ c:\windows\unins000.dat
2008-10-24 18:59 . 2008-11-08 11:40 <DIR> d-------- c:\program files\AdvancedDVDPlayer
2008-10-24 17:53 . 2008-10-24 18:01 <DIR> d-------- c:\program files\Shareaza
2008-10-24 17:53 . 2008-10-24 17:53 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Shareaza
2008-10-24 17:44 . 2008-04-14 01:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-10-24 17:44 . 2008-04-14 01:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-10-24 17:44 . 2001-08-17 14:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-10-24 17:44 . 2001-08-17 14:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-10-24 17:43 . 2008-10-24 17:43 <DIR> d-------- c:\program files\PHILIPS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:18 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:37 --------- d-----w c:\program files\Common Files\Adobe
2008-10-23 09:00 315,392 ----a-w c:\windows\HideWin.exe
2008-10-23 08:59 --------- d-----w c:\program files\Intel
2008-10-23 08:55 --------- d-----w c:\documents and settings\Richard Fedie\Application Data\InterTrust
2008-10-23 08:54 --------- d-----w c:\program files\MSXML 4.0
2008-10-23 08:44 --------- d-----w c:\program files\microsoft frontpage
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-10-15 16:30 148,242 ----a-w c:\program files\Common Files\ReportPreview.app
.
((((((((((((((((((((((((((((( snapshot@2008-11-16_13.13.10.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-17 18:15:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_564.dat
+ 2008-11-17 18:15:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_65c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-16 4347120]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-02-24 196709]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-02 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\10f6fd16502]
2008-11-16 13:58 135168 c:\windows\system32\extmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\extmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-24 149352]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys [2008-10-24 7548]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-11-16 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart\ErrorSmart.exe []
2008-11-16 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart []
2008-11-11 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Richard Fedie.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 19:19]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 12:35:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\System32\extmgr32.dll
PROCESS: c:\windows\system32\lsass.exe
-> c:\windows\System32\extmgr32.dll
.
Completion time: 2008-11-17 12:35:57
ComboFix-quarantined-files.txt 2008-11-17 18:35:55
ComboFix2.txt 2008-11-16 19:13:20
Pre-Run: 474,449,739,776 bytes free
Post-Run: 474,459,586,560 bytes free
252 --- E O F --- 2008-11-15 21:09:14
ComboFix 08-11-16.05 - Richard Fedie 2008-11-17 12:34:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2915 [GMT -6:00]
Running from: c:\documents and settings\Richard Fedie\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.
2008-11-16 02:18 . 2008-11-16 02:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-16 02:17 . 2008-11-16 02:17 <DIR> d-------- c:\documents and settings\Administrator
2008-11-15 19:00 . 2008-11-16 01:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2008-11-15 16:17 . 2008-11-15 16:40 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-11-14 21:16 . 2008-11-14 21:16 <DIR> d-------- c:\documents and settings\Diana\Application Data\Malwarebytes
2008-11-14 20:38 . 2008-11-14 20:38 <DIR> d-------- c:\documents and settings\Scott\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-14 19:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-13 23:29 . 2008-11-13 23:29 <DIR> d-------- c:\program files\Windows Defender
2008-11-13 21:59 . 2008-11-13 22:07 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-11-13 21:59 . 2008-11-13 22:07 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-11-13 21:50 . 2008-04-14 06:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-13 19:50 . 2008-11-13 19:50 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\ErrorSmart
2008-11-13 18:46 . 2008-11-15 20:52 8,269 --a------ c:\windows\GnuHashes.ini
2008-11-13 18:36 . 2008-11-16 14:00 <DIR> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-11-13 18:36 . 2008-11-16 13:58 135,168 --a------ c:\windows\system32\extmgr32.dll
2008-11-13 18:36 . 2008-11-15 20:44 1,848 --ahs---- c:\windows\system32\GroupPolicy000.dat
2008-11-11 18:12 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-08 11:36 . 2008-11-08 11:36 <DIR> d-------- c:\program files\Common Files\SWF Studio
2008-11-04 18:27 . 2008-11-04 18:27 0 --a------ c:\windows\PowerReg.dat
2008-11-04 18:21 . 2008-11-04 18:21 <DIR> d-------- c:\program files\Infogrames Interactive
2008-11-02 16:58 . 2008-11-02 16:58 <DIR> d-------- c:\documents and settings\Diana\Application Data\HP
2008-11-02 02:11 . 2008-11-05 21:41 <DIR> d-------- C:\CreatePhotoCalendars
2008-11-01 22:51 . 2008-11-01 22:51 <DIR> d-------- c:\program files\Nova Development
2008-11-01 22:51 . 2008-11-01 22:51 <DIR> d-------- c:\program files\Common Files\Nova Development
2008-10-30 11:42 . 2008-10-30 11:42 <DIR> d-------- c:\windows\Sun
2008-10-30 11:41 . 2008-10-30 11:41 <DIR> d-------- c:\program files\Java
2008-10-30 11:41 . 2008-11-03 23:23 <DIR> d-------- c:\program files\Google
2008-10-30 11:41 . 2008-10-30 11:41 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-30 11:41 . 2008-10-30 11:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-28 17:09 . 2008-10-28 17:09 0 --a------ c:\windows\system32\sam.ini
2008-10-28 14:25 . 2008-10-28 19:12 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-10-28 12:19 . 2008-10-28 12:19 <DIR> d-------- c:\documents and settings\Scott\Application Data\Atari
2008-10-28 12:08 . 2008-10-28 12:08 <DIR> d-------- c:\documents and settings\Scott\Application Data\DivX
2008-10-26 20:48 . 2008-10-26 20:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-10-26 19:30 . 2008-10-26 19:30 <DIR> d-------- c:\documents and settings\Scott\Application Data\Yahoo!
2008-10-26 18:59 . 2008-10-26 18:59 <DIR> d-------- c:\documents and settings\Diana\Application Data\Yahoo!
2008-10-26 18:19 . 2008-10-26 18:19 <DIR> d-------- c:\program files\Electronic Arts
2008-10-26 18:08 . 2008-10-26 18:08 <DIR> d-------- c:\program files\Rockstar Games
2008-10-26 18:05 . 2008-10-26 18:05 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Yahoo!
2008-10-26 17:59 . 2008-11-04 07:44 <DIR> d-------- c:\program files\Yahoo!
2008-10-26 17:59 . 2008-10-27 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-26 17:56 . 2008-10-26 17:56 <DIR> d-------- c:\program files\Yahoo! Games
2008-10-26 17:42 . 2008-10-26 17:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\HP
2008-10-26 17:31 . 2008-10-26 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-10-26 17:31 . 2007-11-08 08:59 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-10-26 17:31 . 2007-10-20 17:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2008-10-26 17:29 . 2008-10-26 17:29 <DIR> d-------- c:\program files\Common Files\HP
2008-10-26 17:29 . 2008-11-03 23:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-10-26 17:28 . 2008-11-03 23:18 <DIR> d-------- c:\program files\HP
2008-10-26 17:28 . 2008-04-13 23:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-10-26 17:28 . 2008-04-13 23:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-10-26 17:28 . 2008-04-13 23:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-26 17:27 . 2008-04-13 23:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-26 17:27 . 2008-04-13 23:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-26 17:25 . 2008-10-26 17:32 157,388 --a------ c:\windows\hphins26.dat
2008-10-26 17:25 . 2007-12-12 18:01 787 --------- c:\windows\hphmdl26.dat
2008-10-25 22:43 . 2008-10-25 22:43 <DIR> d-------- c:\documents and settings\Scott\Application Data\mioObjects
2008-10-25 16:49 . 2008-10-25 16:49 <DIR> d-------- c:\program files\3D Sports Car Screensaver
2008-10-25 16:49 . 2008-02-14 16:56 10,006,528 --a------ c:\windows\system32\3D Sports Car Screensaver.scr
2008-10-25 16:49 . 2008-02-14 13:16 3,141 --a------ c:\windows\system32\3D Sports Car Screensaver.html
2008-10-25 16:44 . 2008-10-25 16:44 <DIR> d-------- c:\program files\3D Asteroids
2008-10-25 16:41 . 2008-10-28 17:20 882 --a------ c:\windows\eReg.dat
2008-10-25 16:39 . 2008-10-27 18:52 <DIR> d-------- c:\program files\Maxis
2008-10-25 16:37 . 1999-11-24 20:29 196,608 --a------ c:\windows\system32\anfysave.scr
2008-10-25 16:31 . 2008-10-25 16:31 <DIR> d-------- c:\program files\Running Clock 3D Screensaver
2008-10-25 16:31 . 2008-10-25 16:31 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\TERMINAL Studio
2008-10-25 16:31 . 2008-02-14 19:36 3,661,824 --a------ c:\windows\system32\Running Clock 3D Screensaver.scr
2008-10-25 16:31 . 2005-09-21 15:08 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-10-25 16:31 . 2005-09-21 15:08 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-10-25 16:31 . 2006-02-15 17:26 92,216 --a------ c:\windows\system32\bass.dll
2008-10-25 16:31 . 2008-02-14 19:55 3,177 --a------ c:\windows\system32\Running Clock 3D Screensaver.html
2008-10-25 16:29 . 2008-10-25 16:36 <DIR> d-------- c:\program files\Cities of Earth
2008-10-25 16:29 . 2007-09-24 00:08 2,789,376 --a------ c:\windows\system32\Cities.scr
2008-10-25 16:26 . 2008-10-25 16:26 <DIR> d-------- c:\program files\Free Matrix Reality Screensaver
2008-10-25 16:26 . 2008-07-28 12:20 3,403,776 --a------ c:\windows\system32\Free Matrix Reality Screensaver.scr
2008-10-25 16:26 . 2005-09-05 07:01 1,056,768 --a------ c:\windows\system32\FreeImage.dll
2008-10-25 16:26 . 2005-12-21 18:05 245,760 --a------ c:\windows\system32\ImxEx.dll
2008-10-25 16:22 . 2008-10-25 16:22 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\mioObjects
2008-10-25 16:22 . 2008-10-25 16:22 359,431 --a------ c:\windows\system32\mioengine.exe
2008-10-25 16:20 . 2008-10-25 16:20 <DIR> d-------- c:\program files\Proactive Information Corporation
2008-10-25 16:20 . 2004-06-21 16:47 474,431 --a------ c:\windows\system32\Realtime Weather Screen Saver 4.02.scr
2008-10-25 16:20 . 2004-08-28 02:06 61,440 --a------ c:\windows\UnDeploy.exe
2008-10-25 15:32 . 2008-10-25 15:32 <DIR> d-------- c:\documents and settings\Scott\Application Data\Symantec
2008-10-25 15:32 . 2008-10-25 15:32 <DIR> d-------- c:\documents and settings\Scott\Application Data\Shareaza
2008-10-25 15:32 . 2008-11-15 20:33 <DIR> d-------- c:\documents and settings\Scott
2008-10-25 15:25 . 2008-10-25 15:25 <DIR> d-------- c:\documents and settings\Diana\Application Data\Symantec
2008-10-25 15:25 . 2008-10-25 15:25 <DIR> d-------- c:\documents and settings\Diana\Application Data\Shareaza
2008-10-25 15:24 . 2008-11-15 23:04 <DIR> d-------- c:\documents and settings\Diana
2008-10-25 15:18 . 2008-10-25 15:18 <DIR> d-------- c:\program files\Abassis Finance Manager
2008-10-25 15:14 . 2008-10-25 15:14 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Atari
2008-10-25 15:11 . 2008-10-25 15:11 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Leadertech
2008-10-25 15:08 . 2008-10-25 15:08 <DIR> d-------- c:\program files\Atari
2008-10-25 15:01 . 2008-10-25 15:01 74,582 --a------ c:\windows\Uninstal.exe
2008-10-25 14:59 . 2008-10-25 14:59 <DIR> d-------- c:\program files\Free 3D Valley Screensaver
2008-10-25 14:59 . 2008-10-25 14:59 <DIR> d-------- c:\program files\Active Volcano 3D Screensaver
2008-10-25 14:59 . 2008-07-28 10:10 8,073,216 --a------ c:\windows\system32\Free 3D Valley Screensaver.scr
2008-10-25 14:59 . 2008-02-14 17:02 6,008,832 --a------ c:\windows\system32\Active Volcano 3D Screensaver.scr
2008-10-25 14:59 . 2008-02-14 13:38 3,186 --a------ c:\windows\system32\Active Volcano 3D Screensaver.html
2008-10-25 14:58 . 2008-10-25 15:04 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\MechCAD
2008-10-25 14:58 . 2007-02-13 14:53 13,619,200 --a------ c:\windows\system32\Solar System 3D Screensaver.scr
2008-10-25 14:58 . 2007-02-09 13:05 3,226 --a------ c:\windows\system32\SolarSystem3DScreensaver.html
2008-10-25 14:56 . 2008-10-25 14:58 <DIR> d-------- c:\program files\Astro Gemini Software
2008-10-25 14:56 . 2008-10-25 14:56 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Astro Gemini Software
2008-10-25 14:56 . 2008-08-28 10:25 7,938,048 --a------ c:\windows\system32\Planet Earth 3D Screensaver.scr
2008-10-25 14:56 . 2007-11-06 16:46 106,496 --a------ c:\windows\system32\Astro Gemini Screensaver Manager.scr
2008-10-25 14:54 . 2004-10-06 18:38 3,446,272 --a------ c:\windows\Light Driver 2.stg
2008-10-25 14:54 . 2004-10-06 18:22 794,624 --a------ c:\windows\Light Driver 2.scr
2008-10-25 14:54 . 1999-06-25 10:55 149,504 --a------ c:\windows\UNWISE.EXE
2008-10-25 14:52 . 2007-11-23 13:18 9,005,490 --a------ c:\windows\kaleidoscopia.exe
2008-10-25 14:52 . 2008-10-25 14:52 639,995 --a------ c:\windows\unins000.exe
2008-10-25 14:52 . 2007-12-03 09:32 280,064 --a------ c:\windows\kaleidoscopia.scr
2008-10-25 14:52 . 2008-10-25 14:52 894 --a------ c:\windows\unins000.dat
2008-10-24 18:59 . 2008-11-08 11:40 <DIR> d-------- c:\program files\AdvancedDVDPlayer
2008-10-24 17:53 . 2008-10-24 18:01 <DIR> d-------- c:\program files\Shareaza
2008-10-24 17:53 . 2008-10-24 17:53 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Shareaza
2008-10-24 17:44 . 2008-04-14 01:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-10-24 17:44 . 2008-04-14 01:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-10-24 17:44 . 2001-08-17 14:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-10-24 17:44 . 2001-08-17 14:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-10-24 17:43 . 2008-10-24 17:43 <DIR> d-------- c:\program files\PHILIPS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:18 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:37 --------- d-----w c:\program files\Common Files\Adobe
2008-10-23 09:00 315,392 ----a-w c:\windows\HideWin.exe
2008-10-23 08:59 --------- d-----w c:\program files\Intel
2008-10-23 08:55 --------- d-----w c:\documents and settings\Richard Fedie\Application Data\InterTrust
2008-10-23 08:54 --------- d-----w c:\program files\MSXML 4.0
2008-10-23 08:44 --------- d-----w c:\program files\microsoft frontpage
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-10-15 16:30 148,242 ----a-w c:\program files\Common Files\ReportPreview.app
.
((((((((((((((((((((((((((((( snapshot@2008-11-16_13.13.10.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-17 18:15:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_564.dat
+ 2008-11-17 18:15:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_65c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-16 4347120]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-02-24 196709]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-02 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\10f6fd16502]
2008-11-16 13:58 135168 c:\windows\system32\extmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\extmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-24 149352]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys [2008-10-24 7548]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-11-16 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart\ErrorSmart.exe []
2008-11-16 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart []
2008-11-11 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Richard Fedie.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 19:19]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 12:35:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\System32\extmgr32.dll
PROCESS: c:\windows\system32\lsass.exe
-> c:\windows\System32\extmgr32.dll
.
Completion time: 2008-11-17 12:35:57
ComboFix-quarantined-files.txt 2008-11-17 18:35:55
ComboFix2.txt 2008-11-16 19:13:20
Pre-Run: 474,449,739,776 bytes free
Post-Run: 474,459,586,560 bytes free
252 --- E O F --- 2008-11-15 21:09:14
•
•
Join Date: Jul 2008
Posts: 3,021
Reputation: 
Solved Threads: 172
Ok, just checking to be sure.
I "think" (which is dangerous in itesefl) now, after going through both this log and the original that the problem may lie with the program Error Smart. It was installed on 11-13-2008 along with our "friend"extmgr32.dll and 3 other entries which came on at pretty much the same time.
Can you see if you can Uninstall Error Smart? I am not familiar with the program but found several references when searching for information that it can be questionable.
I "think" (which is dangerous in itesefl) now, after going through both this log and the original that the problem may lie with the program Error Smart. It was installed on 11-13-2008 along with our "friend"extmgr32.dll and 3 other entries which came on at pretty much the same time.
Can you see if you can Uninstall Error Smart? I am not familiar with the program but found several references when searching for information that it can be questionable.
Last edited by jholland1964; Nov 17th, 2008 at 4:44 pm.
Well error smart does not show up in the add or remove programs. But, I searched for files and folders named errorsmart and found a folder and a file. The folder was in the application data folder. The file was in C:\WINDOWS\Tasks\ and is called ErrorSmart Scheduled Scan.job.
I have deleted both and emptied my recycle bin.
Only thing on the 13th that I remember installing is Windows Defender after I had the virus or whatever. Do you know what the rest of the files are or should I go in and try to delete them too?
I have deleted both and emptied my recycle bin.
Only thing on the 13th that I remember installing is Windows Defender after I had the virus or whatever. Do you know what the rest of the files are or should I go in and try to delete them too?
•
•
Join Date: Jul 2008
Posts: 3,021
Reputation:
Solved Threads: 172
The Error Smart was installed BEFORE Windows Defender was, appears to be about 1 hour before.
The other files installed at the same time are the following;
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\extmgr32.dll
c:\windows\system32\GroupPolicy000.dat
I would recommend that you boot to Safe Mode and try to remove them.
The other files installed at the same time are the following;
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\extmgr32.dll
c:\windows\system32\GroupPolicy000.dat
I would recommend that you boot to Safe Mode and try to remove them.
I opened c:\windows\system32\GroupPolicy000.dat in notebood and it is a list of websites most of which seem to be GWebCache's.
The folder c:\windows\system32\GroupPolicyManifest contains
c:\windows\system32\GroupPolicyManifest\1.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.free_access_to_150_adult_sites.zip.kwd
c:\windows\system32\GroupPolicyManifest\3.free_adult_videos.zip.kwd
c:\windows\system32\GroupPolicyManifest\4.free_porn_passwords.zip.kwd
c:\windows\system32\GroupPolicyManifest\5.installer.zip.kwd
c:\windows\system32\GroupPolicyManifest\6.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\7.nocd.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.nodvd.zip.kwd
c:\windows\system32\GroupPolicyManifest\9.patch.zip.kwd
c:\windows\system32\GroupPolicyManifest\10.serial.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.music.mp3
c:\windows\system32\GroupPolicyManifest\13.music.mp3.kwd
c:\windows\GnuHashes.ini Looks like some kind of computer code that says how to use the above mentioned files.
Should I actually keep this stuff and give it to someone that programs antivirus programs? I figure this is pretty new or something pretty bad since nothing I have found will remove it.
I'll wait to hear back before I do anything.
The folder c:\windows\system32\GroupPolicyManifest contains
c:\windows\system32\GroupPolicyManifest\1.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.free_access_to_150_adult_sites.zip.kwd
c:\windows\system32\GroupPolicyManifest\3.free_adult_videos.zip.kwd
c:\windows\system32\GroupPolicyManifest\4.free_porn_passwords.zip.kwd
c:\windows\system32\GroupPolicyManifest\5.installer.zip.kwd
c:\windows\system32\GroupPolicyManifest\6.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\7.nocd.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.nodvd.zip.kwd
c:\windows\system32\GroupPolicyManifest\9.patch.zip.kwd
c:\windows\system32\GroupPolicyManifest\10.serial.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.music.mp3
c:\windows\system32\GroupPolicyManifest\13.music.mp3.kwd
c:\windows\GnuHashes.ini Looks like some kind of computer code that says how to use the above mentioned files.
Should I actually keep this stuff and give it to someone that programs antivirus programs? I figure this is pretty new or something pretty bad since nothing I have found will remove it.
I'll wait to hear back before I do anything.
Last edited by mellowyelloe; Nov 17th, 2008 at 8:51 pm.
•
•
Join Date: Jul 2008
Posts: 3,021
Reputation:
Solved Threads: 172
•
•
•
•
Originally Posted by mellowyelloe 
Should I actually keep this stuff and give it to someone that programs antivirus programs? I figure this is pretty new or something pretty bad since nothing I have found will remove it.
I'll wait to hear back before I do anything.
Upload
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\extmgr32.dll
c:\windows\system32\GroupPolicy000.dat
To http://virusscan.jotti.org/
Each one will be scanned by multiple scanners to see if they are bad and what they are.
Post back with the results of each.
GREAT SUGGESTION!
Judy
|
Other Threads in the Viruses, Spyware and other Nasties Forum
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg bar blackhat botnet botnets censorship commercial commercials conficker connect crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirecting reliability report research risk samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted usa virus viruses vista war warning windows worm yahoo zeroday
