 |  |  |  |  |  |  |  |
extmgr32.dll problem
 |
Shareaza was reinstalled on 10-24-08. This is a new computer that I built several months ago but I just recently got internet on 10-21, and I had shareaza installed with no virus protection at all. Tried downloading a program to convert mpg to dvd, and it was a virus. I had to reformat my computer that time. First and the last time I'd try to get a program off of P2P. I just use P2P sharing for old movies and old music that I just can't seem to find anywhere else. Now I have Norton Internet Security. Everything you see installed I or my roommate payed for. Here is the new ComboFix log. Thanks again.
ComboFix 08-11-16.05 - Richard Fedie 2008-11-17 12:34:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2915 [GMT -6:00]
Running from: c:\documents and settings\Richard Fedie\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.
2008-11-16 02:18 . 2008-11-16 02:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-16 02:17 . 2008-11-16 02:17 <DIR> d-------- c:\documents and settings\Administrator
2008-11-15 19:00 . 2008-11-16 01:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2008-11-15 16:17 . 2008-11-15 16:40 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-11-14 21:16 . 2008-11-14 21:16 <DIR> d-------- c:\documents and settings\Diana\Application Data\Malwarebytes
2008-11-14 20:38 . 2008-11-14 20:38 <DIR> d-------- c:\documents and settings\Scott\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-14 19:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-13 23:29 . 2008-11-13 23:29 <DIR> d-------- c:\program files\Windows Defender
2008-11-13 21:59 . 2008-11-13 22:07 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-11-13 21:59 . 2008-11-13 22:07 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-11-13 21:50 . 2008-04-14 06:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-13 19:50 . 2008-11-13 19:50 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\ErrorSmart
2008-11-13 18:46 . 2008-11-15 20:52 8,269 --a------ c:\windows\GnuHashes.ini
2008-11-13 18:36 . 2008-11-16 14:00 <DIR> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-11-13 18:36 . 2008-11-16 13:58 135,168 --a------ c:\windows\system32\extmgr32.dll
2008-11-13 18:36 . 2008-11-15 20:44 1,848 --ahs---- c:\windows\system32\GroupPolicy000.dat
2008-11-11 18:12 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-08 11:36 . 2008-11-08 11:36 <DIR> d-------- c:\program files\Common Files\SWF Studio
2008-11-04 18:27 . 2008-11-04 18:27 0 --a------ c:\windows\PowerReg.dat
2008-11-04 18:21 . 2008-11-04 18:21 <DIR> d-------- c:\program files\Infogrames Interactive
2008-11-02 16:58 . 2008-11-02 16:58 <DIR> d-------- c:\documents and settings\Diana\Application Data\HP
2008-11-02 02:11 . 2008-11-05 21:41 <DIR> d-------- C:\CreatePhotoCalendars
2008-11-01 22:51 . 2008-11-01 22:51 <DIR> d-------- c:\program files\Nova Development
2008-11-01 22:51 . 2008-11-01 22:51 <DIR> d-------- c:\program files\Common Files\Nova Development
2008-10-30 11:42 . 2008-10-30 11:42 <DIR> d-------- c:\windows\Sun
2008-10-30 11:41 . 2008-10-30 11:41 <DIR> d-------- c:\program files\Java
2008-10-30 11:41 . 2008-11-03 23:23 <DIR> d-------- c:\program files\Google
2008-10-30 11:41 . 2008-10-30 11:41 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-30 11:41 . 2008-10-30 11:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-28 17:09 . 2008-10-28 17:09 0 --a------ c:\windows\system32\sam.ini
2008-10-28 14:25 . 2008-10-28 19:12 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-10-28 12:19 . 2008-10-28 12:19 <DIR> d-------- c:\documents and settings\Scott\Application Data\Atari
2008-10-28 12:08 . 2008-10-28 12:08 <DIR> d-------- c:\documents and settings\Scott\Application Data\DivX
2008-10-26 20:48 . 2008-10-26 20:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-10-26 19:30 . 2008-10-26 19:30 <DIR> d-------- c:\documents and settings\Scott\Application Data\Yahoo!
2008-10-26 18:59 . 2008-10-26 18:59 <DIR> d-------- c:\documents and settings\Diana\Application Data\Yahoo!
2008-10-26 18:19 . 2008-10-26 18:19 <DIR> d-------- c:\program files\Electronic Arts
2008-10-26 18:08 . 2008-10-26 18:08 <DIR> d-------- c:\program files\Rockstar Games
2008-10-26 18:05 . 2008-10-26 18:05 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Yahoo!
2008-10-26 17:59 . 2008-11-04 07:44 <DIR> d-------- c:\program files\Yahoo!
2008-10-26 17:59 . 2008-10-27 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-26 17:56 . 2008-10-26 17:56 <DIR> d-------- c:\program files\Yahoo! Games
2008-10-26 17:42 . 2008-10-26 17:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\HP
2008-10-26 17:31 . 2008-10-26 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-10-26 17:31 . 2007-11-08 08:59 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-10-26 17:31 . 2007-10-20 17:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2008-10-26 17:29 . 2008-10-26 17:29 <DIR> d-------- c:\program files\Common Files\HP
2008-10-26 17:29 . 2008-11-03 23:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-10-26 17:28 . 2008-11-03 23:18 <DIR> d-------- c:\program files\HP
2008-10-26 17:28 . 2008-04-13 23:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-10-26 17:28 . 2008-04-13 23:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-10-26 17:28 . 2008-04-13 23:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-26 17:27 . 2008-04-13 23:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-26 17:27 . 2008-04-13 23:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-26 17:25 . 2008-10-26 17:32 157,388 --a------ c:\windows\hphins26.dat
2008-10-26 17:25 . 2007-12-12 18:01 787 --------- c:\windows\hphmdl26.dat
2008-10-25 22:43 . 2008-10-25 22:43 <DIR> d-------- c:\documents and settings\Scott\Application Data\mioObjects
2008-10-25 16:49 . 2008-10-25 16:49 <DIR> d-------- c:\program files\3D Sports Car Screensaver
2008-10-25 16:49 . 2008-02-14 16:56 10,006,528 --a------ c:\windows\system32\3D Sports Car Screensaver.scr
2008-10-25 16:49 . 2008-02-14 13:16 3,141 --a------ c:\windows\system32\3D Sports Car Screensaver.html
2008-10-25 16:44 . 2008-10-25 16:44 <DIR> d-------- c:\program files\3D Asteroids
2008-10-25 16:41 . 2008-10-28 17:20 882 --a------ c:\windows\eReg.dat
2008-10-25 16:39 . 2008-10-27 18:52 <DIR> d-------- c:\program files\Maxis
2008-10-25 16:37 . 1999-11-24 20:29 196,608 --a------ c:\windows\system32\anfysave.scr
2008-10-25 16:31 . 2008-10-25 16:31 <DIR> d-------- c:\program files\Running Clock 3D Screensaver
2008-10-25 16:31 . 2008-10-25 16:31 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\TERMINAL Studio
2008-10-25 16:31 . 2008-02-14 19:36 3,661,824 --a------ c:\windows\system32\Running Clock 3D Screensaver.scr
2008-10-25 16:31 . 2005-09-21 15:08 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-10-25 16:31 . 2005-09-21 15:08 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-10-25 16:31 . 2006-02-15 17:26 92,216 --a------ c:\windows\system32\bass.dll
2008-10-25 16:31 . 2008-02-14 19:55 3,177 --a------ c:\windows\system32\Running Clock 3D Screensaver.html
2008-10-25 16:29 . 2008-10-25 16:36 <DIR> d-------- c:\program files\Cities of Earth
2008-10-25 16:29 . 2007-09-24 00:08 2,789,376 --a------ c:\windows\system32\Cities.scr
2008-10-25 16:26 . 2008-10-25 16:26 <DIR> d-------- c:\program files\Free Matrix Reality Screensaver
2008-10-25 16:26 . 2008-07-28 12:20 3,403,776 --a------ c:\windows\system32\Free Matrix Reality Screensaver.scr
2008-10-25 16:26 . 2005-09-05 07:01 1,056,768 --a------ c:\windows\system32\FreeImage.dll
2008-10-25 16:26 . 2005-12-21 18:05 245,760 --a------ c:\windows\system32\ImxEx.dll
2008-10-25 16:22 . 2008-10-25 16:22 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\mioObjects
2008-10-25 16:22 . 2008-10-25 16:22 359,431 --a------ c:\windows\system32\mioengine.exe
2008-10-25 16:20 . 2008-10-25 16:20 <DIR> d-------- c:\program files\Proactive Information Corporation
2008-10-25 16:20 . 2004-06-21 16:47 474,431 --a------ c:\windows\system32\Realtime Weather Screen Saver 4.02.scr
2008-10-25 16:20 . 2004-08-28 02:06 61,440 --a------ c:\windows\UnDeploy.exe
2008-10-25 15:32 . 2008-10-25 15:32 <DIR> d-------- c:\documents and settings\Scott\Application Data\Symantec
2008-10-25 15:32 . 2008-10-25 15:32 <DIR> d-------- c:\documents and settings\Scott\Application Data\Shareaza
2008-10-25 15:32 . 2008-11-15 20:33 <DIR> d-------- c:\documents and settings\Scott
2008-10-25 15:25 . 2008-10-25 15:25 <DIR> d-------- c:\documents and settings\Diana\Application Data\Symantec
2008-10-25 15:25 . 2008-10-25 15:25 <DIR> d-------- c:\documents and settings\Diana\Application Data\Shareaza
2008-10-25 15:24 . 2008-11-15 23:04 <DIR> d-------- c:\documents and settings\Diana
2008-10-25 15:18 . 2008-10-25 15:18 <DIR> d-------- c:\program files\Abassis Finance Manager
2008-10-25 15:14 . 2008-10-25 15:14 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Atari
2008-10-25 15:11 . 2008-10-25 15:11 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Leadertech
2008-10-25 15:08 . 2008-10-25 15:08 <DIR> d-------- c:\program files\Atari
2008-10-25 15:01 . 2008-10-25 15:01 74,582 --a------ c:\windows\Uninstal.exe
2008-10-25 14:59 . 2008-10-25 14:59 <DIR> d-------- c:\program files\Free 3D Valley Screensaver
2008-10-25 14:59 . 2008-10-25 14:59 <DIR> d-------- c:\program files\Active Volcano 3D Screensaver
2008-10-25 14:59 . 2008-07-28 10:10 8,073,216 --a------ c:\windows\system32\Free 3D Valley Screensaver.scr
2008-10-25 14:59 . 2008-02-14 17:02 6,008,832 --a------ c:\windows\system32\Active Volcano 3D Screensaver.scr
2008-10-25 14:59 . 2008-02-14 13:38 3,186 --a------ c:\windows\system32\Active Volcano 3D Screensaver.html
2008-10-25 14:58 . 2008-10-25 15:04 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\MechCAD
2008-10-25 14:58 . 2007-02-13 14:53 13,619,200 --a------ c:\windows\system32\Solar System 3D Screensaver.scr
2008-10-25 14:58 . 2007-02-09 13:05 3,226 --a------ c:\windows\system32\SolarSystem3DScreensaver.html
2008-10-25 14:56 . 2008-10-25 14:58 <DIR> d-------- c:\program files\Astro Gemini Software
2008-10-25 14:56 . 2008-10-25 14:56 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Astro Gemini Software
2008-10-25 14:56 . 2008-08-28 10:25 7,938,048 --a------ c:\windows\system32\Planet Earth 3D Screensaver.scr
2008-10-25 14:56 . 2007-11-06 16:46 106,496 --a------ c:\windows\system32\Astro Gemini Screensaver Manager.scr
2008-10-25 14:54 . 2004-10-06 18:38 3,446,272 --a------ c:\windows\Light Driver 2.stg
2008-10-25 14:54 . 2004-10-06 18:22 794,624 --a------ c:\windows\Light Driver 2.scr
2008-10-25 14:54 . 1999-06-25 10:55 149,504 --a------ c:\windows\UNWISE.EXE
2008-10-25 14:52 . 2007-11-23 13:18 9,005,490 --a------ c:\windows\kaleidoscopia.exe
2008-10-25 14:52 . 2008-10-25 14:52 639,995 --a------ c:\windows\unins000.exe
2008-10-25 14:52 . 2007-12-03 09:32 280,064 --a------ c:\windows\kaleidoscopia.scr
2008-10-25 14:52 . 2008-10-25 14:52 894 --a------ c:\windows\unins000.dat
2008-10-24 18:59 . 2008-11-08 11:40 <DIR> d-------- c:\program files\AdvancedDVDPlayer
2008-10-24 17:53 . 2008-10-24 18:01 <DIR> d-------- c:\program files\Shareaza
2008-10-24 17:53 . 2008-10-24 17:53 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Shareaza
2008-10-24 17:44 . 2008-04-14 01:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-10-24 17:44 . 2008-04-14 01:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-10-24 17:44 . 2001-08-17 14:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-10-24 17:44 . 2001-08-17 14:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-10-24 17:43 . 2008-10-24 17:43 <DIR> d-------- c:\program files\PHILIPS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:18 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:37 --------- d-----w c:\program files\Common Files\Adobe
2008-10-23 09:00 315,392 ----a-w c:\windows\HideWin.exe
2008-10-23 08:59 --------- d-----w c:\program files\Intel
2008-10-23 08:55 --------- d-----w c:\documents and settings\Richard Fedie\Application Data\InterTrust
2008-10-23 08:54 --------- d-----w c:\program files\MSXML 4.0
2008-10-23 08:44 --------- d-----w c:\program files\microsoft frontpage
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-10-15 16:30 148,242 ----a-w c:\program files\Common Files\ReportPreview.app
.
((((((((((((((((((((((((((((( snapshot@2008-11-16_13.13.10.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-17 18:15:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_564.dat
+ 2008-11-17 18:15:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_65c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-16 4347120]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-02-24 196709]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-02 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\10f6fd16502]
2008-11-16 13:58 135168 c:\windows\system32\extmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\extmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-24 149352]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys [2008-10-24 7548]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-11-16 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart\ErrorSmart.exe []
2008-11-16 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart []
2008-11-11 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Richard Fedie.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 19:19]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 12:35:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\System32\extmgr32.dll
PROCESS: c:\windows\system32\lsass.exe
-> c:\windows\System32\extmgr32.dll
.
Completion time: 2008-11-17 12:35:57
ComboFix-quarantined-files.txt 2008-11-17 18:35:55
ComboFix2.txt 2008-11-16 19:13:20
Pre-Run: 474,449,739,776 bytes free
Post-Run: 474,459,586,560 bytes free
252 --- E O F --- 2008-11-15 21:09:14
ComboFix 08-11-16.05 - Richard Fedie 2008-11-17 12:34:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2915 [GMT -6:00]
Running from: c:\documents and settings\Richard Fedie\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.
2008-11-16 02:18 . 2008-11-16 02:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-16 02:17 . 2008-11-16 02:17 <DIR> d-------- c:\documents and settings\Administrator
2008-11-15 19:00 . 2008-11-16 01:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2008-11-15 16:17 . 2008-11-15 16:40 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-11-14 21:16 . 2008-11-14 21:16 <DIR> d-------- c:\documents and settings\Diana\Application Data\Malwarebytes
2008-11-14 20:38 . 2008-11-14 20:38 <DIR> d-------- c:\documents and settings\Scott\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-14 19:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-13 23:29 . 2008-11-13 23:29 <DIR> d-------- c:\program files\Windows Defender
2008-11-13 21:59 . 2008-11-13 22:07 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-11-13 21:59 . 2008-11-13 22:07 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-11-13 21:50 . 2008-04-14 06:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-13 19:50 . 2008-11-13 19:50 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\ErrorSmart
2008-11-13 18:46 . 2008-11-15 20:52 8,269 --a------ c:\windows\GnuHashes.ini
2008-11-13 18:36 . 2008-11-16 14:00 <DIR> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-11-13 18:36 . 2008-11-16 13:58 135,168 --a------ c:\windows\system32\extmgr32.dll
2008-11-13 18:36 . 2008-11-15 20:44 1,848 --ahs---- c:\windows\system32\GroupPolicy000.dat
2008-11-11 18:12 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-08 11:36 . 2008-11-08 11:36 <DIR> d-------- c:\program files\Common Files\SWF Studio
2008-11-04 18:27 . 2008-11-04 18:27 0 --a------ c:\windows\PowerReg.dat
2008-11-04 18:21 . 2008-11-04 18:21 <DIR> d-------- c:\program files\Infogrames Interactive
2008-11-02 16:58 . 2008-11-02 16:58 <DIR> d-------- c:\documents and settings\Diana\Application Data\HP
2008-11-02 02:11 . 2008-11-05 21:41 <DIR> d-------- C:\CreatePhotoCalendars
2008-11-01 22:51 . 2008-11-01 22:51 <DIR> d-------- c:\program files\Nova Development
2008-11-01 22:51 . 2008-11-01 22:51 <DIR> d-------- c:\program files\Common Files\Nova Development
2008-10-30 11:42 . 2008-10-30 11:42 <DIR> d-------- c:\windows\Sun
2008-10-30 11:41 . 2008-10-30 11:41 <DIR> d-------- c:\program files\Java
2008-10-30 11:41 . 2008-11-03 23:23 <DIR> d-------- c:\program files\Google
2008-10-30 11:41 . 2008-10-30 11:41 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-30 11:41 . 2008-10-30 11:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-28 17:09 . 2008-10-28 17:09 0 --a------ c:\windows\system32\sam.ini
2008-10-28 14:25 . 2008-10-28 19:12 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-10-28 12:19 . 2008-10-28 12:19 <DIR> d-------- c:\documents and settings\Scott\Application Data\Atari
2008-10-28 12:08 . 2008-10-28 12:08 <DIR> d-------- c:\documents and settings\Scott\Application Data\DivX
2008-10-26 20:48 . 2008-10-26 20:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-10-26 19:30 . 2008-10-26 19:30 <DIR> d-------- c:\documents and settings\Scott\Application Data\Yahoo!
2008-10-26 18:59 . 2008-10-26 18:59 <DIR> d-------- c:\documents and settings\Diana\Application Data\Yahoo!
2008-10-26 18:19 . 2008-10-26 18:19 <DIR> d-------- c:\program files\Electronic Arts
2008-10-26 18:08 . 2008-10-26 18:08 <DIR> d-------- c:\program files\Rockstar Games
2008-10-26 18:05 . 2008-10-26 18:05 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Yahoo!
2008-10-26 17:59 . 2008-11-04 07:44 <DIR> d-------- c:\program files\Yahoo!
2008-10-26 17:59 . 2008-10-27 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-26 17:56 . 2008-10-26 17:56 <DIR> d-------- c:\program files\Yahoo! Games
2008-10-26 17:42 . 2008-10-26 17:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\HP
2008-10-26 17:31 . 2008-10-26 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-10-26 17:31 . 2007-11-08 08:59 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-10-26 17:31 . 2007-10-20 17:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2008-10-26 17:29 . 2008-10-26 17:29 <DIR> d-------- c:\program files\Common Files\HP
2008-10-26 17:29 . 2008-11-03 23:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-10-26 17:28 . 2008-11-03 23:18 <DIR> d-------- c:\program files\HP
2008-10-26 17:28 . 2008-04-13 23:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-10-26 17:28 . 2008-04-13 23:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-10-26 17:28 . 2008-04-13 23:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-26 17:27 . 2008-04-13 23:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-26 17:27 . 2008-04-13 23:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-26 17:25 . 2008-10-26 17:32 157,388 --a------ c:\windows\hphins26.dat
2008-10-26 17:25 . 2007-12-12 18:01 787 --------- c:\windows\hphmdl26.dat
2008-10-25 22:43 . 2008-10-25 22:43 <DIR> d-------- c:\documents and settings\Scott\Application Data\mioObjects
2008-10-25 16:49 . 2008-10-25 16:49 <DIR> d-------- c:\program files\3D Sports Car Screensaver
2008-10-25 16:49 . 2008-02-14 16:56 10,006,528 --a------ c:\windows\system32\3D Sports Car Screensaver.scr
2008-10-25 16:49 . 2008-02-14 13:16 3,141 --a------ c:\windows\system32\3D Sports Car Screensaver.html
2008-10-25 16:44 . 2008-10-25 16:44 <DIR> d-------- c:\program files\3D Asteroids
2008-10-25 16:41 . 2008-10-28 17:20 882 --a------ c:\windows\eReg.dat
2008-10-25 16:39 . 2008-10-27 18:52 <DIR> d-------- c:\program files\Maxis
2008-10-25 16:37 . 1999-11-24 20:29 196,608 --a------ c:\windows\system32\anfysave.scr
2008-10-25 16:31 . 2008-10-25 16:31 <DIR> d-------- c:\program files\Running Clock 3D Screensaver
2008-10-25 16:31 . 2008-10-25 16:31 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\TERMINAL Studio
2008-10-25 16:31 . 2008-02-14 19:36 3,661,824 --a------ c:\windows\system32\Running Clock 3D Screensaver.scr
2008-10-25 16:31 . 2005-09-21 15:08 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-10-25 16:31 . 2005-09-21 15:08 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-10-25 16:31 . 2006-02-15 17:26 92,216 --a------ c:\windows\system32\bass.dll
2008-10-25 16:31 . 2008-02-14 19:55 3,177 --a------ c:\windows\system32\Running Clock 3D Screensaver.html
2008-10-25 16:29 . 2008-10-25 16:36 <DIR> d-------- c:\program files\Cities of Earth
2008-10-25 16:29 . 2007-09-24 00:08 2,789,376 --a------ c:\windows\system32\Cities.scr
2008-10-25 16:26 . 2008-10-25 16:26 <DIR> d-------- c:\program files\Free Matrix Reality Screensaver
2008-10-25 16:26 . 2008-07-28 12:20 3,403,776 --a------ c:\windows\system32\Free Matrix Reality Screensaver.scr
2008-10-25 16:26 . 2005-09-05 07:01 1,056,768 --a------ c:\windows\system32\FreeImage.dll
2008-10-25 16:26 . 2005-12-21 18:05 245,760 --a------ c:\windows\system32\ImxEx.dll
2008-10-25 16:22 . 2008-10-25 16:22 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\mioObjects
2008-10-25 16:22 . 2008-10-25 16:22 359,431 --a------ c:\windows\system32\mioengine.exe
2008-10-25 16:20 . 2008-10-25 16:20 <DIR> d-------- c:\program files\Proactive Information Corporation
2008-10-25 16:20 . 2004-06-21 16:47 474,431 --a------ c:\windows\system32\Realtime Weather Screen Saver 4.02.scr
2008-10-25 16:20 . 2004-08-28 02:06 61,440 --a------ c:\windows\UnDeploy.exe
2008-10-25 15:32 . 2008-10-25 15:32 <DIR> d-------- c:\documents and settings\Scott\Application Data\Symantec
2008-10-25 15:32 . 2008-10-25 15:32 <DIR> d-------- c:\documents and settings\Scott\Application Data\Shareaza
2008-10-25 15:32 . 2008-11-15 20:33 <DIR> d-------- c:\documents and settings\Scott
2008-10-25 15:25 . 2008-10-25 15:25 <DIR> d-------- c:\documents and settings\Diana\Application Data\Symantec
2008-10-25 15:25 . 2008-10-25 15:25 <DIR> d-------- c:\documents and settings\Diana\Application Data\Shareaza
2008-10-25 15:24 . 2008-11-15 23:04 <DIR> d-------- c:\documents and settings\Diana
2008-10-25 15:18 . 2008-10-25 15:18 <DIR> d-------- c:\program files\Abassis Finance Manager
2008-10-25 15:14 . 2008-10-25 15:14 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Atari
2008-10-25 15:11 . 2008-10-25 15:11 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Leadertech
2008-10-25 15:08 . 2008-10-25 15:08 <DIR> d-------- c:\program files\Atari
2008-10-25 15:01 . 2008-10-25 15:01 74,582 --a------ c:\windows\Uninstal.exe
2008-10-25 14:59 . 2008-10-25 14:59 <DIR> d-------- c:\program files\Free 3D Valley Screensaver
2008-10-25 14:59 . 2008-10-25 14:59 <DIR> d-------- c:\program files\Active Volcano 3D Screensaver
2008-10-25 14:59 . 2008-07-28 10:10 8,073,216 --a------ c:\windows\system32\Free 3D Valley Screensaver.scr
2008-10-25 14:59 . 2008-02-14 17:02 6,008,832 --a------ c:\windows\system32\Active Volcano 3D Screensaver.scr
2008-10-25 14:59 . 2008-02-14 13:38 3,186 --a------ c:\windows\system32\Active Volcano 3D Screensaver.html
2008-10-25 14:58 . 2008-10-25 15:04 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\MechCAD
2008-10-25 14:58 . 2007-02-13 14:53 13,619,200 --a------ c:\windows\system32\Solar System 3D Screensaver.scr
2008-10-25 14:58 . 2007-02-09 13:05 3,226 --a------ c:\windows\system32\SolarSystem3DScreensaver.html
2008-10-25 14:56 . 2008-10-25 14:58 <DIR> d-------- c:\program files\Astro Gemini Software
2008-10-25 14:56 . 2008-10-25 14:56 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Astro Gemini Software
2008-10-25 14:56 . 2008-08-28 10:25 7,938,048 --a------ c:\windows\system32\Planet Earth 3D Screensaver.scr
2008-10-25 14:56 . 2007-11-06 16:46 106,496 --a------ c:\windows\system32\Astro Gemini Screensaver Manager.scr
2008-10-25 14:54 . 2004-10-06 18:38 3,446,272 --a------ c:\windows\Light Driver 2.stg
2008-10-25 14:54 . 2004-10-06 18:22 794,624 --a------ c:\windows\Light Driver 2.scr
2008-10-25 14:54 . 1999-06-25 10:55 149,504 --a------ c:\windows\UNWISE.EXE
2008-10-25 14:52 . 2007-11-23 13:18 9,005,490 --a------ c:\windows\kaleidoscopia.exe
2008-10-25 14:52 . 2008-10-25 14:52 639,995 --a------ c:\windows\unins000.exe
2008-10-25 14:52 . 2007-12-03 09:32 280,064 --a------ c:\windows\kaleidoscopia.scr
2008-10-25 14:52 . 2008-10-25 14:52 894 --a------ c:\windows\unins000.dat
2008-10-24 18:59 . 2008-11-08 11:40 <DIR> d-------- c:\program files\AdvancedDVDPlayer
2008-10-24 17:53 . 2008-10-24 18:01 <DIR> d-------- c:\program files\Shareaza
2008-10-24 17:53 . 2008-10-24 17:53 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Shareaza
2008-10-24 17:44 . 2008-04-14 01:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-10-24 17:44 . 2008-04-14 01:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-10-24 17:44 . 2001-08-17 14:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-10-24 17:44 . 2001-08-17 14:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-10-24 17:43 . 2008-10-24 17:43 <DIR> d-------- c:\program files\PHILIPS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:18 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:37 --------- d-----w c:\program files\Common Files\Adobe
2008-10-23 09:00 315,392 ----a-w c:\windows\HideWin.exe
2008-10-23 08:59 --------- d-----w c:\program files\Intel
2008-10-23 08:55 --------- d-----w c:\documents and settings\Richard Fedie\Application Data\InterTrust
2008-10-23 08:54 --------- d-----w c:\program files\MSXML 4.0
2008-10-23 08:44 --------- d-----w c:\program files\microsoft frontpage
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-10-15 16:30 148,242 ----a-w c:\program files\Common Files\ReportPreview.app
.
((((((((((((((((((((((((((((( snapshot@2008-11-16_13.13.10.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-17 18:15:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_564.dat
+ 2008-11-17 18:15:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_65c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-16 4347120]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-02-24 196709]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-02 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\10f6fd16502]
2008-11-16 13:58 135168 c:\windows\system32\extmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\extmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-24 149352]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys [2008-10-24 7548]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-11-16 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart\ErrorSmart.exe []
2008-11-16 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart []
2008-11-11 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Richard Fedie.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 19:19]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 12:35:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\System32\extmgr32.dll
PROCESS: c:\windows\system32\lsass.exe
-> c:\windows\System32\extmgr32.dll
.
Completion time: 2008-11-17 12:35:57
ComboFix-quarantined-files.txt 2008-11-17 18:35:55
ComboFix2.txt 2008-11-16 19:13:20
Pre-Run: 474,449,739,776 bytes free
Post-Run: 474,459,586,560 bytes free
252 --- E O F --- 2008-11-15 21:09:14
•
•
Join Date: Jul 2008
Posts: 2,960
Reputation: 
Solved Threads: 169
Ok, just checking to be sure.
I "think" (which is dangerous in itesefl) now, after going through both this log and the original that the problem may lie with the program Error Smart. It was installed on 11-13-2008 along with our "friend"extmgr32.dll and 3 other entries which came on at pretty much the same time.
Can you see if you can Uninstall Error Smart? I am not familiar with the program but found several references when searching for information that it can be questionable.
I "think" (which is dangerous in itesefl) now, after going through both this log and the original that the problem may lie with the program Error Smart. It was installed on 11-13-2008 along with our "friend"extmgr32.dll and 3 other entries which came on at pretty much the same time.
Can you see if you can Uninstall Error Smart? I am not familiar with the program but found several references when searching for information that it can be questionable.
Last edited by jholland1964; Nov 17th, 2008 at 4:44 pm.
Well error smart does not show up in the add or remove programs. But, I searched for files and folders named errorsmart and found a folder and a file. The folder was in the application data folder. The file was in C:\WINDOWS\Tasks\ and is called ErrorSmart Scheduled Scan.job.
I have deleted both and emptied my recycle bin.
Only thing on the 13th that I remember installing is Windows Defender after I had the virus or whatever. Do you know what the rest of the files are or should I go in and try to delete them too?
I have deleted both and emptied my recycle bin.
Only thing on the 13th that I remember installing is Windows Defender after I had the virus or whatever. Do you know what the rest of the files are or should I go in and try to delete them too?
•
•
Join Date: Jul 2008
Posts: 2,960
Reputation:
Solved Threads: 169
The Error Smart was installed BEFORE Windows Defender was, appears to be about 1 hour before.
The other files installed at the same time are the following;
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\extmgr32.dll
c:\windows\system32\GroupPolicy000.dat
I would recommend that you boot to Safe Mode and try to remove them.
The other files installed at the same time are the following;
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\extmgr32.dll
c:\windows\system32\GroupPolicy000.dat
I would recommend that you boot to Safe Mode and try to remove them.
I opened c:\windows\system32\GroupPolicy000.dat in notebood and it is a list of websites most of which seem to be GWebCache's.
The folder c:\windows\system32\GroupPolicyManifest contains
c:\windows\system32\GroupPolicyManifest\1.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.free_access_to_150_adult_sites.zip.kwd
c:\windows\system32\GroupPolicyManifest\3.free_adult_videos.zip.kwd
c:\windows\system32\GroupPolicyManifest\4.free_porn_passwords.zip.kwd
c:\windows\system32\GroupPolicyManifest\5.installer.zip.kwd
c:\windows\system32\GroupPolicyManifest\6.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\7.nocd.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.nodvd.zip.kwd
c:\windows\system32\GroupPolicyManifest\9.patch.zip.kwd
c:\windows\system32\GroupPolicyManifest\10.serial.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.music.mp3
c:\windows\system32\GroupPolicyManifest\13.music.mp3.kwd
c:\windows\GnuHashes.ini Looks like some kind of computer code that says how to use the above mentioned files.
Should I actually keep this stuff and give it to someone that programs antivirus programs? I figure this is pretty new or something pretty bad since nothing I have found will remove it.
I'll wait to hear back before I do anything.
The folder c:\windows\system32\GroupPolicyManifest contains
c:\windows\system32\GroupPolicyManifest\1.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.free_access_to_150_adult_sites.zip.kwd
c:\windows\system32\GroupPolicyManifest\3.free_adult_videos.zip.kwd
c:\windows\system32\GroupPolicyManifest\4.free_porn_passwords.zip.kwd
c:\windows\system32\GroupPolicyManifest\5.installer.zip.kwd
c:\windows\system32\GroupPolicyManifest\6.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\7.nocd.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.nodvd.zip.kwd
c:\windows\system32\GroupPolicyManifest\9.patch.zip.kwd
c:\windows\system32\GroupPolicyManifest\10.serial.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.music.mp3
c:\windows\system32\GroupPolicyManifest\13.music.mp3.kwd
c:\windows\GnuHashes.ini Looks like some kind of computer code that says how to use the above mentioned files.
Should I actually keep this stuff and give it to someone that programs antivirus programs? I figure this is pretty new or something pretty bad since nothing I have found will remove it.
I'll wait to hear back before I do anything.
Last edited by mellowyelloe; Nov 17th, 2008 at 8:51 pm.
•
•
Join Date: Jul 2008
Posts: 2,960
Reputation:
Solved Threads: 169
•
•
•
•
Originally Posted by mellowyelloe 
Should I actually keep this stuff and give it to someone that programs antivirus programs? I figure this is pretty new or something pretty bad since nothing I have found will remove it.
I'll wait to hear back before I do anything.
Upload
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\extmgr32.dll
c:\windows\system32\GroupPolicy000.dat
To http://virusscan.jotti.org/
Each one will be scanned by multiple scanners to see if they are bad and what they are.
Post back with the results of each.
GREAT SUGGESTION!
Judy
|
Other Threads in the Viruses, Spyware and other Nasties Forum
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
