 |  |  |  |  |  |  |  |
Virus - Yes, i do have a virus
Thread Solved |
•
•
Join Date: Nov 2008
Posts: 816
Reputation: 
Solved Threads: 42
Practically a Posting Shark
Hey Guys,
Well Guess what?? I have a virus, i don't know how i got it, but i have one.
My protection is Comodo Firewall and Avast.
I have ran Malwarebytes on a quick scan (log is below) and now running Malwarebytes on a Full scan. I have check HJT and checked all of the things, and i see nothing wrong. I also ran Combo fix and nothing came up.
Side affects - well, i can't get into msconfig. When i rebooted, my PC said that the registry had been editted. My Start Menu is different to what i had it. My Quick Launch Bar was no longer there. My computer will randomly freeze, i'll have firefox, itunes, and windows live messenger going and... it'll freeze, now it has been doing this for the past 5 days or so, and it's starting to annoy me.
I have the appropriate logs below.
Malwarebytes - Quick Scan
Malwarebytes' Anti-Malware 1.31
Database version: 1551
Windows 5.1.2600 Service Pack 3
2008-12-27 08:50:15
mbam-log-2008-12-27 (08-50-15).txt
Scan type: Quick Scan
Objects scanned: 43214
Time elapsed: 3 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:41 AM, on 12/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IndieVolume\IndieVolume.GUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndieVolume] C:\Program Files\IndieVolume\IndieVolume.GUI.exe -startup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 7012 bytes
Combo Fix
ComboFix 08-12-24.01 - Cohen Lewis 2008-12-27 8:54:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1526 [GMT 11:00]
Running from: c:\documents and settings\Cohen Lewis\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
c:\program files\IndieVolume\IndieVolume.CLI.dll
c:\program files\IndieVolume\IndieVolume.Hook.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NETSERVICE
-------\Service_NetService
((((((((((((((((((((((((( Files Created from 2008-11-26 to 2008-12-26 )))))))))))))))))))))))))))))))
.
2008-12-26 20:56 . 2008-12-26 20:56 <DIR> d-------- c:\program files\Macromedia
2008-12-26 20:56 . 2008-12-26 20:57 <DIR> d-------- c:\program files\Common Files\Macromedia
2008-12-26 20:55 . 2008-12-26 20:55 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-25 22:28 . 2008-12-25 22:28 <DIR> d-------- c:\program files\Trend Micro
2008-12-25 10:30 . 2008-12-25 10:30 <DIR> d-------- c:\program files\Common Files\muvee Technologies
2008-12-25 10:30 . 2007-02-09 15:30 1,079,808 -ra------ c:\windows\system32\mfc80u.dll
2008-12-25 10:30 . 2007-02-09 15:30 626,688 -ra------ c:\windows\system32\msvcr80.dll
2008-12-25 10:30 . 2007-02-09 15:30 548,864 -ra------ c:\windows\system32\msvcp80.dll
2008-12-25 10:30 . 2007-02-09 15:30 95,744 -ra------ c:\windows\system32\atl80.dll
2008-12-25 10:29 . 2008-12-25 10:29 <DIR> d-------- c:\program files\OLYMPUS
2008-12-25 10:28 . 2008-12-25 10:28 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-24 09:23 . 2008-12-24 09:23 <DIR> d-------- c:\windows\Google Earth Pro 4.2
2008-12-21 16:51 . 2008-12-21 17:04 <DIR> d-------- c:\temp\D--
2008-12-21 16:51 . 2008-12-21 16:51 <DIR> d-------- C:\Temp
2008-12-21 16:33 . 2008-12-21 16:33 <DIR> d-------- c:\program files\Audacity 1.3 Beta (Unicode)
2008-12-21 16:33 . 2008-12-25 22:12 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\Audacity
2008-12-21 16:14 . 2008-12-21 16:14 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\dvdcss
2008-12-21 16:13 . 2008-12-21 17:02 <DIR> d-------- c:\program files\Xilisoft
2008-12-21 16:13 . 2005-11-21 16:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2008-12-21 16:13 . 2005-11-21 16:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2008-12-19 21:30 . 2008-12-19 21:30 <DIR> d-------- c:\program files\PC Wizard 2008
2008-12-19 21:30 . 2007-09-15 15:11 27,136 --a------ c:\windows\system32\PCWizard.cpl
2008-12-18 19:05 . 2008-12-18 19:05 <DIR> d-------- c:\program files\Bonjour
2008-12-18 16:17 . 2008-12-18 16:17 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\CopyTrans
2008-12-18 16:13 . 2008-12-18 16:13 <DIR> d-------- c:\program files\WindSolutions
2008-12-18 16:13 . 2008-12-18 16:13 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\CopyTransControlCenter
2008-12-18 16:13 . 2008-12-18 16:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\CopyTransControlCenter
2008-12-15 17:51 . 2008-12-17 09:52 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\Nero
2008-12-15 17:34 . 2008-12-15 17:34 <DIR> d-------- c:\program files\Windows Sidebar
2008-12-15 17:22 . 2008-12-15 17:35 <DIR> d-------- c:\program files\Nero
2008-12-15 17:21 . 2008-12-15 17:50 <DIR> d-------- c:\program files\Common Files\Nero
2008-12-15 17:21 . 2008-12-15 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-12-13 16:36 . 2008-12-13 16:36 <DIR> d-------- c:\program files\SmartFTP Client
2008-12-13 16:36 . 2008-12-13 16:36 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\SmartFTP
2008-12-13 16:35 . 2008-12-13 16:35 <DIR> d-------- c:\program files\SmartFTP Client 3.0 Setup Files
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-11 13:17 . 2008-12-11 13:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-11 11:18 . 2008-12-11 11:18 <DIR> d-------- c:\windows\Sun
2008-12-10 20:26 . 2008-12-27 08:53 <DIR> d-------- c:\program files\IndieVolume
2008-12-10 20:23 . 2008-12-10 20:23 <DIR> d-------- c:\program files\F-Group
2008-12-10 20:13 . 2008-12-10 20:13 <DIR> d-------- c:\program files\AskBarDis
2008-12-10 20:13 . 2008-12-10 20:13 249,592 --a------ c:\windows\system32\cssdll32.dll
2008-12-10 20:12 . 2008-12-10 20:13 <DIR> d-------- c:\program files\COMODO
2008-12-10 20:12 . 2008-12-11 08:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2008-12-10 20:12 . 2008-12-10 20:12 147,192 --a------ c:\windows\system32\guard32.dll
2008-12-10 20:12 . 2008-12-10 20:12 101,776 --a------ c:\windows\system32\drivers\cmdguard.sys
2008-12-10 20:12 . 2008-12-10 20:12 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys
2008-12-10 20:11 . 2008-12-10 20:11 <DIR> d-------- c:\program files\Yahoo!
2008-12-10 20:11 . 2008-12-10 20:11 <DIR> d-------- c:\program files\CCleaner
2008-12-10 20:11 . 2008-12-10 20:11 <DIR> d-------- c:\program files\Alwil Software
2008-12-10 20:11 . 2003-03-19 07:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-12-10 17:42 . 2008-12-10 17:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-10 17:42 . 2008-12-10 17:42 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\Malwarebytes
2008-12-10 17:42 . 2008-12-10 17:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-10 17:42 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 17:42 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 13:29 . 2008-12-25 16:03 1,324 --a------ c:\windows\system32\d3d9caps.dat
2008-12-10 09:48 . 2008-12-10 09:48 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-10 09:47 . 2008-12-26 20:13 419 --a------ c:\windows\BRWMARK.INI
2008-12-10 09:47 . 2008-12-26 20:13 27 --a------ c:\windows\BRPP2KA.INI
2008-12-09 20:40 . 2008-12-09 20:40 <DIR> d-------- c:\program files\VDOWNLOADER
2008-12-09 20:40 . 2008-12-10 09:31 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\Desktopicon
2008-12-09 20:14 . 2008-12-09 20:14 <DIR> d-------- c:\program files\Free iPod Video Converter
2008-12-09 20:14 . 2004-05-25 17:06 417,792 --a------ c:\windows\system32\ac3filter.ax
2008-12-09 20:14 . 2005-02-27 21:48 356,352 --a------ c:\windows\system32\RealMediaSplitter.ax
2008-12-09 20:14 . 2004-01-10 17:02 258,048 --a------ c:\windows\system32\GplMpgDec.ax
2008-12-09 16:14 . 2008-12-25 11:07 <DIR> d-------- c:\program files\VisualTool
2008-12-08 17:56 . 2008-12-08 17:56 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-12-08 17:56 . 2008-12-08 17:56 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-12-07 19:21 . 2008-12-07 19:21 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-07 18:05 . 2008-12-07 18:05 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-07 18:04 . 2008-12-13 22:30 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-07 18:04 . 2008-12-07 18:05 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-07 18:04 . 2008-12-07 18:04 <DIR> d-------- C:\da4ccae9b8e5a6de8d3edf
2008-12-07 18:04 . 2008-12-07 18:05 <DIR> d-------- C:\ad7495e8a560c27f42961255c326
2008-12-07 18:00 . 2008-12-07 18:00 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-12-07 17:44 . 2008-12-23 21:50 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\FrostWire
2008-12-07 17:42 . 2008-12-07 19:20 <DIR> d-------- c:\program files\Java
2008-12-07 17:42 . 2008-12-07 17:42 <DIR> d-------- c:\program files\Common Files\Java
2008-12-07 17:42 . 2008-12-07 19:21 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-07 17:38 . 2008-12-07 17:44 <DIR> d-------- c:\program files\FrostWire
2008-12-07 10:42 . 2008-10-17 07:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-07 10:42 . 2007-04-17 20:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-07 10:42 . 2007-03-08 16:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-07 10:42 . 2008-10-17 07:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-07 10:42 . 2008-10-17 07:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-07 10:42 . 2008-10-17 07:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-07 10:42 . 2008-10-17 07:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-07 10:42 . 2008-10-17 07:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-07 10:42 . 2008-10-17 00:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-07 08:57 . 2008-12-07 08:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-12-06 11:41 . 2008-12-13 14:15 <DIR> d-------- c:\program files\Messenger Plus! Live
2008-12-05 19:52 . 2008-06-13 22:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-05 19:52 . 2008-08-14 21:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-05 19:51 . 2008-09-08 21:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-05 19:49 . 2008-09-15 23:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-05 19:46 . 2008-08-14 21:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 19:46 . 2008-08-14 21:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 19:46 . 2008-08-14 20:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 19:46 . 2008-08-14 20:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 19:42 . 2008-10-24 22:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 19:42 . 2008-05-09 01:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-05 19:41 . 2008-04-12 06:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-05 19:41 . 2008-05-02 01:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-05 19:40 . 2008-09-05 04:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-05 19:40 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-05 17:31 . 2008-12-05 17:31 <DIR> d-------- c:\program files\uTorrent
2008-12-05 17:31 . 2008-12-27 08:46 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\uTorrent
2008-12-05 16:39 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-05 16:39 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-05 16:39 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-05 16:21 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-05 16:20 . 2008-12-05 16:20 <DIR> d-------- c:\program files\MSBuild
2008-12-05 16:20 . 2008-12-05 16:20 <DIR> d-------- c:\program files\Microsoft Works
2008-12-05 16:19 . 2008-12-05 16:19 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-05 16:18 . 2008-12-05 16:20 <DIR> d-------- c:\windows\SHELLNEW
2008-12-05 16:18 . 2008-12-05 16:18 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-12-05 16:17 . 2008-12-05 16:17 <DIR> dr-h----- C:\MSOCache
2008-12-05 16:17 . 2008-12-12 22:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-05 16:03 . 2008-04-14 05:42 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-05 16:03 . 2008-04-14 05:42 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-05 16:01 . 2008-12-05 16:02 <DIR> d-------- c:\program files\Microsoft LifeCam
2008-12-05 16:00 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-12-05 07:25 . 2008-12-05 07:25 <DIR> d-------- c:\program files\HandBrake
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 09:56 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-04 10:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 20:54 --------- d-----w c:\program files\Realtek
2008-12-03 20:53 315,392 ----a-w c:\windows\HideWin.exe
2008-12-03 20:47 --------- d-----w c:\documents and settings\Cohen Lewis\Application Data\InstallShield
2008-12-03 20:43 --------- d-----w c:\program files\microsoft frontpage
2008-12-03 20:42 558,142 ----a-w c:\windows\java\Packages\L35BPJPR.ZIP
2008-12-03 20:42 155,995 ----a-w c:\windows\java\Packages\93RNPRFL.ZIP
2008-11-25 08:45 2,283,027 ----a-w c:\windows\system32\x264vfw.dll
2008-11-24 14:32 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"IndieVolume"="c:\program files\IndieVolume\IndieVolume.GUI.exe" [2008-10-25 1807872]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-12-05 270128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-27 81000]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-12-10 278264]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2008-12-10 1797880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Cohen Lewis^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Cohen Lewis\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-10-31 10:51 57344 c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-06-30 10:54 269104 c:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-31 09:35 7634944 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-31 09:35 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-07 19:21 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
--a------ 2006-06-30 10:55 707376 c:\windows\vVX3000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 21:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-31 09:35 1622016 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
-ra------ 2005-05-03 22:38 64512 c:\windows\system32\P17.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-02-26 18:03 16125440 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 21:04 2879488 c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-10 111184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-12-10 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-12-10 31504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-10 20560]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-11-25 935208]
.
Contents of the 'Scheduled Tasks' folder
2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Cohen Lewis\Application Data\Mozilla\Firefox\Profiles\ekq4a86n.default\
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: browser.search.selectedEngine - GoogleCOM.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 08:56:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-27 8:57:10
ComboFix-quarantined-files.txt 2008-12-26 21:57:08
Pre-Run: 256,486,735,872 bytes free
Post-Run: 257,542,991,872 bytes free
292 --- E O F --- 2008-12-12 11:30:01
Also, MBA-M running full scan now, has found no threats, and that is in 4 mins....
Anyway, pls help guys, i have no idea where to go from here.
Thanks,
Cohen
Well Guess what?? I have a virus, i don't know how i got it, but i have one.
My protection is Comodo Firewall and Avast.
I have ran Malwarebytes on a quick scan (log is below) and now running Malwarebytes on a Full scan. I have check HJT and checked all of the things, and i see nothing wrong. I also ran Combo fix and nothing came up.
Side affects - well, i can't get into msconfig. When i rebooted, my PC said that the registry had been editted. My Start Menu is different to what i had it. My Quick Launch Bar was no longer there. My computer will randomly freeze, i'll have firefox, itunes, and windows live messenger going and... it'll freeze, now it has been doing this for the past 5 days or so, and it's starting to annoy me.
I have the appropriate logs below.
Malwarebytes - Quick Scan
Malwarebytes' Anti-Malware 1.31
Database version: 1551
Windows 5.1.2600 Service Pack 3
2008-12-27 08:50:15
mbam-log-2008-12-27 (08-50-15).txt
Scan type: Quick Scan
Objects scanned: 43214
Time elapsed: 3 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:41 AM, on 12/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IndieVolume\IndieVolume.GUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndieVolume] C:\Program Files\IndieVolume\IndieVolume.GUI.exe -startup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 7012 bytes
Combo Fix
ComboFix 08-12-24.01 - Cohen Lewis 2008-12-27 8:54:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1526 [GMT 11:00]
Running from: c:\documents and settings\Cohen Lewis\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
c:\program files\IndieVolume\IndieVolume.CLI.dll
c:\program files\IndieVolume\IndieVolume.Hook.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NETSERVICE
-------\Service_NetService
((((((((((((((((((((((((( Files Created from 2008-11-26 to 2008-12-26 )))))))))))))))))))))))))))))))
.
2008-12-26 20:56 . 2008-12-26 20:56 <DIR> d-------- c:\program files\Macromedia
2008-12-26 20:56 . 2008-12-26 20:57 <DIR> d-------- c:\program files\Common Files\Macromedia
2008-12-26 20:55 . 2008-12-26 20:55 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-25 22:28 . 2008-12-25 22:28 <DIR> d-------- c:\program files\Trend Micro
2008-12-25 10:30 . 2008-12-25 10:30 <DIR> d-------- c:\program files\Common Files\muvee Technologies
2008-12-25 10:30 . 2007-02-09 15:30 1,079,808 -ra------ c:\windows\system32\mfc80u.dll
2008-12-25 10:30 . 2007-02-09 15:30 626,688 -ra------ c:\windows\system32\msvcr80.dll
2008-12-25 10:30 . 2007-02-09 15:30 548,864 -ra------ c:\windows\system32\msvcp80.dll
2008-12-25 10:30 . 2007-02-09 15:30 95,744 -ra------ c:\windows\system32\atl80.dll
2008-12-25 10:29 . 2008-12-25 10:29 <DIR> d-------- c:\program files\OLYMPUS
2008-12-25 10:28 . 2008-12-25 10:28 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-24 09:23 . 2008-12-24 09:23 <DIR> d-------- c:\windows\Google Earth Pro 4.2
2008-12-21 16:51 . 2008-12-21 17:04 <DIR> d-------- c:\temp\D--
2008-12-21 16:51 . 2008-12-21 16:51 <DIR> d-------- C:\Temp
2008-12-21 16:33 . 2008-12-21 16:33 <DIR> d-------- c:\program files\Audacity 1.3 Beta (Unicode)
2008-12-21 16:33 . 2008-12-25 22:12 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\Audacity
2008-12-21 16:14 . 2008-12-21 16:14 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\dvdcss
2008-12-21 16:13 . 2008-12-21 17:02 <DIR> d-------- c:\program files\Xilisoft
2008-12-21 16:13 . 2005-11-21 16:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2008-12-21 16:13 . 2005-11-21 16:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2008-12-19 21:30 . 2008-12-19 21:30 <DIR> d-------- c:\program files\PC Wizard 2008
2008-12-19 21:30 . 2007-09-15 15:11 27,136 --a------ c:\windows\system32\PCWizard.cpl
2008-12-18 19:05 . 2008-12-18 19:05 <DIR> d-------- c:\program files\Bonjour
2008-12-18 16:17 . 2008-12-18 16:17 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\CopyTrans
2008-12-18 16:13 . 2008-12-18 16:13 <DIR> d-------- c:\program files\WindSolutions
2008-12-18 16:13 . 2008-12-18 16:13 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\CopyTransControlCenter
2008-12-18 16:13 . 2008-12-18 16:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\CopyTransControlCenter
2008-12-15 17:51 . 2008-12-17 09:52 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\Nero
2008-12-15 17:34 . 2008-12-15 17:34 <DIR> d-------- c:\program files\Windows Sidebar
2008-12-15 17:22 . 2008-12-15 17:35 <DIR> d-------- c:\program files\Nero
2008-12-15 17:21 . 2008-12-15 17:50 <DIR> d-------- c:\program files\Common Files\Nero
2008-12-15 17:21 . 2008-12-15 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-12-13 16:36 . 2008-12-13 16:36 <DIR> d-------- c:\program files\SmartFTP Client
2008-12-13 16:36 . 2008-12-13 16:36 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\SmartFTP
2008-12-13 16:35 . 2008-12-13 16:35 <DIR> d-------- c:\program files\SmartFTP Client 3.0 Setup Files
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-11 13:17 . 2008-12-11 13:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-11 11:18 . 2008-12-11 11:18 <DIR> d-------- c:\windows\Sun
2008-12-10 20:26 . 2008-12-27 08:53 <DIR> d-------- c:\program files\IndieVolume
2008-12-10 20:23 . 2008-12-10 20:23 <DIR> d-------- c:\program files\F-Group
2008-12-10 20:13 . 2008-12-10 20:13 <DIR> d-------- c:\program files\AskBarDis
2008-12-10 20:13 . 2008-12-10 20:13 249,592 --a------ c:\windows\system32\cssdll32.dll
2008-12-10 20:12 . 2008-12-10 20:13 <DIR> d-------- c:\program files\COMODO
2008-12-10 20:12 . 2008-12-11 08:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2008-12-10 20:12 . 2008-12-10 20:12 147,192 --a------ c:\windows\system32\guard32.dll
2008-12-10 20:12 . 2008-12-10 20:12 101,776 --a------ c:\windows\system32\drivers\cmdguard.sys
2008-12-10 20:12 . 2008-12-10 20:12 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys
2008-12-10 20:11 . 2008-12-10 20:11 <DIR> d-------- c:\program files\Yahoo!
2008-12-10 20:11 . 2008-12-10 20:11 <DIR> d-------- c:\program files\CCleaner
2008-12-10 20:11 . 2008-12-10 20:11 <DIR> d-------- c:\program files\Alwil Software
2008-12-10 20:11 . 2003-03-19 07:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-12-10 17:42 . 2008-12-10 17:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-10 17:42 . 2008-12-10 17:42 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\Malwarebytes
2008-12-10 17:42 . 2008-12-10 17:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-10 17:42 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 17:42 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 13:29 . 2008-12-25 16:03 1,324 --a------ c:\windows\system32\d3d9caps.dat
2008-12-10 09:48 . 2008-12-10 09:48 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-10 09:47 . 2008-12-26 20:13 419 --a------ c:\windows\BRWMARK.INI
2008-12-10 09:47 . 2008-12-26 20:13 27 --a------ c:\windows\BRPP2KA.INI
2008-12-09 20:40 . 2008-12-09 20:40 <DIR> d-------- c:\program files\VDOWNLOADER
2008-12-09 20:40 . 2008-12-10 09:31 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\Desktopicon
2008-12-09 20:14 . 2008-12-09 20:14 <DIR> d-------- c:\program files\Free iPod Video Converter
2008-12-09 20:14 . 2004-05-25 17:06 417,792 --a------ c:\windows\system32\ac3filter.ax
2008-12-09 20:14 . 2005-02-27 21:48 356,352 --a------ c:\windows\system32\RealMediaSplitter.ax
2008-12-09 20:14 . 2004-01-10 17:02 258,048 --a------ c:\windows\system32\GplMpgDec.ax
2008-12-09 16:14 . 2008-12-25 11:07 <DIR> d-------- c:\program files\VisualTool
2008-12-08 17:56 . 2008-12-08 17:56 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-12-08 17:56 . 2008-12-08 17:56 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-12-07 19:21 . 2008-12-07 19:21 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-07 18:05 . 2008-12-07 18:05 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-07 18:04 . 2008-12-13 22:30 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-07 18:04 . 2008-12-07 18:05 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-07 18:04 . 2008-12-07 18:04 <DIR> d-------- C:\da4ccae9b8e5a6de8d3edf
2008-12-07 18:04 . 2008-12-07 18:05 <DIR> d-------- C:\ad7495e8a560c27f42961255c326
2008-12-07 18:00 . 2008-12-07 18:00 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-12-07 17:44 . 2008-12-23 21:50 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\FrostWire
2008-12-07 17:42 . 2008-12-07 19:20 <DIR> d-------- c:\program files\Java
2008-12-07 17:42 . 2008-12-07 17:42 <DIR> d-------- c:\program files\Common Files\Java
2008-12-07 17:42 . 2008-12-07 19:21 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-07 17:38 . 2008-12-07 17:44 <DIR> d-------- c:\program files\FrostWire
2008-12-07 10:42 . 2008-10-17 07:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-07 10:42 . 2007-04-17 20:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-07 10:42 . 2007-03-08 16:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-07 10:42 . 2008-10-17 07:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-07 10:42 . 2008-10-17 07:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-07 10:42 . 2008-10-17 07:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-07 10:42 . 2008-10-17 07:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-07 10:42 . 2008-10-17 07:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-07 10:42 . 2008-10-17 00:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-07 08:57 . 2008-12-07 08:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-12-06 11:41 . 2008-12-13 14:15 <DIR> d-------- c:\program files\Messenger Plus! Live
2008-12-05 19:52 . 2008-06-13 22:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-05 19:52 . 2008-08-14 21:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-05 19:51 . 2008-09-08 21:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-05 19:49 . 2008-09-15 23:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-05 19:46 . 2008-08-14 21:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 19:46 . 2008-08-14 21:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 19:46 . 2008-08-14 20:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 19:46 . 2008-08-14 20:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 19:42 . 2008-10-24 22:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 19:42 . 2008-05-09 01:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-05 19:41 . 2008-04-12 06:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-05 19:41 . 2008-05-02 01:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-12-05 19:40 . 2008-09-05 04:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-05 19:40 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-05 17:31 . 2008-12-05 17:31 <DIR> d-------- c:\program files\uTorrent
2008-12-05 17:31 . 2008-12-27 08:46 <DIR> d-------- c:\documents and settings\Cohen Lewis\Application Data\uTorrent
2008-12-05 16:39 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-05 16:39 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-05 16:39 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-05 16:21 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-05 16:20 . 2008-12-05 16:20 <DIR> d-------- c:\program files\MSBuild
2008-12-05 16:20 . 2008-12-05 16:20 <DIR> d-------- c:\program files\Microsoft Works
2008-12-05 16:19 . 2008-12-05 16:19 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-05 16:18 . 2008-12-05 16:20 <DIR> d-------- c:\windows\SHELLNEW
2008-12-05 16:18 . 2008-12-05 16:18 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-12-05 16:17 . 2008-12-05 16:17 <DIR> dr-h----- C:\MSOCache
2008-12-05 16:17 . 2008-12-12 22:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-05 16:03 . 2008-04-14 05:42 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-05 16:03 . 2008-04-14 05:42 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-05 16:01 . 2008-12-05 16:02 <DIR> d-------- c:\program files\Microsoft LifeCam
2008-12-05 16:00 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-12-05 07:25 . 2008-12-05 07:25 <DIR> d-------- c:\program files\HandBrake
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 09:56 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-04 10:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 20:54 --------- d-----w c:\program files\Realtek
2008-12-03 20:53 315,392 ----a-w c:\windows\HideWin.exe
2008-12-03 20:47 --------- d-----w c:\documents and settings\Cohen Lewis\Application Data\InstallShield
2008-12-03 20:43 --------- d-----w c:\program files\microsoft frontpage
2008-12-03 20:42 558,142 ----a-w c:\windows\java\Packages\L35BPJPR.ZIP
2008-12-03 20:42 155,995 ----a-w c:\windows\java\Packages\93RNPRFL.ZIP
2008-11-25 08:45 2,283,027 ----a-w c:\windows\system32\x264vfw.dll
2008-11-24 14:32 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"IndieVolume"="c:\program files\IndieVolume\IndieVolume.GUI.exe" [2008-10-25 1807872]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-12-05 270128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-27 81000]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-12-10 278264]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2008-12-10 1797880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Cohen Lewis^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Cohen Lewis\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-10-31 10:51 57344 c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-06-30 10:54 269104 c:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-31 09:35 7634944 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-31 09:35 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-07 19:21 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
--a------ 2006-06-30 10:55 707376 c:\windows\vVX3000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 21:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-31 09:35 1622016 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
-ra------ 2005-05-03 22:38 64512 c:\windows\system32\P17.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-02-26 18:03 16125440 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 21:04 2879488 c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-10 111184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-12-10 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-12-10 31504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-10 20560]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-11-25 935208]
.
Contents of the 'Scheduled Tasks' folder
2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Cohen Lewis\Application Data\Mozilla\Firefox\Profiles\ekq4a86n.default\
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: browser.search.selectedEngine - GoogleCOM.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 08:56:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-27 8:57:10
ComboFix-quarantined-files.txt 2008-12-26 21:57:08
Pre-Run: 256,486,735,872 bytes free
Post-Run: 257,542,991,872 bytes free
292 --- E O F --- 2008-12-12 11:30:01
Also, MBA-M running full scan now, has found no threats, and that is in 4 mins....
Anyway, pls help guys, i have no idea where to go from here.
Thanks,
Cohen
•
•
Join Date: Nov 2008
Posts: 816
Reputation:
Solved Threads: 42
Practically a Posting Shark
Here is the MBA-M log.... Nothing Found
Malwarebytes' Anti-Malware 1.31
Database version: 1551
Windows 5.1.2600 Service Pack 3
12/27/2008 10:27:42 AM
mbam-log-2008-12-27 (10-27-42).txt
Scan type: Full Scan (C:\|)
Objects scanned: 123134
Time elapsed: 1 hour(s), 0 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.31
Database version: 1551
Windows 5.1.2600 Service Pack 3
12/27/2008 10:27:42 AM
mbam-log-2008-12-27 (10-27-42).txt
Scan type: Full Scan (C:\|)
Objects scanned: 123134
Time elapsed: 1 hour(s), 0 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
•
•
Join Date: Jul 2008
Posts: 2,967
Reputation: 
Solved Threads: 169
Turn off that uTorrent for the duration. Also turn off IndieVolume
Run the ESET Online Scanner and attach the ScanLog with your post for assistance.
* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log
J
Run the ESET Online Scanner and attach the ScanLog with your post for assistance.
* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log
J
•
•
Join Date: Nov 2008
Posts: 816
Reputation:
Solved Threads: 42
Practically a Posting Shark
An update.
It's found 10 threats.
It's scanning my External Hard Drive, so it's taking a little longer.
Thanks,
Cohen
It's found 10 threats.
It's scanning my External Hard Drive, so it's taking a little longer.
Thanks,
Cohen
•
•
Join Date: Nov 2008
Posts: 816
Reputation:
Solved Threads: 42
Practically a Posting Shark
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3718 (20081226)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=dd203aded1a14149bb9b6e600e5fd396
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-27 06:35:40
# local_time=2008-12-27 05:35:40 (+1000, AUS Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=285511
# found=0
# scan_time=2911
I cancelled the scan and disconnected my external as it was going to take a long time, so yeah, my externals got some files that are legit, it's fine.
Cohen
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3718 (20081226)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=dd203aded1a14149bb9b6e600e5fd396
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-27 06:35:40
# local_time=2008-12-27 05:35:40 (+1000, AUS Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=285511
# found=0
# scan_time=2911
I cancelled the scan and disconnected my external as it was going to take a long time, so yeah, my externals got some files that are legit, it's fine.
Cohen
I had a similar (but not identical) problem with my XP 64 system; I couldn't display any system properties in the admin screen and my AV system was reported as not present. On loading, Windows said that the Registry had been changed and that it had recovered but somethings might not work properly.
The solution to this turned out to be to use the Windows CD to perform an update install on itself (without losing any application registration). That fixed it all.
Why do I mention this? Well, if no malware has been found, it has to be something else. You may never find the reason - it could be some malware that popped in, destroyed part of your system and deleted itself. Or it could have been a glitch during a write operation.
Hope that helps.
The solution to this turned out to be to use the Windows CD to perform an update install on itself (without losing any application registration). That fixed it all.
Why do I mention this? Well, if no malware has been found, it has to be something else. You may never find the reason - it could be some malware that popped in, destroyed part of your system and deleted itself. Or it could have been a glitch during a write operation.
Hope that helps.
Suspishio
My advice is at your risk
Qosmio G50-10H; T9400 2.53GHz Core 2 Duo; 4GB RAM; Vista HP (32)
nForce 680i LT; Q6600 Quad Core 2.4GHz; 8GB RAM; XP Pro (64)
Dell XPS M1710; T7200 2GHz Core 2 Duo; 2GB RAM; XP Pro (32)
My advice is at your risk
Qosmio G50-10H; T9400 2.53GHz Core 2 Duo; 4GB RAM; Vista HP (32)
nForce 680i LT; Q6600 Quad Core 2.4GHz; 8GB RAM; XP Pro (64)
Dell XPS M1710; T7200 2GHz Core 2 Duo; 2GB RAM; XP Pro (32)
•
•
•
•
Originally Posted by cohen 
So your saying, repair windows?
Being pedantic here, Windows Repair requires the Repair Console which, as you well know, enables a bunch of DOS type utilities that won't solve your problem.
I "repaired" Windows by updating my own existing Windows installation from Autorun option. Of course all of the Windows Updates had to be re-done. But now rhe AV program is seen by the Windows Security Centre and all admin functions wor; there is no boot time error message concerning the registry and I didn't have to re-install anything.
Hope that's clear and works for your case.
Suspishio
My advice is at your risk
Qosmio G50-10H; T9400 2.53GHz Core 2 Duo; 4GB RAM; Vista HP (32)
nForce 680i LT; Q6600 Quad Core 2.4GHz; 8GB RAM; XP Pro (64)
Dell XPS M1710; T7200 2GHz Core 2 Duo; 2GB RAM; XP Pro (32)
My advice is at your risk
Qosmio G50-10H; T9400 2.53GHz Core 2 Duo; 4GB RAM; Vista HP (32)
nForce 680i LT; Q6600 Quad Core 2.4GHz; 8GB RAM; XP Pro (64)
Dell XPS M1710; T7200 2GHz Core 2 Duo; 2GB RAM; XP Pro (32)
•
•
•
•
Originally Posted by cohen
So your saying, repair windows?
Being pedantic here, Windows Repair requires the Repair Console which, as you well know, enables a bunch of DOS type utilities that won't solve your problem.
I "repaired" Windows by updating my own existing Windows installation from Autorun option. Of course all of the Windows Updates had to be re-done. But now rhe AV program is seen by the Windows Security Centre and all admin functions wor; there is no boot time error message concerning the registry and I didn't have to re-install any applications.
Hope that's clear and works for your case.
Suspishio
My advice is at your risk
Qosmio G50-10H; T9400 2.53GHz Core 2 Duo; 4GB RAM; Vista HP (32)
nForce 680i LT; Q6600 Quad Core 2.4GHz; 8GB RAM; XP Pro (64)
Dell XPS M1710; T7200 2GHz Core 2 Duo; 2GB RAM; XP Pro (32)
My advice is at your risk
Qosmio G50-10H; T9400 2.53GHz Core 2 Duo; 4GB RAM; Vista HP (32)
nForce 680i LT; Q6600 Quad Core 2.4GHz; 8GB RAM; XP Pro (64)
Dell XPS M1710; T7200 2GHz Core 2 Duo; 2GB RAM; XP Pro (32)
•
•
Join Date: Jul 2008
Posts: 2,967
Reputation:
Solved Threads: 169
You don't need the Repair Console if you have the install disk.
See HERE.
Cohen, you never said how do you actually KNOW that you have a virus? The symptoms you show "can" be a virus but don't necessarily have to be caused by that either. Something you recently installed which is legitimate could cause these symptoms also. You are file sharing....this can be a big cause of the problem.
Have you done this step and then updated and run MBA-M again?
See HERE.
Cohen, you never said how do you actually KNOW that you have a virus? The symptoms you show "can" be a virus but don't necessarily have to be caused by that either. Something you recently installed which is legitimate could cause these symptoms also. You are file sharing....this can be a big cause of the problem.
Have you done this step and then updated and run MBA-M again?
•
•
•
•
* Click on Start, click Run, and then type devmgmt.msc and click OK
* On the View menu click on Show hidden devices
* Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
* Highlight that driver and right click on it and select DISABLE
* Now RESTART your computer.
* Download a copy of Malwarebytes but DO NOT run it yet.
* Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.
* Once the program is installed go to the UPDATE tab and try to update the program if you can.
* Then go to the SCANNER tab and run a Full System and allow MBAM to fix anything found.
 |
Similar Threads
- Suspected Virus (Viruses, Spyware and other Nasties)
- Virus from opening a MySpace page? (Viruses, Spyware and other Nasties)
- virus wont let me open my microsoft documents!!! (Viruses, Spyware and other Nasties)
- Virus Programming (Assembly)
- Unable to completely remove HackTool.Rootkit virus (Viruses, Spyware and other Nasties)
- Unknown Virus (Viruses, Spyware and other Nasties)
- May have Virus/Spyware/Aliens? or IE Hijacked (Viruses, Spyware and other Nasties)
- Macintosh Virus Notes (Mac tips 'n' tweaks)
- Yzk's Virus (Viruses, Spyware and other Nasties)
- I think I have a virus (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Surabaya is my birthday
- Next Thread: My computer constantly has a windows picture popping up
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos domains education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
