unknown infection

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

5 Pages
1
2
3
→
Last »

You cannot start a new topic
This topic is locked

unknown infection No access to I.E and WLM , and problems of update

#1 khan123

Member

Group: Members
Posts: 39
Joined: 20-June 11

Posted 28 June 2011 - 07:16 PM

Hello,

Since April 10, I can not use Internet Explorer, only Firefox.
And I can not open my account Windows live messenger
The update of my antivirus or other programs installed on my machine, are also impossible.
I can not go to a scan line, for due to lack of connection - "I was told" (?) - While browsing normally via Firefox!

I scanned with Combofix

Registry Booster detected 796 errors that I have not fixed (it seems to pay the full version for that)
RegRepair for his part, found 2249 errors that I have not been corrected.

I am running XP Home, HP factory version with a partition Recovery CD without installation.

N.B : please excuse my English because I do not speak as well as French.

Thank you

-------------------------------------------------------------------------------------
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by HP_Propriétaire at 17:54:27 on 2011-06-28
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.242 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\procédure bleep\dds.scr
.
============== Pseudo HJT Report ===============
.
uWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoloSentry] c:\progra~1\srnmic~1\SOLOSENT.EXE
mRun: [SoloSchedule] c:\progra~1\srnmic~1\SOLOCFG.EXE
mRun: [SoloSysCheck] c:\progra~1\srnmic~1\SYSCHECK.COM
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - hxxp://www.colorclub.fr/Components/Upload/ImageUploader3.cab
DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} - hxxp://www.extrafilm.fr/ImageUploader4.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
TCP: Interfaces\{F2D9BDA1-A688-40AC-AE3A-E653A398B1EE} : DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_propriétaire\application data\mozilla\firefox\profiles\ug482mln.default\
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-15 366640]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-4-5 196912]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-3-20 114616]
R3 MaBtPort;MA Bluetooth VCOM Driver;c:\windows\system32\drivers\mabtport.sys [2005-9-12 101952]
R3 MaBtVad;Mobile Action Bluetooth Audio;c:\windows\system32\drivers\MaBtVad.sys [2005-9-12 14414]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-15 22712]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-1-1 24608]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.SYS [?]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-3-20 63555]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-5-11 16512]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\hp_pro~1\locals~1\temp\jnv4_mib.sys --> c:\docume~1\hp_pro~1\locals~1\temp\jnv4_mib.sys [?]
S3 MaBtc;MA Bluetooth Core Driver;c:\windows\system32\drivers\mabtc.sys [2005-9-12 96736]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2006-7-4 379456]
.
=============== File Associations ===============
.
scrfile="%1" %*
vbsfile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
.
=============== Created Last 30 ================
.
2011-06-26 18:54:51 -------- dc-h--r- c:\documents and settings\hp_propriétaire\Recent
2011-06-26 16:16:31 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-06-26 16:16:28 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-06-26 16:16:27 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-06-26 16:16:23 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-06-26 16:16:19 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-06-26 16:16:15 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-06-26 16:16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-06-26 16:16:09 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-06-26 16:16:07 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-06-26 16:16:05 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-06-26 16:14:59 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2011-06-26 16:13:57 28672 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-06-26 16:12:58 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-06-26 16:11:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-06-26 16:10:56 99840 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-06-26 16:09:59 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2011-06-26 16:08:59 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-06-26 16:07:59 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2011-06-26 16:06:53 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-06-26 16:05:59 16512 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2011-06-26 16:04:57 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2011-06-26 16:03:55 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-06-26 16:02:58 53791 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-06-26 16:01:59 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-06-26 16:00:58 607452 -c--a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2011-06-26 15:59:57 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2011-06-26 15:58:51 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-06-26 15:57:58 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2011-06-26 15:56:58 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2011-06-26 15:55:59 630016 -c--a-w- c:\windows\system32\dllcache\eqn.sys
2011-06-26 15:54:59 31817 -c--a-w- c:\windows\system32\dllcache\disrvpp.dll
2011-06-26 15:53:59 6912 -c--a-w- c:\windows\system32\dllcache\ctlfacem.sys
2011-06-26 15:52:59 3968 -c--a-w- c:\windows\system32\dllcache\brfiltup.sys
2011-06-26 15:51:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-06-26 13:58:23 -------- d-----w- c:\program files\Registry Easy
2011-06-25 19:47:32 -------- d-----w- c:\program files\Digital Support Free Tools
2011-06-25 19:45:03 -------- dc----w- c:\documents and settings\all users\application data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-25 14:32:13 -------- d-----w- c:\program files\SRN Micro
2011-06-25 14:28:13 47 ----a-w- c:\windows\SOLOSCAN.BAT
2011-06-24 16:27:46 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-24 16:27:46 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-23 10:27:02 -------- dc----w- C:\Rapports scan & Co
2011-06-22 17:00:23 94512 ----a-w- c:\windows\system32\drivers\69563641.sys
2011-06-22 14:15:17 -------- d-----w- c:\program files\OpenOffice.org 3
2011-06-22 14:13:48 -------- d-----w- c:\program files\readmes
2011-06-22 14:13:48 -------- d-----w- c:\program files\licenses
2011-06-22 14:13:47 -------- d-----w- c:\program files\redist
2011-06-15 21:20:29 -------- d--h--w- c:\windows\msdownld.tmp
2011-06-15 21:18:07 -------- dc-h--w- c:\windows\ie8
2011-06-15 21:09:11 135680 -c--a-w- c:\documents and settings\hp_propriétaire\application data\microsoft\notification de cadeaux msn\lsnfier.exe
2011-06-14 22:01:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-14 22:01:36 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-12 16:43:28 -------- d-----w- c:\program files\iPod
2011-06-12 16:43:13 -------- d-----w- c:\program files\iTunes
2011-06-12 16:32:07 -------- d-----w- c:\program files\Bonjour
2011-06-12 16:13:10 -------- d-----w- c:\program files\ZHPDiag
2011-06-12 15:43:07 -------- d-----w- c:\windows\system32\Adobe
2011-06-11 20:41:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-11 19:47:02 -------- d-----w- c:\program files\FileHippo.com
2011-06-11 19:43:00 -------- dc----w- c:\documents and settings\hp_propriétaire\application data\Nitro PDF
2011-06-11 19:40:13 -------- d-----w- c:\program files\Nitro PDF
2011-06-11 19:39:48 -------- d-----w- c:\program files\fichiers communs\Nitro PDF
2011-06-11 19:36:55 -------- dc----w- c:\documents and settings\hp_propriétaire\application data\Downloaded Installations
2011-06-11 09:07:55 -------- d-----w- c:\program files\Defraggler
2011-06-08 15:11:36 -------- d-----w- c:\program files\ESET
2011-05-30 08:32:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-23 10:31:53 512 -c--a-w- C:\PhysicalDisk0_MBR.bin
2011-06-11 20:41:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 07:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06:11 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 14:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-05 20:30:00 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-04-05 20:30:00 17712 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-01-19 22:05:08 2997248 ----a-w- c:\program files\openofficeorg33.msi
2011-01-19 22:03:50 475016 ----a-w- c:\program files\setup.exe
1998-06-26 18:18:08 126 ----a-w- c:\program files\Mk4.reg
1998-06-26 09:38:20 1167360 ----a-w- c:\program files\Mortal Kombat 4.exe
1996-12-02 15:44:28 582144 ----a-w- c:\program files\fichiers communs\dao350.dll
.
============= FINISH: 17:55:38,89 ===============

Attached File(s)

ComboFix 30.04.2011.txt (21.32K)
Number of downloads: 3
attach.txt (13.23K)
Number of downloads: 3
ark.txt (2.2K)
Number of downloads: 3

#2 rigacci

Fiorentino

Group: Members
Posts: 2,596
Joined: 12-July 07
Gender:Male

Posted 06 July 2011 - 08:03 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

Thanks.

DR

AVG Free Anti-Virus CCleaner MalwareBytes Anti-Malware Spybot Search & Destroy SpywareBlaster

#3 khan123

Member

Group: Members
Posts: 39
Joined: 20-June 11

Posted 07 July 2011 - 08:10 PM

Hello

Okay, I know you do your best.

But it's 3 months that my machine suffers from the following problems that have occurred following the installation of Internet Explorer 8, instead of 7 version :

* No navigation possible with Internet Explorer
* No access to WLM
* Not possible updates (scheduled Automatic daily) my antivirus, and also software or other programs like adobe flash player, firefox, ...

These actions are reported impossible to perform, because my internet connection is not detected, whereas normally I sail with firefox !?

* The online scan with any antivirus is impossible for lack of imagination connection ?
The pattern "proxy" comes up quite often !

* But the updates issued periodically by microsoft windows and marked with a yellow icon in the taskbar, on the other hand seem to proceed normally.

Thank you and good luck

---------------------------------------------------------------------------------
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by HP_Propriétaire at 23:08:48 on 2011-07-07
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.347 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\bleep\dds.scr
.
============== Pseudo HJT Report ===============
.
uWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpeedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" delay 20000
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoloSentry] c:\progra~1\srnmic~1\SOLOSENT.EXE
mRun: [SoloSchedule] c:\progra~1\srnmic~1\SOLOCFG.EXE
mRun: [SoloSysCheck] c:\progra~1\srnmic~1\SYSCHECK.COM
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - hxxp://www.colorclub.fr/Components/Upload/ImageUploader3.cab
DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} - hxxp://www.extrafilm.fr/ImageUploader4.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
TCP: Interfaces\{04CF493D-E395-4900-B4E8-EF47A2415AD4} : NameServer = 62.251.229.237
TCP: Interfaces\{F2D9BDA1-A688-40AC-AE3A-E653A398B1EE} : DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_propriétaire\application data\mozilla\firefox\profiles\ug482mln.default\
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-15 366640]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-4-5 196912]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-3-20 114616]
R3 MaBtPort;MA Bluetooth VCOM Driver;c:\windows\system32\drivers\mabtport.sys [2005-9-12 101952]
R3 MaBtVad;Mobile Action Bluetooth Audio;c:\windows\system32\drivers\MaBtVad.sys [2005-9-12 14414]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-15 22712]
S1 SASKUTIL;SASKUTIL; [x]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-3-20 63555]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2011-7-6 2831232]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-5-11 16512]
S3 jnv4_mib;jnv4_mib; [x]
S3 MaBtc;MA Bluetooth Core Driver;c:\windows\system32\drivers\mabtc.sys [2005-9-12 96736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-15 39984]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-1-1 24608]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-7-7 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-7-7 11104]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2006-7-4 379456]
.
=============== File Associations ===============
.
scrfile="%1" %*
vbsfile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
.
=============== Created Last 30 ================
.
2011-07-07 17:33:30 82998 ----a-w- c:\windows\Désinstaller reparermsn.exe
2011-07-07 16:19:10 -------- dc----w- c:\documents and settings\hp_propriétaire\application data\GetRightToGo
2011-07-07 15:23:45 747592 ----a-w- c:\windows\system32\pwNative.exe
2011-07-07 15:23:40 16472 ------w- c:\windows\system32\pwdrvio.sys
2011-07-07 15:23:38 11104 ------w- c:\windows\system32\pwdspio.sys
2011-07-07 15:18:54 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 6.0
2011-07-06 18:27:13 47616 ----a-w- c:\windows\system32\drivers\SiSRaid2.sys
2011-07-06 18:27:13 163840 ----a-w- c:\windows\system32\property.dll
2011-07-06 18:26:54 -------- d-----w- c:\windows\SiS
2011-07-06 18:26:48 32768 ----a-w- c:\windows\system32\drivers\sisnicxp.sys
2011-07-06 18:17:41 4096 ----a-w- c:\windows\system32\drivers\siside.sys
2011-07-06 18:13:03 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2011-07-06 18:13:03 33280 ----a-w- c:\windows\system32\PsisRndr.ax
2011-07-06 18:13:01 56832 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-07-06 18:12:53 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2011-07-06 18:12:53 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2011-07-06 18:12:51 18432 ----a-w- c:\windows\system32\BdaPlgIn.ax
2011-07-06 18:12:38 3072 ----a-w- c:\windows\system32\34CoInstaller.dll
2011-07-06 18:12:38 2831232 ----a-w- c:\windows\system32\drivers\3xHybrid.sys
2011-07-06 18:12:38 13824 ----a-w- c:\windows\system32\Ph3xIB32MV.dll
2011-07-06 18:02:59 9216 ----a-w- c:\windows\system32\agrsmsvc.exe
2011-07-06 18:02:59 13312 ----a-w- c:\windows\system32\agrscoin.dll
2011-07-06 16:53:33 -------- dc----w- c:\documents and settings\hp_propriétaire\application data\Uniblue
2011-07-06 16:53:27 -------- d-----w- c:\program files\Uniblue
2011-07-06 16:29:03 -------- dc-h--w- c:\documents and settings\all users\application data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2011-07-06 16:05:27 -------- dc----w- c:\documents and settings\all users\Uniblue
2011-07-06 15:42:43 -------- dc----w- c:\documents and settings\hp_propriétaire\application data\MSNInstaller
2011-07-03 16:44:47 -------- dc-h--r- c:\documents and settings\hp_propriétaire\Recent
2011-06-26 16:16:31 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-06-26 16:16:28 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-06-26 16:16:27 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-06-26 16:16:23 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-06-26 16:16:19 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-06-26 16:16:15 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-06-26 16:16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-06-26 16:16:09 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-06-26 16:16:07 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-06-26 16:16:05 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-06-26 16:14:59 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2011-06-26 16:13:57 28672 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-06-26 16:12:58 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-06-26 16:11:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-06-26 16:10:56 99840 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-06-26 16:09:59 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2011-06-26 16:08:59 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-06-26 16:07:59 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2011-06-26 16:06:53 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-06-26 16:05:59 16512 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2011-06-26 16:04:57 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2011-06-26 16:03:55 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-06-26 16:02:58 53791 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-06-26 16:01:59 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-06-26 16:00:58 607452 -c--a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2011-06-26 15:59:57 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2011-06-26 15:58:51 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-06-26 15:57:58 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2011-06-26 15:56:58 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2011-06-26 15:55:59 630016 -c--a-w- c:\windows\system32\dllcache\eqn.sys
2011-06-26 15:54:59 31817 -c--a-w- c:\windows\system32\dllcache\disrvpp.dll
2011-06-26 15:53:59 6912 -c--a-w- c:\windows\system32\dllcache\ctlfacem.sys
2011-06-26 15:52:59 3968 -c--a-w- c:\windows\system32\dllcache\brfiltup.sys
2011-06-26 15:51:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-06-25 19:47:32 -------- d-----w- c:\program files\Digital Support Free Tools
2011-06-25 19:45:03 -------- dc-h--w- c:\documents and settings\all users\application data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-25 14:32:13 -------- d-----w- c:\program files\SRN Micro
2011-06-25 14:28:13 47 ----a-w- c:\windows\SOLOSCAN.BAT
2011-06-24 16:27:46 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-24 16:27:46 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-23 10:27:02 -------- dc----w- C:\Rapports scan & Co
2011-06-22 17:00:23 94512 ----a-w- c:\windows\system32\drivers\69563641.sys
2011-06-22 14:15:17 -------- d-----w- c:\program files\OpenOffice.org 3
2011-06-22 14:13:48 -------- d-----w- c:\program files\readmes
2011-06-22 14:13:48 -------- d-----w- c:\program files\licenses
2011-06-22 14:13:47 -------- d-----w- c:\program files\redist
2011-06-15 21:20:29 -------- d--h--w- c:\windows\msdownld.tmp
2011-06-15 21:18:07 -------- dc-h--w- c:\windows\ie8
2011-06-15 21:09:11 135680 -c--a-w- c:\documents and settings\hp_propriétaire\application data\microsoft\notification de cadeaux msn\lsnfier.exe
2011-06-14 22:01:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-14 22:01:36 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-12 16:43:28 -------- d-----w- c:\program files\iPod
2011-06-12 16:43:13 -------- d-----w- c:\program files\iTunes
2011-06-12 16:32:07 -------- d-----w- c:\program files\Bonjour
2011-06-12 16:13:10 -------- d-----w- c:\program files\ZHPDiag
2011-06-12 15:43:07 -------- d-----w- c:\windows\system32\Adobe
2011-06-11 20:41:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-11 19:47:02 -------- d-----w- c:\program files\FileHippo.com
2011-06-11 19:43:00 -------- dc----w- c:\documents and settings\hp_propriétaire\application data\Nitro PDF
2011-06-11 19:40:13 -------- d-----w- c:\program files\Nitro PDF
2011-06-11 19:39:48 -------- d-----w- c:\program files\fichiers communs\Nitro PDF
2011-06-11 19:36:55 -------- dc----w- c:\documents and settings\hp_propriétaire\application data\Downloaded Installations
2011-06-11 09:07:55 -------- d-----w- c:\program files\Defraggler
2011-06-08 15:11:36 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2011-07-06 18:27:37 35712 ----a-w- c:\windows\system32\drivers\SISAGPX.SYS
2011-07-06 18:02:59 69120 ----a-w- c:\windows\agrsmdel.exe
2011-07-06 18:02:59 1161152 ----a-w- c:\windows\system32\drivers\AGRSM.sys
2011-06-23 10:31:53 512 -c--a-w- C:\PhysicalDisk0_MBR.bin
2011-06-11 20:41:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-11 19:32:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 07:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:26 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06:11 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-01-19 22:05:08 2997248 ----a-w- c:\program files\openofficeorg33.msi
2011-01-19 22:03:50 475016 ----a-w- c:\program files\setup.exe
1998-06-26 18:18:08 126 ----a-w- c:\program files\Mk4.reg
1998-06-26 09:38:20 1167360 ----a-w- c:\program files\Mortal Kombat 4.exe
1996-12-02 15:44:28 582144 ----a-w- c:\program files\fichiers communs\dao350.dll
.
============= FINISH: 23:10:18,20 ===============

Attached File(s)

attach.txt (11.41K)
Number of downloads: 3
ark.txt (2.58K)
Number of downloads: 3

#4 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 08 July 2011 - 05:12 AM

Hello khan123 and welcome to BC.

Quote

I scanned with Combofix

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Quote

Registry Booster detected 796 errors that I have not fixed (it seems to pay the full version for that)
RegRepair for his part, found 2249 errors that I have not been corrected.

We do not recommend the usage of registry cleaners / tools due to the following facts:

*Registry tools can cause irreparable damage to your Operating System
*Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.

Cleaning the registry won't really improve system performance, even though there a lot of orphaned keys.
IMHO, if registry cleaning was required, then Microsoft would have added this option. So you use registry at you own risk. After all, a corrupted registry is a corrupted Windows.

Registry Cleaners and System Tweaking Tools

==================================

:step1:

Download OTL by OldTimer from one of the links below:

Link 1
Link 2

Save it to your desktop.
Close all open windows on the Task Bar.
Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
Put a check mark on Scan All Users.
Click the Run Scan button and let it run uninterrupted.
It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
Post the contents of both reports when you reply.
Exit OTL.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

Extract the zip file to its own folder.
Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
Click Start scan to start scanning.
If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
Click on Report to generate a log.
Please post that log when you reply.

~Semp

You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)

#5 khan123

Member

Group: Members
Posts: 39
Joined: 20-June 11

Posted 08 July 2011 - 09:39 AM

Hello ,

I always run ComboFix request of a Helper.

Bleepcomputer is not the first forum where I asked for help for my problems dating from April 10, 2011.

May 22, 2011 11:39 p.m.
http://saamu.net/post15173.html # p15173

May 18, 2011 9:02 p.m.
http://www.informatruc.com/forum/topic31778.html

12/04/2011, 9:07 p.m.
http://forum.generation-nt.com/securite-and-virus/connexion-ok-firefox-marche-ie-227011/

Thurs, May 26 2011, 24:39
http://www.forum-microsoft.org/post673518.html # p673518

May 28 2011, 19:25
http://www.vista-xp.fr/forum/topic10084.html

June 4, 2011 7:07 p.m. pm
http://www.libellules.ch/phpBB2/dysfonctionnement-avec-ie7-ff4-nod32-et-msn-t37568.html

19/06/2011 @ 19:46
http://forum.pcastuces.com/sujet.asp?f=25&s=60248

Besides the matches in private message (at the request of helpers) in such sites, and others too.

I almost run all existing programs, to no avail.

While I am not an expert, but I think that the solution to my problems is that of finding the link between my firefox browser possible / impossible with Internet Explorer AND the failure of certain updates or execution of certain online programs that need to recognize a specific internet connection !?

Is it a type of infection, a virus that runs at startup of my machine (as a helper told me in private message) ; or tools / keys that have disappeared from my operating system, or just disabled ?!

I ran OTL 3 times, and never report Extras.txt.

Thanks

Attached File(s)

OTL.Txt (328.11K)
Number of downloads: 4
TDSSKiller.2.5.9.0_08.07.2011_15.34.10_log.txt (50.33K)
Number of downloads: 3

#6 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 08 July 2011 - 10:59 AM

Hi,

Not all forum and forum helpers who uses Combofix are trained and authorized on its use, the list of forums that are authorized to use combofix can be found HERE.

There is no Extras.txt because it is only available on the first OTL run, you already run it 9 times. Sounds to me that this is a proxy hijacked, but we will figure this out later.

Please be noted about the following:

Do not run any other tools or install any updates unless instructed to, this may hinder the cleaning process.
Do not attach logs unless instructed.
Do not follow two instructions on two different forums at the same time.

=============================

:step1:

Backup Your Registry with ERUNT

Please download ERUNT.
Follow the detailed instructions HERE on how to install and run ERUNT.
Make sure that you have successfully installed and ran ERUNT before proceeding with the next instruction.

TDSSKiller

Close all other running programs.
Please run TDSSKiller.exe again and start the scan.
Do not change any setting after the scan and let it Cure any infections found.
Follow the prompts and reboot the computer when ask.
Once completed.. It will generate a report located at C:\TDSSKiller.Version_Date_Time_log.txt.
Please post the contents of that log when you reply.

Please reopen OTL on your desktop.

Copy and Paste the following code into the Custom Scan/Fixes text box.

:OTL
IE - HKU\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found

:Files
ipconfig /flushdns /c

:Commands
[REBOOT]

Push the Run Fix button.
OTL may ask to reboot the machine. Please do so if asked.
A massage box "Fix complete! Click OK to open the fix log." will pop-up.
Click the OK button and a report will open.
Copy and Paste that report in your next reply.

~Semp

#7 khan123

Member

Group: Members
Posts: 39
Joined: 20-June 11

Posted 08 July 2011 - 11:42 AM

Hi ,

....ran ERUNT before proceeding with the next instruction ???

ERUNT is installed in the C: \ WINDOWS since September 19, 2007 and ERDUNT since June 2, 2011

You forgive me, but I do not speak English as fluently as French.

Should I run ERUNT before TDSSKiller and OTL , after ? How ?

If the item Cure does not appear in default, should I force it ?

I found a file Extras.txt of a few weeks ago, should I send it to you too?

Thanks

#8 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 08 July 2011 - 12:00 PM

The reason why we want to run ERUNT first is to have a registry back up, so yes we want it before anything else. To manually make a back up with ERUNT please follow the instruction below.

Please create another ERUNT back up.

Locate and double click the ERUNT icon.
Click OK to start the back up process.
A window will open asking you where to save the back up, copy-paste or type exactly the bolded text below on the "Back up to:" box and click OK.

C:\WINDOWS\ERDNT\sempai
Click yes to create the folder and start the back up.

Cure or quarantine will appear as default if infection is found with TDSSKiller. We need an updated log so no need to post the old Extras.txt.

~Semp

#9 khan123

Member

Group: Members
Posts: 39
Joined: 20-June 11

Posted 08 July 2011 - 12:57 PM

Scan TDDSKiller shows this window:

Suspicious objects
Forged file Skip

Service
Service name : 3xHybrid
Service type : Kernel driver (0x1)
Service start : Demand (0x3)
File : C:\windows\system32\DRIVERS\3xHybrid.sys
MDS : a861a565dca592589d8ae2866c33a432
MDS5(forged) : 8bc3b5f02db0d66f3fc947f30a5fb721

Found objects are declared suspects but it is the Skip option offered to me, not quarantine or delete
I skip , put in quarantine or delete?

This post has been edited by khan123: 08 July 2011 - 01:00 PM

#10 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 08 July 2011 - 05:45 PM

Hi,

This driver is showing a fake md5, but since cure is not available let's skip this for now and try a different approach later. Please proceed with OTL.

~Semp

#11 khan123

Member

Group: Members
Posts: 39
Joined: 20-June 11

Posted 08 July 2011 - 07:21 PM

Hello ;

--------------------------------------------------------------

2011/07/09 01:43:46.0296 2764 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/09 01:43:46.0703 2764 ================================================================================
2011/07/09 01:43:46.0703 2764 SystemInfo:
2011/07/09 01:43:46.0703 2764
2011/07/09 01:43:46.0703 2764 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/09 01:43:46.0703 2764 Product type: Workstation
2011/07/09 01:43:46.0703 2764 ComputerName: NOM-641695C7437
2011/07/09 01:43:46.0703 2764 UserName: HP_Propriétaire
2011/07/09 01:43:46.0703 2764 Windows directory: C:\WINDOWS
2011/07/09 01:43:46.0703 2764 System windows directory: C:\WINDOWS
2011/07/09 01:43:46.0703 2764 Processor architecture: Intel x86
2011/07/09 01:43:46.0703 2764 Number of processors: 1
2011/07/09 01:43:46.0703 2764 Page size: 0x1000
2011/07/09 01:43:46.0703 2764 Boot type: Normal boot
2011/07/09 01:43:46.0703 2764 ================================================================================
2011/07/09 01:43:48.0593 2764 Initialize success
2011/07/09 01:45:57.0390 1064 ================================================================================
2011/07/09 01:45:57.0390 1064 Scan started
2011/07/09 01:45:57.0390 1064 Mode: Manual;
2011/07/09 01:45:57.0390 1064 ================================================================================
2011/07/09 01:46:05.0312 1064 3xHybrid (a861a565dca592589d8ae2866c33a432) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
2011/07/09 01:46:05.0765 1064 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\3xHybrid.sys. Real md5: a861a565dca592589d8ae2866c33a432, Fake md5: 8bc3b5f02db0d66f3fc947f30a5fb721
2011/07/09 01:46:05.0796 1064 3xHybrid - detected ForgedFile.Multi.Generic (1)
2011/07/09 01:46:06.0406 1064 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/09 01:46:06.0593 1064 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/09 01:46:06.0796 1064 ADILOADER (2b3b8c0a2c979dd77ba6dc9376074854) C:\WINDOWS\system32\Drivers\adildr.sys
2011/07/09 01:46:06.0921 1064 adiusbaw (6f20677e1c73a265c37c8794ce499d36) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
2011/07/09 01:46:07.0062 1064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/09 01:46:07.0156 1064 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/09 01:46:07.0312 1064 AgereSoftModem (2e3abaacbf547abbb5e73a504a56d05a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/07/09 01:46:07.0546 1064 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/07/09 01:46:07.0640 1064 ALCXWDM (45bf4e8d77d700ff54d6d1097750f64e) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/07/09 01:46:07.0796 1064 AmdK7 (d3dabc57be6d456dfd4bc026cfa582ff) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/07/09 01:46:07.0859 1064 AmdK8 (841871eac4e0dab2bd2b56ce59ef9511) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/07/09 01:46:08.0000 1064 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/09 01:46:08.0156 1064 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
2011/07/09 01:46:08.0218 1064 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/07/09 01:46:08.0265 1064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/09 01:46:08.0312 1064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/09 01:46:08.0390 1064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/09 01:46:08.0453 1064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/09 01:46:08.0500 1064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/09 01:46:08.0609 1064 CamDrL (cba8bce5bf67a3c619d5ce540bed9cf7) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
2011/07/09 01:46:08.0718 1064 Cap7134 (ef5a38361233cfa2d319903517b669c3) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
2011/07/09 01:46:08.0843 1064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/09 01:46:08.0906 1064 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/09 01:46:09.0015 1064 CdaC15BA (08f60f40d1a2a95a1f12eddbd9f25c1c) C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2011/07/09 01:46:09.0093 1064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/09 01:46:09.0171 1064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/09 01:46:09.0281 1064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/09 01:46:09.0343 1064 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
2011/07/09 01:46:09.0796 1064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/09 01:46:09.0875 1064 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/09 01:46:09.0953 1064 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/09 01:46:10.0031 1064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/09 01:46:10.0078 1064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/09 01:46:10.0187 1064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/09 01:46:10.0312 1064 e4usbaw (3e1971e0f64fcf2fbe05ce4ab0132963) C:\WINDOWS\system32\DRIVERS\e4usbaw.sys
2011/07/09 01:46:10.0421 1064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/09 01:46:10.0468 1064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/09 01:46:10.0546 1064 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/09 01:46:10.0593 1064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/09 01:46:10.0640 1064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/09 01:46:10.0703 1064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/09 01:46:10.0750 1064 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/09 01:46:10.0812 1064 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/07/09 01:46:10.0875 1064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/09 01:46:10.0921 1064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/09 01:46:11.0015 1064 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/09 01:46:11.0156 1064 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/09 01:46:11.0203 1064 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/09 01:46:11.0250 1064 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/09 01:46:11.0328 1064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/09 01:46:11.0406 1064 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/09 01:46:11.0484 1064 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/09 01:46:11.0562 1064 ialm (53fdf10a5baf4f0a345bc5e941392186) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/09 01:46:11.0671 1064 IKANLOADER2 (1a03a7b28d12239a573dc20422c3068d) C:\WINDOWS\system32\Drivers\e4ldr.sys
2011/07/09 01:46:11.0718 1064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/09 01:46:11.0828 1064 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/09 01:46:11.0890 1064 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/09 01:46:11.0937 1064 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/09 01:46:12.0000 1064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/09 01:46:12.0062 1064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/09 01:46:12.0125 1064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/09 01:46:12.0187 1064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/09 01:46:12.0250 1064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/09 01:46:12.0312 1064 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/09 01:46:12.0406 1064 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/07/09 01:46:12.0531 1064 Jukebox3 (09f29a61dc7bf2e711ea272256035c77) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
2011/07/09 01:46:12.0578 1064 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/09 01:46:12.0625 1064 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/09 01:46:12.0687 1064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/09 01:46:12.0750 1064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/09 01:46:12.0812 1064 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
2011/07/09 01:46:12.0890 1064 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/07/09 01:46:12.0984 1064 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/07/09 01:46:13.0046 1064 LUsbFilt (ca26e46ec8891058c9e10363df4e4650) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2011/07/09 01:46:13.0125 1064 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/07/09 01:46:13.0203 1064 MaBtc (a368f469b4f281c7dde4de7cf87f66e3) C:\WINDOWS\system32\DRIVERS\MABTC.sys
2011/07/09 01:46:13.0265 1064 MaBtPort (0f8988967139dbf188fac4df2457d87c) C:\WINDOWS\system32\DRIVERS\mabtport.sys
2011/07/09 01:46:13.0343 1064 MaBtVad (fc85e2395e02f9bcd86e6e39bfa8c26d) C:\WINDOWS\system32\DRIVERS\MaBtVad.sys
2011/07/09 01:46:13.0421 1064 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/09 01:46:13.0500 1064 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/09 01:46:13.0578 1064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/09 01:46:13.0656 1064 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/09 01:46:13.0734 1064 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/09 01:46:13.0796 1064 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/09 01:46:13.0859 1064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/09 01:46:13.0937 1064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/09 01:46:14.0031 1064 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/09 01:46:14.0109 1064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/09 01:46:14.0187 1064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/09 01:46:14.0218 1064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/09 01:46:14.0265 1064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/09 01:46:14.0328 1064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/09 01:46:14.0375 1064 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/09 01:46:14.0437 1064 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/09 01:46:14.0484 1064 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/09 01:46:14.0656 1064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/09 01:46:14.0734 1064 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/09 01:46:14.0781 1064 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/09 01:46:14.0828 1064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/09 01:46:14.0875 1064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/09 01:46:14.0937 1064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/09 01:46:14.0984 1064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/09 01:46:15.0031 1064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/09 01:46:15.0140 1064 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/09 01:46:15.0265 1064 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/07/09 01:46:15.0296 1064 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/07/09 01:46:15.0328 1064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/09 01:46:15.0390 1064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/09 01:46:15.0500 1064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/09 01:46:15.0812 1064 nv (54281e0eeb10143ec4327bb5d123f125) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/09 01:46:16.0093 1064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/09 01:46:16.0140 1064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/09 01:46:16.0171 1064 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/09 01:46:16.0250 1064 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/09 01:46:16.0281 1064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/09 01:46:16.0328 1064 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/09 01:46:16.0421 1064 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/07/09 01:46:16.0453 1064 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/09 01:46:16.0531 1064 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/09 01:46:16.0578 1064 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/09 01:46:16.0890 1064 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/07/09 01:46:16.0953 1064 PhTVTune (bba084b7934057673dda2c2160e6ed47) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
2011/07/09 01:46:17.0062 1064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/09 01:46:17.0125 1064 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/09 01:46:17.0203 1064 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/07/09 01:46:17.0250 1064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/09 01:46:17.0312 1064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/09 01:46:17.0390 1064 pwdrvio (31c396331f61990ce235b046a03be0a1) C:\WINDOWS\system32\pwdrvio.sys
2011/07/09 01:46:17.0453 1064 pwdspio (cee974ef297015b9600dcd16a82821b4) C:\WINDOWS\system32\pwdspio.sys
2011/07/09 01:46:17.0515 1064 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/09 01:46:17.0625 1064 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2011/07/09 01:46:17.0875 1064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/09 01:46:17.0953 1064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/09 01:46:18.0000 1064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/09 01:46:18.0031 1064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/09 01:46:18.0125 1064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/09 01:46:18.0171 1064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/09 01:46:18.0250 1064 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/09 01:46:18.0312 1064 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/09 01:46:18.0359 1064 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/07/09 01:46:18.0437 1064 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/07/09 01:46:18.0578 1064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/09 01:46:18.0625 1064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/09 01:46:18.0671 1064 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/09 01:46:18.0796 1064 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/07/09 01:46:18.0828 1064 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/07/09 01:46:18.0859 1064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/09 01:46:18.0984 1064 SiS315 (7467e510c81b19a6b590a3868f499b23) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/07/09 01:46:19.0031 1064 SISAGP (f8150c74ff24bdbd19f47a6dfd05514a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/07/09 01:46:19.0109 1064 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys
2011/07/09 01:46:19.0187 1064 SiSkp (14ed728e44b0e7a169217127d8510ca9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/07/09 01:46:19.0250 1064 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/07/09 01:46:19.0328 1064 SISNICXP (a1348a901a44760ccd76043525e851d0) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
2011/07/09 01:46:19.0375 1064 SiSRaid2 (5ddfc6750d2d65a3d43aa7021c4efc28) C:\WINDOWS\system32\DRIVERS\SiSRaid2.sys
2011/07/09 01:46:19.0437 1064 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/09 01:46:19.0531 1064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/09 01:46:19.0593 1064 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/09 01:46:19.0671 1064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/09 01:46:19.0750 1064 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/07/09 01:46:19.0828 1064 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/09 01:46:19.0890 1064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/09 01:46:19.0937 1064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/09 01:46:20.0140 1064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/09 01:46:20.0234 1064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/09 01:46:20.0296 1064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/09 01:46:20.0328 1064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/09 01:46:20.0390 1064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/09 01:46:20.0500 1064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/09 01:46:20.0593 1064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/09 01:46:20.0703 1064 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/07/09 01:46:20.0765 1064 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/09 01:46:20.0812 1064 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/09 01:46:20.0859 1064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/09 01:46:20.0906 1064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/09 01:46:20.0968 1064 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/09 01:46:21.0031 1064 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/09 01:46:21.0078 1064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/09 01:46:21.0140 1064 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/07/09 01:46:21.0203 1064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/09 01:46:21.0250 1064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/09 01:46:21.0328 1064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/09 01:46:21.0406 1064 viagfx (19bba101cb87d18ff04e7f24e1792ab0) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/07/09 01:46:21.0453 1064 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/09 01:46:21.0500 1064 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/09 01:46:21.0562 1064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/09 01:46:21.0656 1064 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/07/09 01:46:21.0750 1064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/09 01:46:21.0875 1064 WlanUIG (c383926d4ba41afbca592b2ad1fe4109) C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
2011/07/09 01:46:21.0984 1064 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/09 01:46:22.0046 1064 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/09 01:46:22.0125 1064 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/09 01:46:22.0218 1064 MBR (0x1B8) (4f3a0ea76e7edbe2fc4a98f9de544751) \Device\Harddisk0\DR0
2011/07/09 01:46:22.0250 1064 Boot (0x1200) (9f4d4e0a7b2cd9ad1f1d76113e91b5ce) \Device\Harddisk0\DR0\Partition0
2011/07/09 01:46:22.0265 1064 Boot (0x1200) (6b8a628103cc586b5f9e59d5f39be85e) \Device\Harddisk0\DR0\Partition1
2011/07/09 01:46:22.0281 1064 ================================================================================
2011/07/09 01:46:22.0281 1064 Scan finished
2011/07/09 01:46:22.0281 1064 ================================================================================
2011/07/09 01:46:22.0312 1560 Detected object count: 1
2011/07/09 01:46:22.0312 1560 Actual detected object count: 1
2011/07/09 01:46:33.0343 1560 ForgedFile.Multi.Generic(3xHybrid) - User select action: Skip
2011/07/09 01:46:44.0046 2300 Deinitialize success

------------------------------------------------------------

========== OTL ==========
HKU\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Documents and Settings\HP_Propriétaire\Bureau\cmd.bat deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 07092011_015843

#12 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 09 July 2011 - 08:00 AM

Please do the following:

:step1:

Run OTL.

Click the None button at the top (Between "Run fix" and "Clean up" button).

Copy and Paste the following code into the Custom Scan box.

 
/md5start
3xHybrid.sys
/md5stop
HKEY_USERS\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad windows.
Please copy (Edit->Select All, Edit->Copy) the contents of that file, and post them when you reply.

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE

Close any open windows, including this one.

Double click on ComboFix.exe & follow the prompts.

ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.

When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.
ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Please do not mouseclick combofix's window while its running because it may call it to stall.
ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.

~Semp

#13 khan123

Member

Group: Members
Posts: 39
Joined: 20-June 11

Posted 09 July 2011 - 11:16 AM

Hi,

OTL logfile created on: 09/07/2011 16:53:05 - Run 10
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\HP_Propriétaire\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 337,71 Mb Available Physical Memory | 66,03% Memory free
1,22 Gb Paging File | 0,99 Gb Available in Paging File | 81,54% Paging File free
Paging file location(s): C:\pagefile.sys 766 766 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143,81 Gb Total Space | 52,72 Gb Free Space | 36,66% Space Free | Partition Type: NTFS
Drive D: | 5,22 Gb Total Space | 0,99 Gb Free Space | 19,03% Space Free | Partition Type: FAT32

Computer Name: NOM-641695C7437 | User Name: HP_Propriétaire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< >

< MD5 for: 3XHYBRID.SYS >
[2011/07/06 20:12:38 | 002,831,232 | ---- | M] () MD5=8BC3B5F02DB0D66F3FC947F30A5FB721 -- C:\WINDOWS\system32\drivers\3xHybrid.sys

< HKEY_USERS\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings >
"User Agent" = Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"IE5_UA_Backup_Flag" = 5.0
"NoNetAutodial" = 0
"MigrateProxy" = 1
"EnableNegotiate" = 1
"EmailName" = IEUser@
"AutoConfigProxy" = wininet.dll -- [2011/04/25 18:06:11 | 000,916,480 | ---- | M] (Microsoft Corporation)
"MimeExclusionListForCache" = multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"WarnOnPost" = 01 00 00 00 [binary data]
"UseSchannelDirectly" = 01 00 00 00 [binary data]
"EnableHttp1_1" = 1
"PrivacyAdvanced" = 0
"ProxyEnable" = 1
"EnableAutodial" = 1
"PrivDiscUiShown" = 1
"WarnOnZoneCrossing" = 0
"SecureProtocols" = 168
"WarnOnIntranet" = 1
"ProxyOverride" = 127.0.0.1
"GlobalUserOffline" = 0
"ProxyServer" = 127.0.0.1:9666
"UrlEncoding" = 0
"ZonesSecurityUpgrade" = 26 AB 4A 6A A3 2B CC 01 [binary data]
"DisableCachingOfSSLPages" = 0
"MaxConnectionsPerServer" = 10
"MaxConnectionsPer1_0Server" = 10

[HKEY_USERS\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

[HKEY_USERS\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities]

[HKEY_USERS\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_USERS\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]

[HKEY_USERS\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]

[HKEY_USERS\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]

[HKEY_USERS\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols]

[HKEY_USERS\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]

[HKEY_USERS\S-1-5-21-2373656388-2674558482-1190084186-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]

< End of report >

Attached File(s)

ComboFix.txt (27.34K)
Number of downloads: 5

#14 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 09 July 2011 - 11:35 AM

Something in your PC is recreating the proxy. Please do not attach logs unless instructed.

Please go to http://virscan.org/

Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

C:\WINDOWS\system32\drivers\3xHybrid.sys
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

~Semp

#15 khan123

Member

Group: Members
Posts: 39
Joined: 20-June 11

Posted 09 July 2011 - 12:25 PM

Hello,

Once the scan is complete, a page displays all engines that have analyzed the file with the same result: nothing has been found.

The only button to click at the bottom of the page: clipboard, but nothing happens!

I then do a search the words "virscan" and "3xHybrid.sys" in the root C optional "text" without results.

Also, I make you a copy of most of the page that is apparure at the end of scan:

Informations sur le fichier
Nom de fichier : 3xHybrid.sys
Taille du fichier : 2831232 byte
Type de fichier : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 8bc3b5f02db0d66f3fc947f30a5fb721
SHA1 : a5433ecc1c0b3f95cb063c8126586e77b978a8de

Résultats des moteurs
Résultats des moteurs : tous les moteurs ont dit ne pas avoir trouvé de malware !
Temps : 2011/07/09 16:47:56 (WET)
Scanner ↓ Vers. moteur Vers. Sig. Date Sig. Résultat du scan Temps
a-squared 5.1.0.3 20110709190617 2011-07-09
-
40.091
AhnLab V3 2011.07.08.03 2011.07.08 2011-07-08
-
40.090
AntiVir 8.2.6.6 7.11.11.45 2011-07-08
-
0.285
Antiy 2.0.18 20110205.7694535 2011-02-05
-
0.023
Arcavir 2011 201105080215 2011-05-08
-
0.037
Authentium 5.1.1 201107091255 2011-07-09
-
1.499
AVAST! 4.7.4 110709-0 2011-07-09
-
0.109
AVG 8.5.850 271.1.1/3754 2011-07-09
-
0.252
BitDefender 7.90123.8476305 7.38219 2011-07-09
-
4.138
ClamAV 0.96.5 13301 2011-07-09
-
1.448
Comodo 4.0 9328 2011-07-09
-
40.090
CP Secure 1.3.0.5 2011.07.09 2011-07-09
-
0.524
Dr.Web 5.0.2.3300 2011.07.09 2011-07-09
-
13.951
F-Prot 4.4.4.56 20110709 2011-07-09
-
1.507
F-Secure 7.02.73807 2011.07.09.02 2011-07-09
-
0.228
Fortinet 4.2.257 13.415 2011-07-09
-
40.091
GData 22.860/22.213 20110709 2011-07-09
-
40.093
Ikarus T3.1.32.20.0 2011.07.09.78787 2011-07-09
-
4.817
JiangMin 13.0.900 2011.07.08 2011-07-08
-
40.092
Kaspersky 5.5.10 2011.07.09 2011-07-09
-
0.102
KingSoft 2009.2.5.15 2011.7.9.9 2011-07-09
-
40.091
McAfee 5400.1158 6401 2011-07-08
-
9.511
Microsoft 1.7000 2011.07.09 2011-07-09
-
40.096
NOD32 3.0.21 6265 2011-07-04
-
0.191
Norman 6.07.10 6.07.00 2011-07-09
-
14.027
nProtect 20110601.01 3460661 2011-06-01
-
40.090
Panda 9.05.01 2011.07.09 2011-07-09
-
40.099
Quick Heal 11.00 2011.07.09 2011-07-09
-
40.091
Rising 20.0 23.65.04.03 2011-07-08
-
40.090
Sophos 3.20.2 4.66 2011-07-09
-
3.807
Sunbelt 3.9.2497.2 9811 2011-07-08
-
40.092
Symantec 1.3.0.24 20110708.001 2011-07-08
-
0.246
The Hacker 6.7.0.1 v00250 2011-07-07
-
40.092
Trend Micro 9.200-1012 8.276.05 2011-07-09
-
0.136
VBA32 3.12.16.4 20110708.1439 2011-07-08
-
5.800
ViRobot 20110709 2011.07.09 2011-07-09
-
40.096
VirusBuster 5.3.0.4 14.0.116.0/5592318 2011-07-09
-
0.002
■Heuristic/Suspicious ■Exact
NB : ce fichier a déjà été analysé. Aussi, le résultat de l'analyse de ce fichier ne sera pas stocké dans la base de données
Presse-papier

Friendly

http://virscan.org/report/e2af444cdbe9b0ba842052d40a4f6f82.html