Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Problem + Computer Crash


  • This topic is locked This topic is locked
1 reply to this topic

#1 Steffanie

Steffanie

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 12 August 2009 - 12:33 PM

Hello All,
Last night my anti-spyware/malware program, ESET Smart Security, suddenly caught 3 trojans. I don't even remember the site I had been looking at; I was admittedly just surfing the net without paying much attention. Then, every time I attempted to go to a different website, the page said 'Connection interrupted/Connection was interrupted while negotiating a connection.' When I noticed ESET's alerts, I immediately began running the program's spyware sweep. It found only four "infiltrations," which were cleaned and removed by the program. But, when I attempted to launch Firefox, the page said 'Connection interrupted/Connection was interrupted while negotiating a connection' once again, even though my Network Connection information said my computer was connected to the internet at 100 Mbps. So I re-ran ESET, and it wasn't finding anything.
Finally, I decided to use ComboFix, since I've used that program in the past with great results. I let the program do its thing, and waited until after it was completely finished before trying to use Firefox again. The exact same message appeared for every website I tried to go to: 'Connection interrupted/Connection was interrupted while negotiating a connection.' The next thing I know, the computer acts as though it's all tied-up/lagging, and then a blue screen came up right before the computer restarted itself. Upon restart, I got a Windows message saying the system had recovered from a serious error. Over the course of the night--while not being able to connect to the internet--the computer crashed two more times.
Today, I still cannot connect to the internet using that computer. All other computers/laptops in my household are connecting fine, with no obvious problems. So I'm at a loss as to what else is wrong with my PC, and I'd really appreciate some help. Here is ComboFix's log:

ComboFix 09-08-10.06 - Steffanie 08/11/2009 21:06.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1718 [GMT -6:00]
Running from: L:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Installer\113a7a17.msp
c:\windows\Installer\131fa382.msp
c:\windows\Installer\140c4beb.msp
c:\windows\Installer\18ec38.msp
c:\windows\Installer\3edc28c.msp
c:\windows\Installer\407334.msp
c:\windows\Installer\a8d6947.msp
c:\windows\Installer\fb3cd56.msp
c:\windows\system32\drivers\SKYNETqjsxxngw.sys
c:\windows\system32\SKYNETdrieilas.dat
c:\windows\system32\SKYNETmgparmpx.dat
c:\windows\system32\SKYNETurwqbrvv.dll
c:\windows\system32\SKYNETywblhtiq.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.

2009-08-12 00:08 . 2009-08-12 00:08 45344 ----a-w- c:\windows\system32\drivers\bir9f1c.sys
2009-07-18 00:51 . 2009-07-18 00:51 -------- d-----w- c:\documents and settings\Steffanie\Local Settings\Application Data\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 00:32 . 2008-02-09 00:52 -------- d-----w- c:\documents and settings\Chris\Application Data\Canon
2009-06-27 02:31 . 2005-12-20 16:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-20 19:11 . 2007-10-11 19:53 -------- d-----w- c:\program files\Coupons
2009-06-19 03:46 . 2007-12-18 03:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-18 22:04 . 2009-06-18 22:04 -------- d-----w- c:\documents and settings\Chris\Application Data\ESET
2009-06-18 21:31 . 2009-06-18 21:31 -------- d-----w- c:\documents and settings\Steffanie\Application Data\ESET
2009-06-18 20:39 . 2009-06-18 20:39 -------- d-----w- c:\documents and settings\Stevebo\Application Data\ESET
2009-06-18 20:38 . 2009-06-18 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-18 19:17 . 2007-06-29 05:16 -------- d-----w- c:\documents and settings\Stevebo\Application Data\Vista Start Menu
2009-06-15 18:32 . 2006-05-10 04:50 -------- d-----w- c:\program files\Quicken
2009-06-13 22:46 . 2009-06-13 22:46 3616768 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181311-181414.dll
2009-06-13 22:45 . 2009-06-13 22:45 997 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2009-06-13 22:45 . 2009-06-13 22:45 2904064 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\18154-181625.dll
2009-06-13 22:45 . 2009-06-13 22:45 1007616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181129-181212.dll
2009-06-13 22:45 . 2009-06-13 22:45 242976 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2009-06-13 22:45 . 2009-06-13 22:45 1536000 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181414-18154.dll
2009-06-13 22:45 . 2009-06-13 22:45 811008 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181212-181311.dll
2009-06-13 22:45 . 2009-06-13 22:45 223584 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2009-06-13 22:45 . 2006-05-07 04:57 73248 ----a-w- c:\documents and settings\Stevebo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-13 22:44 . 2009-06-13 22:44 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-06-03 05:00 . 2009-06-03 05:00 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2007-08-26 03:13 . 2007-08-26 03:13 4729220 ----a-w- c:\program files\Citrix.9.0.0.F.P01.EXE
2007-08-26 02:54 . 2007-08-26 02:54 711 ----a-w- c:\program files\metaframe_ica.jsp
2006-09-14 19:41 . 2006-09-14 19:41 2238 ---ha-w- c:\program files\Ikona1311763278.ico
.

((((((((((((((((((((((((((((( SnapShot@2009-06-18_20.16.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-12-19 23:49 . 2009-08-12 03:02 63188 c:\windows\system32\perfc009.dat
- 2005-12-19 23:49 . 2009-06-18 20:16 63188 c:\windows\system32\perfc009.dat
+ 2007-12-19 05:55 . 2009-08-04 23:43 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2005-12-20 01:06 . 2009-08-12 02:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-20 01:06 . 2009-06-18 19:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-20 01:06 . 2009-06-18 19:51 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-12-20 01:06 . 2009-08-12 02:58 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-01-27 05:16 . 2007-01-27 05:16 94208 c:\windows\Installer\f2da6c3.msi
+ 2007-04-18 23:40 . 2007-04-18 23:40 48128 c:\windows\Installer\91e0e9d.msi
+ 2009-06-27 02:30 . 2009-06-27 02:30 10134 c:\windows\Installer\{13515135-48BB-4184-8C1F-2FAE0138E200}\ARPPRODUCTICON.exe
+ 2005-12-19 23:49 . 2004-08-04 12:00 66048 c:\windows\I386\WINNT32.MSI
+ 2005-12-19 23:49 . 2009-08-12 03:02 403968 c:\windows\system32\perfh009.dat
- 2005-12-19 23:49 . 2009-06-18 20:16 403968 c:\windows\system32\perfh009.dat
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-08-26 00:14 . 2007-08-26 00:14 282624 c:\windows\Installer\d67ea.msi
+ 2008-08-16 23:08 . 2008-08-16 23:08 532992 c:\windows\Installer\d33cce.msi
+ 2005-12-20 16:30 . 2005-12-20 16:30 181248 c:\windows\Installer\d03bd.msi
+ 2005-12-20 01:07 . 2005-12-20 01:07 264704 c:\windows\Installer\baf7.msi
+ 2009-02-17 01:10 . 2009-02-17 01:10 157184 c:\windows\Installer\b98ac.msi
+ 2009-02-17 01:09 . 2009-02-17 01:09 425984 c:\windows\Installer\b98a6.msi
+ 2006-11-11 06:27 . 2006-11-11 06:27 291328 c:\windows\Installer\9ecb7c7.msi
+ 2007-04-18 23:40 . 2007-04-18 23:40 501248 c:\windows\Installer\91e0edf.msi
+ 2007-04-18 23:40 . 2007-04-18 23:40 501248 c:\windows\Installer\91e0ec7.msi
+ 2007-04-18 23:40 . 2007-04-18 23:40 506880 c:\windows\Installer\91e0ec1.msi
+ 2007-04-18 23:40 . 2007-04-18 23:40 516608 c:\windows\Installer\91e0eb9.msi
+ 2007-04-18 23:40 . 2007-04-18 23:40 513024 c:\windows\Installer\91e0ea9.msi
+ 2007-04-18 23:39 . 2007-04-18 23:39 501248 c:\windows\Installer\91e0e80.msi
+ 2006-05-05 04:30 . 2006-05-05 04:30 353280 c:\windows\Installer\899b9c.msi
+ 2006-05-07 07:33 . 2006-05-07 07:33 940032 c:\windows\Installer\85e7f2.msi
+ 2007-01-31 07:45 . 2007-01-31 07:45 188928 c:\windows\Installer\6fe0a72.msi
+ 2006-10-01 04:54 . 2006-10-01 04:54 618496 c:\windows\Installer\6eda9ab.msi
+ 2007-12-16 20:14 . 2007-12-16 20:14 912384 c:\windows\Installer\54b9f52.msi
+ 2007-05-09 21:27 . 2007-05-09 21:27 809984 c:\windows\Installer\50012ae.msi
+ 2006-06-13 21:12 . 2006-06-13 21:12 509440 c:\windows\Installer\4073d1.msp
+ 2007-08-26 03:14 . 2007-08-26 03:14 837632 c:\windows\Installer\3645c8.msi
+ 2007-01-10 08:32 . 2007-01-10 08:32 428544 c:\windows\Installer\34d82a58.msi
+ 2007-01-10 08:29 . 2007-01-10 08:29 428544 c:\windows\Installer\34d82a3a.msi
+ 2009-06-27 02:30 . 2009-06-27 02:30 902656 c:\windows\Installer\2605e.msi
+ 2006-05-08 05:41 . 2006-05-08 05:41 227840 c:\windows\Installer\2508e79.msi
+ 2006-05-12 05:38 . 2006-05-12 05:38 171008 c:\windows\Installer\24409.msi
+ 2007-05-14 23:35 . 2007-05-14 23:35 124928 c:\windows\Installer\1f3566.msi
+ 2007-11-15 15:06 . 2007-11-15 15:06 282624 c:\windows\Installer\1bcfe7.msi
+ 2007-05-14 22:58 . 2007-05-14 22:58 470528 c:\windows\Installer\18971d42.msi
+ 2006-05-29 03:26 . 2006-05-29 03:26 201728 c:\windows\Installer\16dbeff5.msi
+ 2006-12-13 07:06 . 2006-12-13 07:06 903168 c:\windows\Installer\166b2499.msi
+ 2007-04-30 04:46 . 2007-04-30 04:46 268800 c:\windows\Installer\10e983ab.msi
+ 2006-05-05 04:29 . 2006-05-05 04:29 426012 c:\windows\Downloaded Installations\Calculator Powertoy for Windows XP.msi
+ 2006-06-04 06:17 . 2005-04-04 08:07 982016 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\ISScript11.Msi
+ 2006-08-19 00:02 . 2005-04-04 08:07 982016 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\ISScript11.Msi
+ 2005-12-19 23:49 . 2004-08-04 12:00 1326080 c:\windows\system32\webfldrs.msi
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2004-10-19 19:07 . 2004-10-19 19:07 5077504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp
+ 2007-06-15 03:40 . 2007-06-15 03:40 3233280 c:\windows\Installer\ffef6.msi
+ 2007-06-15 03:38 . 2007-06-15 03:38 1954304 c:\windows\Installer\ffeef.msi
+ 2007-06-15 03:37 . 2007-06-15 03:37 1826816 c:\windows\Installer\ffee9.msi
+ 2007-06-15 03:37 . 2007-06-15 03:37 1726976 c:\windows\Installer\ffed1.msi
+ 2007-06-15 03:37 . 2007-06-15 03:37 1730048 c:\windows\Installer\ffecb.msi
+ 2007-06-15 03:36 . 2007-06-15 03:36 1735680 c:\windows\Installer\ffec5.msi
+ 2007-06-15 03:36 . 2007-06-15 03:36 2078208 c:\windows\Installer\ffebf.msi
+ 2007-06-15 03:35 . 2007-06-15 03:35 2159104 c:\windows\Installer\ffeb1.msi
+ 2007-06-15 03:34 . 2007-06-15 03:34 1715712 c:\windows\Installer\ffeab.msi
+ 2007-06-15 03:34 . 2007-06-15 03:34 1761792 c:\windows\Installer\ffea4.msi
+ 2007-06-15 03:33 . 2007-06-15 03:33 1753088 c:\windows\Installer\ffe9e.msi
+ 2007-06-15 03:33 . 2007-06-15 03:33 1720832 c:\windows\Installer\ffe98.msi
+ 2007-06-15 03:33 . 2007-06-15 03:33 2595840 c:\windows\Installer\ffe92.msi
+ 2007-06-15 03:30 . 2007-06-15 03:30 1826304 c:\windows\Installer\ffe8c.msi
+ 2007-06-15 03:30 . 2007-06-15 03:30 1716736 c:\windows\Installer\ffe86.msi
+ 2007-06-15 03:30 . 2007-06-15 03:30 1772544 c:\windows\Installer\ffe80.msi
+ 2005-12-20 17:24 . 2005-12-20 17:24 5864960 c:\windows\Installer\f0b71.msp
+ 2007-08-26 01:27 . 2007-08-26 01:27 9994240 c:\windows\Installer\bf6a2.msi
+ 2005-12-20 01:10 . 2005-12-20 01:10 2250752 c:\windows\Installer\bafc.msi
+ 2009-06-13 22:44 . 2009-06-13 22:44 3960320 c:\windows\Installer\b654e.msi
+ 2007-05-28 23:21 . 2007-05-28 23:21 4272128 c:\windows\Installer\b2f5d.msi
+ 2007-03-24 22:57 . 2007-03-24 22:57 5135360 c:\windows\Installer\a830110.msp
+ 2007-03-27 23:14 . 2007-03-27 23:14 5566464 c:\windows\Installer\a8300fc.msp
+ 2007-04-18 23:40 . 2007-04-18 23:40 1652736 c:\windows\Installer\91e0ed9.msi
+ 2007-04-18 23:40 . 2007-04-18 23:40 1652736 c:\windows\Installer\91e0ed3.msi
+ 2007-04-18 23:40 . 2007-04-18 23:40 1652736 c:\windows\Installer\91e0ecd.msi
+ 2007-04-18 23:39 . 2007-04-18 23:39 1640960 c:\windows\Installer\91e0e93.msi
+ 2007-04-18 23:39 . 2007-04-18 23:39 2022912 c:\windows\Installer\91e0e8d.msi
+ 2007-04-18 23:39 . 2007-04-18 23:39 1713152 c:\windows\Installer\91e0e86.msi
+ 2007-04-18 23:39 . 2007-04-18 23:39 2397184 c:\windows\Installer\91e0e7a.msi
+ 2006-06-04 05:59 . 2006-06-04 05:59 8979968 c:\windows\Installer\9109cb.msi
+ 2006-07-07 21:38 . 2006-07-07 21:38 2919936 c:\windows\Installer\8e42744.msi
+ 2008-04-10 17:27 . 2008-04-10 17:27 3620864 c:\windows\Installer\7f081a.msi
+ 2006-12-04 20:51 . 2006-12-04 20:51 5250560 c:\windows\Installer\77a5bb3.msp
+ 2005-12-20 01:15 . 2005-12-20 01:15 3443712 c:\windows\Installer\7473c.msi
+ 2006-05-11 21:04 . 2009-06-25 19:03 3817472 c:\windows\Installer\66dbb20.msi
+ 2006-05-07 04:57 . 2006-05-07 04:57 2255360 c:\windows\Installer\5f4309.msi
+ 2007-06-16 04:59 . 2007-06-16 04:59 1879040 c:\windows\Installer\5848f1e.msi
+ 2007-06-16 04:58 . 2007-06-16 04:58 1767424 c:\windows\Installer\5848f18.msi
+ 2007-06-04 02:31 . 2007-06-04 02:31 4771840 c:\windows\Installer\52f5c26.msi
+ 2007-07-06 22:06 . 2007-07-06 22:06 2373120 c:\windows\Installer\411e2f6.msi
+ 2006-09-19 23:13 . 2006-09-19 23:13 8272896 c:\windows\Installer\407447.msp
+ 2006-10-12 17:50 . 2006-10-12 17:50 1091584 c:\windows\Installer\407427.msp
+ 2006-12-19 22:42 . 2006-12-19 22:42 4008448 c:\windows\Installer\4073c3.msp
+ 2006-12-19 22:42 . 2006-12-19 22:42 6649856 c:\windows\Installer\4073c2.msp
+ 2006-07-18 00:11 . 2006-07-18 00:11 4578816 c:\windows\Installer\407393.msp
+ 2006-09-11 19:19 . 2006-09-11 19:19 6253056 c:\windows\Installer\40737c.msp
+ 2006-08-16 05:36 . 2006-08-16 05:36 5206528 c:\windows\Installer\407366.msp
+ 2006-05-07 04:16 . 2006-05-07 04:16 3035648 c:\windows\Installer\3582cf.msi
+ 2003-10-30 05:11 . 2003-10-30 05:11 4726784 c:\windows\Installer\3582c0.msp
+ 2006-10-06 22:15 . 2006-10-06 22:15 5185024 c:\windows\Installer\34d82a4f.msp
+ 2006-05-07 05:54 . 2006-05-07 05:54 8448512 c:\windows\Installer\287132.msi
+ 2006-05-07 05:51 . 2006-05-07 05:51 4337664 c:\windows\Installer\28712b.msi
+ 2009-06-03 05:08 . 2009-06-03 05:08 4074496 c:\windows\Installer\28504c6.msi
+ 2009-06-03 05:05 . 2009-06-03 05:05 8992256 c:\windows\Installer\2850190.msi
+ 2009-06-03 05:02 . 2009-06-03 05:02 3295232 c:\windows\Installer\284fefb.msi
+ 2007-05-14 23:40 . 2007-05-14 23:40 2109440 c:\windows\Installer\1f3573.msi
+ 2009-06-01 04:08 . 2009-06-01 04:08 1659392 c:\windows\Installer\1c8a90c.msi
+ 2006-09-19 06:23 . 2006-09-19 06:23 4669952 c:\windows\Installer\1bac5886.msi
+ 2005-10-26 20:59 . 2005-10-26 20:59 2883072 c:\windows\Installer\1a05e8.msp
+ 2006-05-07 03:48 . 2006-05-07 03:48 5922816 c:\windows\Installer\1a05d2.msi
+ 2007-02-12 23:30 . 2007-02-12 23:30 5235200 c:\windows\Installer\18ec89.msp
+ 2007-01-19 17:46 . 2007-01-19 17:46 6814208 c:\windows\Installer\18ec73.msp
+ 2006-12-18 18:48 . 2006-12-18 18:48 5444096 c:\windows\Installer\18ec49.msp
+ 2007-01-24 14:48 . 2007-01-24 14:48 9804800 c:\windows\Installer\18ec36.msp
+ 2006-11-20 23:37 . 2006-11-20 23:37 6553088 c:\windows\Installer\18ebed.msp
+ 2007-04-09 05:32 . 2007-04-09 05:32 5131264 c:\windows\Installer\18971d27.msp
+ 2007-03-31 05:21 . 2007-03-31 05:21 3886080 c:\windows\Installer\18971d13.msp
+ 2007-03-31 05:17 . 2007-03-31 05:17 9589248 c:\windows\Installer\18971cea.msp
+ 2006-08-24 04:35 . 2006-08-24 04:35 3682304 c:\windows\Installer\16543cd2.msi
+ 2006-11-20 20:42 . 2006-11-20 20:42 9713664 c:\windows\Installer\140c4c05.msp
+ 2008-12-01 22:51 . 2008-12-01 22:51 1549312 c:\windows\Installer\136859.msi
+ 2008-02-04 20:29 . 2008-02-04 20:29 1840640 c:\windows\Installer\12bc863.msi
+ 2008-02-04 20:27 . 2008-02-04 20:27 1768448 c:\windows\Installer\12bc7ab.msi
+ 2006-08-10 03:49 . 2006-08-10 03:49 5228544 c:\windows\Installer\112cf404.msp
+ 2008-02-23 04:05 . 2008-02-23 04:05 3112448 c:\windows\Installer\111145a.msi
+ 2007-05-09 21:27 . 2007-05-09 21:27 6809228 c:\windows\Downloaded Installations\{8379D168-79F6-4394-81A2-BB1944E8F892}\Adobe Photoshop Album 3 SE.msi
+ 2006-06-04 06:17 . 2006-05-08 16:37 9934848 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\iTunes.msi
+ 2006-08-19 00:02 . 2006-06-19 22:04 9934848 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\iTunes.msi
+ 2005-09-23 14:48 . 2005-09-23 14:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2005-12-20 17:22 . 2005-12-20 17:22 19210240 c:\windows\Installer\f0b6a.msp
+ 2007-04-19 00:05 . 2007-04-19 00:05 12836352 c:\windows\Installer\91e195d.msi
+ 2005-08-08 21:25 . 2005-08-08 21:25 97385984 c:\windows\Installer\51f83eb.msp
+ 2006-09-27 21:28 . 2006-09-27 21:28 10256384 c:\windows\Installer\40741a.msp
+ 2006-09-19 18:23 . 2006-09-19 18:23 12292096 c:\windows\Installer\4073f1.msp
+ 2006-09-13 05:44 . 2006-09-13 05:44 13737984 c:\windows\Installer\40734e.msp
+ 2006-09-19 06:21 . 2006-09-19 06:21 13121024 c:\windows\Installer\1bac587f.msi
+ 2006-09-19 06:20 . 2006-09-19 06:20 10113024 c:\windows\Installer\1bac587d.msi
+ 2007-01-18 21:29 . 2007-01-18 21:29 10978816 c:\windows\Installer\18ec0d.msp
+ 2007-03-31 05:19 . 2007-03-31 05:19 10893312 c:\windows\Installer\18971d3b.msp
+ 2007-04-22 03:16 . 2007-04-22 03:16 12490752 c:\windows\Installer\18971cfe.msp
+ 2007-03-31 05:22 . 2007-03-31 05:22 10125824 c:\windows\Installer\18971cd6.msp
+ 2005-08-24 18:26 . 2005-08-24 18:26 98656256 c:\windows\Downloaded Installations\Macromedia Fireworks 8\Macromedia Fireworks 8.msi
+ 2006-06-04 05:57 . 2006-06-04 05:57 33954304 c:\windows\Downloaded Installations\{D5FDC8CF-EBAF-46BA-A5CF-E9E4A542C45D}\iPod for Windows 2006-03-23.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-09-28 8740864]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

c:\documents and settings\Stevebo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-5-6 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
acrobat assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
CU VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-2-22 6144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 22:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 1:02 PM 1213728]
S0 bir9f1c;bir9f1c;\SystemRoot\\SystemRoot\System32\drivers\bir9f1c.sys --> \SystemRoot\\SystemRoot\System32\drivers\bir9f1c.sys [?]
S1 cab37f35.sys;cab37f35.sys;\??\c:\windows\System32\drivers\cab37f35.sys --> c:\windows\System32\drivers\cab37f35.sys [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [8/25/2007 7:28 PM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [8/25/2007 7:28 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [8/25/2007 7:28 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [8/25/2007 7:24 PM 10368]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [5/8/2006 11:39 PM 10880]
.
Contents of the 'Scheduled Tasks' folder

2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-08-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-12-06 16:38]

2009-08-12 c:\windows\Tasks\QuickConnectSupportTask.job
- c:\program files\Qwest\QuickConnect\QuickConnect.exe [2009-02-17 21:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://support.intel.com/design/motherbd/boardid/BoardID.cab
FF - ProfilePath - c:\documents and settings\Steffanie\Application Data\Mozilla\Firefox\Profiles\g55yohpx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
.
Completion time: 2009-08-12 21:21
ComboFix-quarantined-files.txt 2009-08-12 03:21
ComboFix2.txt 2009-07-18 17:42
ComboFix3.txt 2009-06-18 20:23

Pre-Run: 118,768,189,440 bytes free
Post-Run: 118,738,378,752 bytes free

309

Edited by Steffanie, 12 August 2009 - 01:18 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:35 AM

Posted 12 August 2009 - 02:36 PM

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I Infected forum.
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users