Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplorer.exe virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 fle82

fle82

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 12 July 2011 - 03:16 AM

My computer was infected with this virus due to p2p software use (soulseek). I posted on a different forum and went through the combofix procedure. Supposedly, there are no malicious registry entries. However, I am still experiencing problems with certain programs' performance as well as the over all speed of my computer. I specifically notice a difference in the speed of programs when using more than one program at once. I figured it would be smart to get a second opinion. In addition to the computer's performance issues I also have a windows security alert on my taskbar indicating that windows does not detect anti virus software when, in fact, StopZilla is installed and functional. I'd appreciate any help or useful information you can offer. Thank you very much in advance.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 21:59:13 on 2011-07-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.762 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Security Task Manager\taskman.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [EM_EXEC] c:\progra~1\mousew~1\system\EM_EXEC.EXE
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [DeviceDiscovery] c:\program files\hp\digital imaging\bin\hpotdd01.exe
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248257514515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{7B62F7F3-6791-426D-84CC-5DEED32FBC06} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CB6ECC24-6CD3-47DA-B4AA-D711B3457265} : NameServer = 209.18.47.61,209.18.47.62
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-24 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-24 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-07-12 04:30:34 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2011-07-12 04:30:28 -------- d-----w- c:\program files\Security Task Manager
2011-07-11 18:20:06 -------- d-----w- c:\program files\iPod
2011-07-11 18:19:45 -------- d-----w- c:\program files\iTunes
2011-07-11 18:18:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-07-11 18:18:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-07-11 18:18:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-07-11 18:18:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-07-11 18:18:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-07-11 18:18:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-07-11 18:18:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-07-11 18:16:34 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-07-11 18:16:34 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-07-11 18:15:53 -------- d-----w- c:\program files\Bonjour
2011-07-09 15:23:07 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-09 15:23:07 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-09 15:21:55 -------- d-----w- C:\sysprep
2011-07-09 14:47:29 518144 ----a-w- c:\windows\6b7be58444f61fda867e50a4fef3db11.szcpf
2011-07-08 05:45:57 -------- d-----w- c:\program files\Apple Software Update(2)
2011-07-04 08:56:41 -------- d-----w- c:\program files\STOPzilla!
2011-07-04 08:51:06 -------- d-----w- c:\program files\common files\iS3
2011-07-03 19:49:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-01 01:13:46 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-07-01 01:13:46 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-07-01 01:13:46 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-07-01 01:13:46 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-07-01 01:13:44 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-07-01 01:13:44 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-07-01 01:13:44 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-07-01 01:13:44 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-07-01 01:13:44 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-07-01 01:13:42 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-07-01 01:13:42 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-07-01 01:13:42 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-06-30 18:50:06 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-06-30 18:49:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-29 22:15:47 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-29 22:15:46 -------- d-----w- c:\program files\Trend Micro
2011-06-29 19:32:57 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-29 19:31:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-29 19:31:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-25 19:05:31 -------- d-----w- c:\documents and settings\owner\application data\AVS4YOU
2011-06-25 19:05:29 -------- d-----w- c:\documents and settings\all users\application data\AVS4YOU
2011-06-25 19:01:47 -------- d-----w- c:\program files\common files\AVSMedia
2011-06-25 19:01:40 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-06-25 19:01:40 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-06-25 19:01:40 -------- d-----w- c:\program files\AVS4YOU
2011-06-25 03:56:13 -------- d-----w- c:\documents and settings\owner\local settings\application data\uTorrent
2011-06-25 03:56:13 -------- d-----w- c:\documents and settings\owner\application data\uTorrent
2011-06-25 03:23:12 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-06-24 06:52:12 -------- d-----w- c:\documents and settings\owner\application data\Xilisoft
2011-06-24 03:05:39 124688 ----a-w- c:\windows\system32\mswinsck.ocx
2011-06-24 02:42:59 499712 ----a-r- c:\windows\system32\msvcp71.dll
2011-06-24 02:42:58 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-06-24 02:42:58 348160 ----a-r- c:\windows\system32\msvcr71.dll
2011-06-24 02:42:58 1060864 ----a-r- c:\windows\system32\mfc71.dll
2011-06-24 01:30:48 -------- d-----w- c:\documents and settings\owner\application data\NeroDCTemplates
2011-06-24 00:38:25 -------- d-----w- c:\program files\Nero
2011-06-23 21:11:42 81920 ----a-w- c:\documents and settings\owner\application data\ezpinst.exe
2011-06-23 21:11:42 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-06-23 21:11:31 -------- d-----w- c:\documents and settings\all users\application data\DVDXStudio
2011-06-20 07:53:21 -------- d-----w- c:\program files\Realtek AC97
2011-06-16 04:19:46 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
==================== Find3M ====================
.
2011-07-03 19:50:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-03 19:48:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-30 22:42:16 14 ----a-w- c:\windows\system32\SystemInfo32.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 22:01:02.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:10 PM

Posted 26 July 2011 - 06:03 PM

please post your ComboFix log(s)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:10 PM

Posted 31 July 2011 - 01:31 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users