Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP does not shutdown


  • This topic is locked This topic is locked
3 replies to this topic

#1 kintot

kintot

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 05 September 2012 - 10:03 PM

ComboFix 12-09-05.02 - DA-RFU8 09/06/2012 9:06.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1789.1185 [GMT 8:00]
Running from: c:\documents and settings\DA-RFU8\My Documents\Downloads\Programs\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DEBUG.log
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))
.
.
2012-09-06 01:04 . 2012-09-06 01:04 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13A8AF2D-6BF2-4639-8BC7-1FAB2CD8615D}\MpKslbca1ede7.sys
2012-09-06 00:59 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13A8AF2D-6BF2-4639-8BC7-1FAB2CD8615D}\mpengine.dll
2012-09-06 00:57 . 2012-09-06 00:57 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-05 02:47 . 2012-09-05 13:51 -------- d-----w- c:\program files\7-Zip
2012-09-04 03:49 . 2012-09-06 00:56 -------- d-----w- c:\program files\Common Files\Java
2012-09-04 03:08 . 2012-09-04 03:08 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-03 12:48 . 2012-09-03 12:48 -------- d-----w- C:\drivers
2012-09-03 04:58 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-30 06:29 . 2012-08-30 06:29 -------- d-----w- c:\program files\CCleaner
2012-08-29 08:23 . 2012-08-29 08:23 -------- d-----w- c:\documents and settings\DA-RFU8\Application Data\GRASS6
2012-08-29 08:19 . 2012-08-29 08:41 -------- d-----w- c:\documents and settings\DA-RFU8\.qgis
2012-08-29 08:07 . 2012-08-29 08:14 -------- d-----w- c:\program files\Quantum GIS Lisboa
2012-08-29 06:14 . 2012-08-29 08:15 -------- d-----w- C:\OSGeo4W
2012-08-29 05:40 . 2012-08-29 05:40 -------- d-----w- c:\program files\Enigma Software Group
2012-08-29 05:40 . 2012-08-29 05:47 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-08-29 05:40 . 2012-08-29 05:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-29 00:31 . 2012-08-29 00:31 814 ----a-w- c:\documents and settings\DA-RFU8\Application Data\DA-RFU8v3.3.0.0.vbs
2012-08-23 06:20 . 2012-08-23 06:21 -------- d-----w- c:\documents and settings\DA-RFU8\Application Data\Notepad++
2012-08-23 06:20 . 2012-08-23 06:21 -------- d-----w- c:\program files\Notepad++
2012-08-19 14:13 . 2012-08-19 14:13 -------- d-----w- c:\program files\YourFileDownloader
2012-08-19 14:13 . 2012-08-19 14:13 -------- d-----w- c:\documents and settings\DA-RFU8\Application Data\YourFileDownloader
2012-08-19 13:12 . 2012-08-19 13:12 -------- d-----w- c:\documents and settings\DA-RFU8\Local Settings\Application Data\SlimWare Utilities Inc
2012-08-13 05:35 . 2012-08-13 05:35 5115584 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 03:08 . 2012-06-21 03:06 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-04 03:08 . 2012-06-21 03:06 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-04 03:08 . 2011-12-12 01:55 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-17 05:22 . 2012-05-23 23:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 05:22 . 2011-05-23 06:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-03-25 06:08 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-01 08:25 . 2011-05-23 06:21 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-29_06.03.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 00:05 . 2008-07-29 00:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2012-09-06 00:59 . 2012-09-06 00:59 16384 c:\windows\Temp\Perflib_Perfdata_3c0.dat
+ 2011-01-07 07:39 . 2011-01-07 07:39 51024 c:\windows\system32\vcomp100.dll
- 2010-03-18 01:15 . 2010-03-18 01:15 80720 c:\windows\system32\mfcm100u.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 80720 c:\windows\system32\mfcm100u.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 80208 c:\windows\system32\mfcm100.dll
- 2010-03-18 01:15 . 2010-03-18 01:15 80208 c:\windows\system32\mfcm100.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 60752 c:\windows\system32\mfc100rus.dll
- 2010-03-18 01:15 . 2010-03-18 01:15 60752 c:\windows\system32\mfc100rus.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 43344 c:\windows\system32\mfc100kor.dll
- 2010-03-18 01:15 . 2010-03-18 01:15 43344 c:\windows\system32\mfc100kor.dll
- 2010-03-18 01:15 . 2010-03-18 01:15 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 43856 c:\windows\system32\mfc100jpn.dll
- 2010-03-18 01:15 . 2010-03-18 01:15 62288 c:\windows\system32\mfc100ita.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 62288 c:\windows\system32\mfc100ita.dll
- 2010-03-18 01:15 . 2010-03-18 01:15 64336 c:\windows\system32\mfc100fra.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 64336 c:\windows\system32\mfc100fra.dll
- 2010-03-18 01:15 . 2010-03-18 01:15 63824 c:\windows\system32\mfc100esn.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 63824 c:\windows\system32\mfc100esn.dll
- 2010-03-18 01:15 . 2010-03-18 01:15 55120 c:\windows\system32\mfc100enu.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 55120 c:\windows\system32\mfc100enu.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 64336 c:\windows\system32\mfc100deu.dll
- 2010-03-18 01:15 . 2010-03-18 01:15 64336 c:\windows\system32\mfc100deu.dll
- 2010-03-18 01:15 . 2010-03-18 01:15 36176 c:\windows\system32\mfc100cht.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 36176 c:\windows\system32\mfc100cht.dll
- 2010-03-18 01:15 . 2010-03-18 01:15 36176 c:\windows\system32\mfc100chs.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 36176 c:\windows\system32\mfc100chs.dll
+ 2012-08-31 00:18 . 2012-08-31 00:18 28672 c:\windows\Installer\11018e.msi
+ 2008-07-29 00:05 . 2008-07-29 00:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2011-11-06 07:10 . 2012-06-04 09:35 222448 c:\windows\system32\muweb.dll
+ 2012-09-04 03:09 . 2012-09-04 03:08 246760 c:\windows\system32\javaws.exe
+ 2012-09-04 03:08 . 2012-09-04 03:08 174056 c:\windows\system32\javaw.exe
+ 2012-09-04 03:08 . 2012-09-04 03:08 174056 c:\windows\system32\java.exe
+ 2011-01-07 07:39 . 2011-01-07 07:39 137544 c:\windows\system32\atl100.dll
+ 2012-09-04 03:49 . 2012-09-04 03:49 176128 c:\windows\Installer\c69d84.msi
+ 2012-09-04 03:08 . 2012-09-04 03:08 873984 c:\windows\Installer\a0d126.msi
+ 2012-09-04 02:13 . 2012-09-04 02:13 206336 c:\windows\Installer\6e50ae.msi
+ 2012-08-29 08:14 . 2012-08-29 08:14 151552 c:\windows\Installer\1bcb164.msi
+ 2012-08-29 08:13 . 2012-08-29 08:13 228352 c:\windows\Installer\1bcb15e.msi
+ 2012-08-29 08:13 . 2012-08-29 08:13 331264 c:\windows\Installer\1bcb154.msi
+ 2008-07-29 00:05 . 2008-07-29 00:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2012-09-04 15:22 . 2012-09-06 00:57 1433332 c:\windows\system32\Restore\rstrlog.dat
- 2010-03-18 01:15 . 2010-03-18 01:15 4368720 c:\windows\system32\mfc100u.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 4368720 c:\windows\system32\mfc100u.dll
+ 2011-01-07 07:39 . 2011-01-07 07:39 4342600 c:\windows\system32\mfc100.dll
+ 2008-03-20 10:06 . 2008-03-20 10:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2011-01-07 12:10 . 2011-01-07 12:10 3991040 c:\windows\Installer\a0d13c.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 07:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 07:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 07:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 07:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\DA-RFU8\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-31 138096]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-12-04 3437976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-10 2221352]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-08-15 824224]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-06 13762560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-26 434080]
.
c:\documents and settings\DA-RFU8\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\documents and settings\DA-RFU8\Local Settings\Application Data\Facebook\Messenger\2.1.4623.0\FacebookMessenger.exe [2012-8-28 246704]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-6-11 576000]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^DA-RFU8^Start Menu^Programs^Startup^Red Alert 3.lnk]
path=c:\documents and settings\DA-RFU8\Start Menu\Programs\Startup\Red Alert 3.lnk
backup=c:\windows\pss\Red Alert 3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-21 17:18 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\BitLord 1.2\\Bitlord files\\bitlord.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\DA-RFU8\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\DA-RFU8\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\YourFileDownloader\\Downloader.exe"=
"c:\\Program Files\\YourFileDownloader\\YourFile.exe"=
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [11/14/2011 9:39 PM 101616]
R1 MpKslbca1ede7;MpKslbca1ede7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13A8AF2D-6BF2-4639-8BC7-1FAB2CD8615D}\MpKslbca1ede7.sys [9/6/2012 9:04 AM 29904]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7/26/2012 7:40 PM 794560]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [3/25/2010 2:31 PM 159744]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/26/2010 1:07 AM 35088]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 8:00 PM 14336]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys [3/21/2011 4:44 PM 5230088]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [12/25/2011 11:20 AM 135168]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2010 1:40 PM 135664]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 7:12 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/24/2012 7:59 AM 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/25/2010 2:33 PM 1684736]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [12/25/2011 11:20 AM 103424]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [11/16/2010 1:04 PM 42432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2010 1:40 PM 135664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [11/11/2011 8:03 PM 100736]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/1/2012 8:14 AM 113120]
S3 MUD;Driver for Magellan USB Device;c:\windows\system32\drivers\MUD.sys [5/26/2011 6:58 PM 51200]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [3/21/2011 4:44 PM 5230088]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [3/25/2010 2:30 PM 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLBCA1EDE7
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RPCQT
RPCQT
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 05:22]
.
2012-08-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-DARFU8-DA-RFU8.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-11-03 19:44]
.
2012-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2012-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-484763869-1060284298-682003330-1004Core.job
- c:\documents and settings\DA-RFU8\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-17 05:02]
.
2012-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-484763869-1060284298-682003330-1004UA.job
- c:\documents and settings\DA-RFU8\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-17 05:02]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 05:40]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 05:40]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1060284298-682003330-1004Core.job
- c:\documents and settings\DA-RFU8\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-23 01:33]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1060284298-682003330-1004UA.job
- c:\documents and settings\DA-RFU8\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-23 01:33]
.
2012-09-06 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 06:28]
.
2012-09-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 09:03]
.
2012-09-06 c:\windows\Tasks\YourFile Update.job
- c:\program files\YourFileDownloader\YourFileUpdater.exe [2012-08-19 14:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ph/
mWindow Title = Microsoft Internet Explorer
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 121.1.3.81
FF - ProfilePath - c:\documents and settings\DA-RFU8\Application Data\Mozilla\Firefox\Profiles\ympartod.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.ftp - 200.89.143.114
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 200.89.143.114
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 200.89.143.114
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 200.89.143.114
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 0800ccaa00000000000000ffcff836f7
FF - user.js: extensions.BabylonToolbar_i.hardId - 0800ccaa00000000000000ffcff836f7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15312
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:00
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100490
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-06 09:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{01c1be38-efa9-4e03-9680-1b13ccdfbfff}]
@Denied: (Full) (Everyone)
"Model"=dword:0000005e
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a3,f8,bf,68,f2,ee,09,11,70,e7,79,43,40,b9,ac,6a,b2,ca,11,63,f1,
c2,13,df,4a,0c,7e,fc,7c,47,33,be,fb,55,fb,1d,54,d8,bb,63,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):9c,3d,13,c1,5b,cf,ac,21,2d,d3,4b,ad,08,5a,00,f3,4a,f5,cb,b3,1f,
75,dc,34,5e,91,7d,3c,92,95,6f,56,f3,00,5c,d7,78,1b,c1,2c,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c6c339e1-b6ac-44d6-bed1-1c1adcb2f113}]
@Denied: (Full) (Everyone)
"Model"=dword:00000151
"Therad"=dword:00000014
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1232)
c:\windows\system32\nvLsp.dll
.
Completion time: 2012-09-06 09:16:08
ComboFix-quarantined-files.txt 2012-09-06 01:16
ComboFix2.txt 2012-08-29 06:05
.
Pre-Run: 31,542,284,288 bytes free
Post-Run: 31,641,563,136 bytes free
.
- - End Of File - - 45F7863E112BE7208D9DA9B0DF37299A

*Moderator Edit: Moved topic from XP to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 06 September 2012 - 07:11 AM.


BC AdBot (Login to Remove)

 


#2 kintot

kintot
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 05 September 2012 - 10:06 PM

i also tried scanning using HIJACKTHIS and these are the log results:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:58 AM, on 9/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ChgService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\DA-RFU8\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DA-RFU8\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DA-RFU8\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DA-RFU8\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DA-RFU8\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\DA-RFU8\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\DA-RFU8\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DA-RFU8\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DA-RFU8\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DA-RFU8\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DA-RFU8\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DA-RFU8\My Documents\Downloads\Programs\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\DA-RFU8\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346727736578
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\WINDOWS\system32\ChgService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Micro Star SCM - Micro-Star Int'l Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12220 bytes

-----------------------

please help me, i know my system may crash if i continue to shutdown by pressing the power button. i don't want that to happen.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:18 PM

Posted 10 September 2012 - 08:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Remove the AdWare, PUP (Potentially Unwanted Program) found.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please post the logs and let me know if the problem persists.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:18 PM

Posted 15 September 2012 - 08:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users