Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD in Safe Mode


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,363 posts
  • MVP
TDSSKiller found nothing which is good.

Bitdefender
If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.

Are you still seeing any problems?

Ron

Edited by RKinner, 13 June 2010 - 10:38 AM.

  • 0

Advertisements


#17
bg111

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Hi Ron

Yeah, i use Firefox, I tried to open it in IE8 and do the things you said but an error message appears 'The instruction at "0x0ad70068" referenced memory at "0x0ad70068". The memory could not be "written". I still could not see a bar in IE8 or in Firefox still.
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,363 posts
  • MVP
Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

I'm going to be out for about 7 hours.

Ron

Edited by RKinner, 13 June 2010 - 11:27 AM.

  • 0

#19
bg111

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinZBot1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined


Bifrost appeared again as it was scanning.
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,363 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check.
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, and then restart your computer to start the disk check. Usually takes about an hour or more.

Then try the thing with IE again just to see if you still get the error. If so in IE, Tools, Internet Options, Advanced and then hit the RESET button. After it resets, try it again.

Not sure what the bifrost is. Does it give a file name or location? ESET just found something that Spybot had removed.

Ron

Edited by RKinner, 14 June 2010 - 08:19 AM.

  • 0

#21
bg111

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Hi Ron

It still crashed, but worked in firefox today fo some reason. Have to go to work now.

QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Mon Jun 14 08:16:29 2010
Machine ID: B0033DB4

C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C62C990-E6B9-432C-AFA4-DB8D3872F825}\mpengine.dll - could not be scanned


No infection found.
-------------------



Processes
---------
<unsigned> AOLSP Scheduler.exe 3004 C:\program files\common files\aol\1161414575\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
<unsigned> Bluetooth Stack for Windows by TOSHIBA 2952 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
<unsigned> Bluetooth Stack for Windows by Toshiba 2968 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
<unsigned> Bluetooth Stack for Windows by TOSHIBA 2876 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
<unsigned> BVRP Software TestLine 2836 C:\Program Files\Digital Line Detect\DLG.exe
<unsigned> C-Major Audio 3660 C:\WINDOWS\stsystra.exe
<unsigned> Digidesign MME Binder 628 C:\Program Files\Digidesign\Drivers\MMERefresh.exe
<unsigned> Drive Letter Access Component 3692 C:\WINDOWS\System32\DLA\DLACTRLW.EXE
<unsigned> DSL Status 3736 C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
<unsigned> dslagent.exe 3748 C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
<unsigned> FRAPS 4024 C:\FRAPS\FRAPS.EXE
<unsigned> Friendly Products 3756 C:\Program Files\VoyagerTest\fts.exe
<unsigned> Intel® Quick Resume Technology 2348 C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
<unsigned> RAID Event Monitor 3668 C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
<unsigned> RAID Monitor 1472 C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

<verified> AOL Connectivity Service 360 C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
<verified> AOL Service Libraries 3772 C:\Program Files\Common Files\AOL\1161414575\ee\AOLSoftware.exe
<verified> AOL Service Libraries 3020 C:\program files\common files\aol\1161414575\ee\aolsoftware.exe
<verified> Capture Device Service 576 C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
<verified> EXPERTool : Display Control Panel 3888 C:\WINDOWS\TBPanel.exe
<verified> Firefox 1568 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> IviRegMgr Module 1544 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
<verified> Java™ Platform SE 6 U17 1712 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Microsoft Malware Protection 2156 C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
<verified> Microsoft Malware Protection 1556 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
<verified> Microsoft Security Essentials 3944 C:\Program Files\Microsoft Security Essentials\msseces.exe
<verified> Microsoft® Visual Studio .NET 1716 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> Microsoft® Windows® Operating System 2692 C:\WINDOWS\eHome\ehmsas.exe
<verified> Microsoft® Windows® Operating System 688 C:\WINDOWS\eHome\ehRecvr.exe
<verified> Microsoft® Windows® Operating System 828 C:\WINDOWS\eHome\ehSched.exe
<verified> Microsoft® Windows® Operating System 3648 C:\WINDOWS\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System 2224 C:\WINDOWS\ehome\mcrdsvc.exe
<verified> Microsoft® Windows® Operating System 896 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 2748 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 984 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 3988 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 416 C:\WINDOWS\system32\dllhost.exe
<verified> Microsoft® Windows® Operating System 3516 C:\WINDOWS\system32\drwtsn32.exe
<verified> Microsoft® Windows® Operating System 3568 C:\WINDOWS\system32\drwtsn32.exe
<verified> Microsoft® Windows® Operating System 1064 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 3904 C:\WINDOWS\system32\RUNDLL32.EXE
<verified> Microsoft® Windows® Operating System 3788 C:\WINDOWS\system32\rundll32.exe
<verified> Microsoft® Windows® Operating System 1052 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 724 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 212 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 544 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 316 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2052 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1900 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1788 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1640 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1592 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 2012 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1412 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1368 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1008 C:\WINDOWS\system32\winlogon.exe
<verified> NVIDIA Driver Helper Service, Version 1 1280 C:\WINDOWS\system32\nvsvc32.exe
<verified> PnkBstrA.exe 1840 C:\WINDOWS\system32\PnkBstrA.exe
<verified> RealPlayer (32-bit) 3920 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified> Ulead Systems ULCDRSvr 2132 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
<verified> Windows® Internet Explorer 396 C:\Program Files\internet explorer\iexplore.exe


Network activity
----------------
Process firefox.exe (1568) connected on port 80 (HTTP) --> 199.7.52.190
Process firefox.exe (1568) connected on port 80 (HTTP) --> 199.7.71.190
Process firefox.exe (1568) connected on port 80 (HTTP) --> 209.85.227.102
Process firefox.exe (1568) connected on port 80 (HTTP) --> 199.7.52.190
Process firefox.exe (1568) connected on port 80 (HTTP) --> 95.101.197.115
Process firefox.exe (1568) connected on port 80 (HTTP) --> 92.31.238.9
Process svchost.exe (1592) connected on port 443 (HTTP over SSL) --> 65.55.184.16
Process svchost.exe (1592) connected on port 80 (HTTP) --> 92.31.238.24

Process svchost.exe (1412) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
<unsigned> Adobe Acrobat C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
<unsigned> Adobe Systems, Inc. Adobe Gamma Loader C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
<unsigned> C-Major Audio C:\WINDOWS\stsystra.exe
<unsigned> Digidesign MME Binder C:\Program Files\Digidesign\Drivers\MMERefresh.exe
<unsigned> Drive Letter Access Component C:\WINDOWS\System32\DLA\DLACTRLW.EXE
<unsigned> DSL Status C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
<unsigned> dslagent.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
<unsigned> FRAPS C:\FRAPS\FRAPS.EXE
<unsigned> Friendly Products C:\Program Files\VoyagerTest\fts.exe
<unsigned> McAfee SpamKiller C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
<unsigned> Nokia Software Launcher C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
<unsigned> QuickTime C:\Program Files\QuickTime\QTTask.exe
<unsigned> RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

<verified> AOL Connectivity Service C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
<verified> AOL Service Libraries C:\program files\common files\aol\1161414575\ee\aolsoftware.exe
<verified> EXPERTool : Display Control Panel C:\WINDOWS\TBPanel.exe
<verified> Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
<verified> Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
<verified> InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<verified> Microsoft Malware Protection C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
<verified> Microsoft Security Essentials C:\Program Files\Microsoft Security Essentials\msseces.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\bthprops.cpl
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll
<verified> NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
<verified> RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified> RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe
<verified> Ulead VideoStudio C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
<verified> Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<unsigned> ATLCamImage Module C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx
<unsigned> CamCli Module C:\WINDOWS\Downloaded Program Files\CamCli.dll
<unsigned> Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> IE Toolbar c:\program files\aol toolbar\toolbar.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> Intel® JPEG Library C:\WINDOWS\Downloaded Program Files\ijl11.dll
<unsigned> Java™ Platform SE 6 U17 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<unsigned> MsnMessengerSetupDownloader C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned> RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
<unsigned> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> RealPlayer Version Plugin c:\program files\real\realplayer\Netscape6\nprpjplug.dll
<unsigned> RealPlayer™ HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
<unsigned> Snapfish Activia C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx

<verified> BitDefender QuickScan C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx
<verified> Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx
<verified> Google Update C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
<verified> Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
<verified> GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
<verified> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
<verified> Java Deployment Toolkit 6.0.170.4 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wshbth.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Picture Manager, Wells and Layout C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
<verified> RealPlayer Download and Record Plugin c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
<verified> RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified> RealPlayer™ G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll
<verified> sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
<verified> Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll


Missing files
-------------
File not found: C:\DOCUME~1\Ben\LOCALS~1\Temp\asbp2poa.sys
referenced in: HKLM\System\ControlSet001\services\asbp2poa\"ImagePath"

File not found: C:\Program Files\AVG\AVG9\avgemc.exe
referenced in: HKLM\System\ControlSet001\services\avg9emc\"ImagePath"

File not found: C:\Program Files\AVG\AVG9\avgwdsvc.exe
referenced in: HKLM\System\ControlSet001\services\avg9wd\"ImagePath"

File not found: C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
referenced in: HKLM\System\ControlSet001\services\aawservice\"ImagePath"

File not found: C:\WINDOWS\System32\Drivers\avgldx86.sys
referenced in: HKLM\System\ControlSet001\services\AvgLdx86\"ImagePath"

File not found: C:\WINDOWS\System32\Drivers\avgmfx86.sys
referenced in: HKLM\System\ControlSet001\services\AvgMfx86\"ImagePath"

File not found: C:\WINDOWS\System32\Drivers\avgtdix.sys
referenced in: HKLM\System\ControlSet001\services\AvgTdiX\"ImagePath"

File not found: C:\WINDOWS\system32\1054p.exe srv
referenced in: HKLM\System\ControlSet001\services\IAANTMonCryptSvc\"ImagePath"

File not found: C:\WINDOWS\system32\12520437m.exe srv
referenced in: HKLM\System\ControlSet001\services\HidServUleadBurningHelper\"ImagePath"

File not found: system32\drivers\inpbuw.sys
referenced in: HKLM\System\ControlSet001\services\mkivI\"ImagePath"


Scan
----
<unsigned> MD5: 09140164d5c69dbee25d8abef4d76b01 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
<unsigned> MD5: f4c253d1c2da99696e135a320c54dbad C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
<unsigned> MD5: c1be7bdf79452d5445a33f3002f89060 C:\Fraps\fraps.dll
<unsigned> MD5: 660a60936e67c926fa9860356cf48eb8 C:\FRAPS\FRAPS.EXE
<unsigned> MD5: deb88aef013dd1eefb462d7cad642166 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
<unsigned> MD5: 4e666f9204f3f9f8d2a2340a85753760 c:\program files\aol toolbar\toolbar.dll
<unsigned> MD5: a3ac6b836b8a8412e1a055219e068002 C:\Program Files\BT Voyager 105 ADSL Modem\CplEng.dll
<unsigned> MD5: ad4970cd90248dbcf5b424987ab7e8c2 C:\Program Files\BT Voyager 105 ADSL Modem\dbgmode.dll
<unsigned> MD5: cdddb1e73f2fc3332fa15c5b2c922f98 C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
<unsigned> MD5: 642d1794fd0a1a15660a129303bde42d C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
<unsigned> MD5: c2ff17734176cd15221c10044ef0ba1a C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
<unsigned> MD5: 2bcd9dbd5a86367417cb09ae74ad08a0 C:\Program Files\Common Files\AOL\1161414575\ee\AOLHostMgr.dll
<unsigned> MD5: 41a8998fcc2f57a4fedc42071cd2e47c C:\Program Files\Common Files\AOL\1161414575\ee\AolSvcMgr.dll
<unsigned> MD5: 3772d82b08ce7b3758fdc16fed86b086 C:\Program Files\Common Files\AOL\1161414575\ee\services\antispyware\ver1_6_0\antiSpyware.dll
<unsigned> MD5: ebfafcaf5ee58dc2151bc963818bf0bd C:\Program Files\Common Files\AOL\1161414575\ee\services\antiSpywareApp\ver2_0_12\antiSpywareApp.dll
<unsigned> MD5: 691481984ab14ce5c3286144a805d90b C:\program files\common files\aol\1161414575\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
<unsigned> MD5: 2856c172401b665fb7451b4b4cc5d657 C:\Program Files\Common Files\AOL\1161414575\ee\services\aolsystrayservice\ver3_0_16_1\AOLSysTrayService.dll
<unsigned> MD5: 40dccdae78237af1f20acbbaf474a2a3 C:\Program Files\Common Files\AOL\1161414575\ee\services\basics\ver8_0_4_1\basics.dll
<unsigned> MD5: 8aa0f6018b3b52dbe74ce77a9a7e85aa C:\Program Files\Common Files\AOL\1161414575\ee\services\localStorage\ver7_1_6_1\clsSvc.dll
<unsigned> MD5: 7204f76e069854a2785796a0911afb27 C:\Program Files\Common Files\AOL\1161414575\ee\services\metrics\ver3_6_16_1\cmls.dll
<unsigned> MD5: da8cff2e849bb7c09bf4a6e170615e35 C:\Program Files\Common Files\AOL\1161414575\ee\services\notification\ver6_2_6_1\Notify.dll
<unsigned> MD5: 1337ef044854f38b9dfd085e56ebc3a2 C:\Program Files\Common Files\AOL\1161414575\ee\services\os\ver5_2_1_1\AOLIdleMon.dll
<unsigned> MD5: 483302397a9a1334fb9d44dd16638898 C:\Program Files\Common Files\AOL\1161414575\ee\services\os\ver5_2_1_1\os.dll
<unsigned> MD5: 60be9740e22718146214d5ab22dbe4a4 C:\Program Files\Common Files\AOL\1161414575\ee\services\preferences\ver5_0_1_2\preferences.dll
<unsigned> MD5: 4a9476e8ef7051bcf06d33a746339e9c C:\Program Files\Common Files\AOL\1161414575\ee\services\suiteFramework\ver4_1_6_1\suiteFramework.dll
<unsigned> MD5: 1ef9dae449e7598120db49b1a9649946 C:\Program Files\Common Files\AOL\1161414575\ee\xprt4.dll
<unsigned> MD5: f6c4a32176e848aa714c5e03d574f83a C:\Program Files\Common Files\AOL\1161414575\ee\xprt5.dll
<unsigned> MD5: 15b9cc21717f3cd0f660af315521e3c0 C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
<unsigned> MD5: 6f95324909b502e2651442c1548ab12f C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
<unsigned> MD5: a7e8525fa8788ca52f728414a65ba349 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
<unsigned> MD5: d53825bb55b59b7ccd4ca9067e540cbc C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL
<unsigned> MD5: 003ce2f1cdf7871801d0dcc4fa2b9358 C:\Program Files\Digidesign\Drivers\MMERefresh.exe
<unsigned> MD5: 73f7d9f137af435d763e7906ae5366c7 C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
<unsigned> MD5: a476968c08667b1e09f2a95234e8ceef C:\Program Files\Digital Line Detect\BVRPDiag.dll
<unsigned> MD5: b66e56733e2cd6a10fda5919625fbf46 C:\Program Files\Digital Line Detect\DLG.exe
<unsigned> MD5: 30c11d027da6df390772146490273fd1 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> MD5: bc8f4f00f93c03ec06e33d00ce8ba1a4 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_ENU.dll
<unsigned> MD5: 6ca4cc14fda11978617057e73d588475 C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
<unsigned> MD5: d43e91e271c041bb86a6223462a41d28 C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
<unsigned> MD5: d1de16926c682dcd3d99ae5500ca5522 C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
<unsigned> MD5: 9da26b773bd04b867a8e9f427cd048fc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
<unsigned> MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: dee8f03d1eace0c8f914a2c76568ea32 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> MD5: 60eac5ebbf0849010cb6941d44e39ab6 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
<unsigned> MD5: 26b018758226a5dc06de45496c394d40 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: edf657cc6d35e4bff1e4f144eb5e027f C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned> MD5: 8908ac33d36f55a60a87a5290360fa27 C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: aa03850865846bac4ee7ab0271540efa C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
<unsigned> MD5: 65114d59850ca4d7785c22f922cc6942 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
<unsigned> MD5: ed7a6d40b20dc34be06f4ae196ae7d50 C:\Program Files\QuickTime\QTTask.exe
<unsigned> MD5: edf657cc6d35e4bff1e4f144eb5e027f c:\program files\real\realplayer\Netscape6\nprjplug.dll
<unsigned> MD5: 8908ac33d36f55a60a87a5290360fa27 c:\program files\real\realplayer\Netscape6\nprpjplug.dll
<unsigned> MD5: 947dd0517de2349a92f40029a1a53fe9 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
<unsigned> MD5: 8cdf4a19360b76115c586d6c6852973c C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
<unsigned> MD5: 7f33fd57775c2dbd0bccc82fe9f180d2 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll
<unsigned> MD5: 895a530f28a5cb6389eadd5327331ac3 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
<unsigned> MD5: bcdff548f7d31a2bcf1cf98da7eb5445 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<unsigned> MD5: ab1b1b71dc62d02123f9e2caa3be3305 C:\Program Files\VoyagerTest\fts.exe
<unsigned> MD5: 4ec07858f27286b9f6b9cdc687126fa1 C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx
<unsigned> MD5: c0df2ee4287fbaa72e4c897f774241b4 C:\WINDOWS\Downloaded Program Files\CamCli.dll
<unsigned> MD5: 3fea9d2edf23b0283c7a66c8dea380bd C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> MD5: cdbe35ea59bc9223e4f800bd1db82d27 C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> MD5: a0ce0247d48fecaac607edb1e2d87fd8 C:\WINDOWS\Downloaded Program Files\ijl11.dll
<unsigned> MD5: c403792a3ff639c215067d5aa680c482 C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
<unsigned> MD5: f5c79c45f1adf877dc3afdff3565ae7b C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx
<unsigned> MD5: 532c0663e856d5923f7d369d7dc84e6c C:\WINDOWS\GWLib.dll
<unsigned> MD5: 0f869e88fa4489fbe231a42646488ce8 C:\WINDOWS\stsystra.exe
<unsigned> MD5: 14f62235c287d65c5ec6dd10e3223bca C:\WINDOWS\system32\Digi32.dll
<unsigned> MD5: e2d0de31442390c35e3163c87cb6a9eb C:\WINDOWS\System32\DLA\DLABOIOM.SYS
<unsigned> MD5: 7e0da9899ae623bc67c76cbc0b7a5b0e C:\WINDOWS\system32\DLA\DLACResW.DLL
<unsigned> MD5: cefd0e35b35afd9d1c2fec9af81afdb8 C:\WINDOWS\System32\DLA\DLACTRLW.EXE
<unsigned> MD5: 83545593e297f50a8e2524b4c071a153 C:\WINDOWS\System32\DLA\DLADResN.SYS
<unsigned> MD5: 96e01d901cdc98c7817155cc057001bf C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
<unsigned> MD5: 0a60a39cc5e767980a31ca5d7238dfa9 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
<unsigned> MD5: 9fe2b72558fc808357f427fd83314375 C:\WINDOWS\System32\DLA\DLAPoolM.SYS
<unsigned> MD5: e7d105ed1e694449d444a9933df8e060 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
<unsigned> MD5: f08e1dafac457893399e03430a6a1397 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
<unsigned> MD5: 9b510ca988eace18b1c67263bdfa0cc9 C:\WINDOWS\system32\DLAAPI_W.DLL
<unsigned> MD5: 04e84c8049ee93614a2ff6d676d1e247 C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
<unsigned> MD5: 7304acc25455746912de37d7ded387ed C:\WINDOWS\System32\Drivers\btcusb.sys
<unsigned> MD5: a9164c2a39bd917b9f42ae087560ac3d C:\WINDOWS\System32\Drivers\BTHidMgr.sys
<unsigned> MD5: d1813668a0117ae05bc0b81c874f91d4 C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
<unsigned> MD5: 479288032d991756580c82f29b69e46f C:\WINDOWS\System32\Drivers\bumxmidi.sys
<unsigned> MD5: 2f32abe51836f197429a32c14ff6abd7 C:\WINDOWS\system32\drivers\dalwdm.sys
<unsigned> MD5: ba912376605b72b1039da461c1fa19c6 C:\WINDOWS\System32\drivers\DigiFilt.sys
<unsigned> MD5: 224e5710c0ba4e23222db1383062e0d2 C:\WINDOWS\system32\drivers\DIGINET.sys
<unsigned> MD5: d979bebcf7edcc9c9ee1857d1a68c67b C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
<unsigned> MD5: 7ee0852ae8907689df25049dcd2342e8 C:\WINDOWS\system32\drivers\DLARTL_N.sys
<unsigned> MD5: fd0f95981fef9073659d8ec58e40aa3c C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
<unsigned> MD5: b4869d320428cdc5ec4d7f5e808e99b5 C:\WINDOWS\system32\drivers\DRVNDDM.sys
<unsigned> MD5: ae65c02444907966378454138b9f99f0 C:\WINDOWS\System32\DRIVERS\ELhid.sys
<unsigned> MD5: e485c3ba1daddeef3e14fea1e8fda6e1 C:\WINDOWS\System32\DRIVERS\ELkbd.sys
<unsigned> MD5: 0d87cb825ed6cb2ebcc147a10a42f1d6 C:\WINDOWS\System32\DRIVERS\ELmon.sys
<unsigned> MD5: a4add3847b67bacab6fc851a2b60fdb3 C:\WINDOWS\System32\DRIVERS\ELmou.sys
<unsigned> MD5: c25c70fd4d49391091d9eb8c747f19e6 C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
<unsigned> MD5: b7a5fadf67136fda7e8f25303565b674 C:\WINDOWS\system32\drivers\ITHSGT.sys
<unsigned> MD5: 16767ea492b5d140e1de3679a65eae74 C:\WINDOWS\system32\drivers\LILSGT.sys
<unsigned> MD5: 201a22110f1c67c6c491a951fabe8941 C:\WINDOWS\SYSTEM32\DRIVERS\MBX2DFU.sys
<unsigned> MD5: 750d2c6acbc6312866b67d8407d070ca C:\WINDOWS\system32\drivers\mbx2midk.sys
<unsigned> MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys
<unsigned> MD5: 56250672235bbe54ba8a4963b1ac997c C:\WINDOWS\system32\drivers\SFDRV01.sys
<unsigned> MD5: 3ad2b15ccc03febfbaf5ff057822aa75 C:\WINDOWS\system32\drivers\SFHLP02.sys
<unsigned> MD5: 798d918d8f20380008277ce3ce5319d1 C:\WINDOWS\system32\drivers\SFSYNC02.sys
<unsigned> MD5: e8b705f9abe446aaf7a315ef8b4aea5a C:\WINDOWS\system32\drivers\SPTD.sys
<unsigned> MD5: 62c57e7411b5f20980e70530ca69d5a7 C:\WINDOWS\system32\drivers\Toshidpt.sys
<unsigned> MD5: e46fb54be8a2a395fe96633b838baafe C:\WINDOWS\system32\DRIVERS\tosporte.sys
<unsigned> MD5: 287089539da010aa95b3bf102f2997b8 C:\WINDOWS\System32\Drivers\tosrfbd.sys
<unsigned> MD5: fe200eece7521061cdad658c6ee4f341 C:\WINDOWS\System32\Drivers\tosrfbnp.sys
<unsigned> MD5: d185be751021bcf1e5d58566d408314a C:\WINDOWS\System32\Drivers\tosrfcom.sys
<unsigned> MD5: 4c1d075a29e9d2898d334ac00806d181 C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
<unsigned> MD5: c52fd27b9adf3a1f22cb90e6bcf9b0cb C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
<unsigned> MD5: b5518adb2b0029ff95d22e8e7336f49f C:\WINDOWS\system32\drivers\TosRfSnd.sys
<unsigned> MD5: ddb8a339e57d514768f45d33b11bdb50 C:\WINDOWS\System32\Drivers\tosrfusb.sys
<unsigned> MD5: 15fb67eb022a74b30e278d19b03da3b4 C:\WINDOWS\system32\drivers\TPKD.sys
<unsigned> MD5: 161969d2dd1d39cd2f1edbc60c61fa99 C:\WINDOWS\system32\DRIVERS\vbtenum.sys
<unsigned> MD5: 9ebee4a060c5364a31aeaa04eac2af1e C:\WINDOWS\system32\DRIVERS\VComm.sys
<unsigned> MD5: 630bbdbf5490f8f57abe650da63661a0 C:\WINDOWS\System32\Drivers\VcommMgr.sys
<unsigned> MD5: 747d47cac37cb83672e89c3562c432d3 C:\WINDOWS\system32\hpzlnt04.dll
<unsigned> MD5: 9bd0a7c0ca9cb3a08a808747acc361b5 C:\WINDOWS\system32\LCWizard.dll
<unsigned> MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll
<unsigned> MD5: a94dc60a90efd7a35c36d971e3ee7470 C:\WINDOWS\system32\msvcp71.dll
<unsigned> MD5: 9029401ae599ca21c6a8f364c2362265 C:\WINDOWS\system32\nvrseng.dll
<unsigned> MD5: d6385b6a3c92085bf603397a602fea4b C:\WINDOWS\system32\TBTMon.dll
<unsigned> MD5: a27378d30d5208f1f0b6706b9fed22c2 C:\WINDOWS\system32\tbtmon98Language.dll
<unsigned> MD5: 8be770b9a06af02fa6544b183febd53f C:\WINDOWS\system32\TosAcpiAPI.dll
<unsigned> MD5: 568b61c1f1c0e27de75c408731021ad4 C:\WINDOWS\system32\TosAvdtAPI.dll
<unsigned> MD5: 3d8f7cb3824f6f83e22e7873230c0112 C:\WINDOWS\system32\TosBdAPI.dll
<unsigned> MD5: 90390ba8dda2f137d7c0809b324aef5b C:\WINDOWS\system32\TosBtAPI.dll
<unsigned> MD5: 6860098ebdf05da68f71f5a9c0af0099 C:\WINDOWS\system32\TosBtECCAPI.dll
<unsigned> MD5: 353de1defd41b1e4a1b668320135200b C:\WINDOWS\system32\TosBtHcrpAPI.dll
<unsigned> MD5: 9d98ac6852b043761b45db11f303a459 C:\WINDOWS\system32\TosBtSDDB.dll
<unsigned> MD5: a76df641a730a0dc0bffaaa30f5bfa81 C:\WINDOWS\system32\TosCommAPI.dll
<unsigned> MD5: 2c455a14209370b065140eb2a319adb5 C:\WINDOWS\system32\TosGnsAPI.dll
<unsigned> MD5: 3c88b8c3b5850204414cb46532fd8b84 C:\WINDOWS\system32\TosHidAPI.dll
<unsigned> MD5: 9e165d07bf6c08cceee41cbc2d22427d C:\WINDOWS\system32\TosLaneAPI.dll
<unsigned> MD5: 8a0b72c2d5a36acd3da19d367a5d4165 C:\WINDOWS\system32\TosSndAPI.dll
<unsigned> MD5: fdb3b57d0657372259567a940e5c5f6a C:\WINDOWS\system32\TosSndPlug.dll
<unsigned> MD5: abc15d3bd68d48ca30124eab016b71e0 C:\WINDOWS\TBManage.dll
<unsigned> MD5: 3e9a33113d663d8bd5ed38858e669652 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll

The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

Upload started - 10 file(s)
npqtplugin5.dll (159744)
Upload speed - 29 KB/s
Upload finished - 10 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 8 sec
Total traffic - 0.23 MB sent, 3.89 KB recvd
Scanned 1337 files and modules - 166 seconds

==============================================================================
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,363 posts
  • MVP
******************************************

Killall:

File::
C:\DOCUME~1\Ben\LOCALS~1\Temp\asbp2poa.sys
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
C:\WINDOWS\system32\1054p.exe srv
C:\WINDOWS\system32\12520437m.exe srv

Folder::
C:\Program Files\AVG

RootKit::
C:\DOCUME~1\Ben\LOCALS~1\Temp\asbp2poa.sys
C:\WINDOWS\system32\1054p.exe srv
C:\WINDOWS\system32\12520437m.exe srv

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\services\asbp2poa]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\services\avg9emc]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\services\avg9wd]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\services\aawservice]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\services\AvgLdx86]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\services\AvgMfx86]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\services\AvgTdiX]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\services\IAANTMonCryptSvc]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\services\HidServUleadBurningHelper]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\services\mkivI]


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.


Uninstall IE8. It should revert back to IE7. Can you add BitDefender to its Trusted Sites? Reinstall IE8 from:

http://www.microsoft...er/default.aspx

Ron

Edited by RKinner, 14 June 2010 - 08:48 AM.

  • 0

#23
bg111

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
ComboFix 10-06-10.06 - Ben 14/06/2010 18:52:52.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2961 [GMT 1:00]
Running from: c:\documents and settings\Ben\Desktop\George.exe
Command switches used :: c:\documents and settings\Ben\Desktop\CFScript.txt
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\docume~1\Ben\LOCALS~1\Temp\asbp2poa.sys"
"c:\program files\AVG\AVG9\avgemc.exe"
"c:\program files\AVG\AVG9\avgwdsvc.exe"
"c:\program files\Lavasoft\Ad-Aware\aawservice.exe"
"c:\windows\system32\1054p.exe srv"
"c:\windows\system32\12520437m.exe srv"
"c:\windows\System32\Drivers\avgldx86.sys"
"c:\windows\System32\Drivers\avgmfx86.sys"
"c:\windows\System32\Drivers\avgtdix.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AVG
c:\program files\AVG\AVG9\cfgall\falsealarm.cfg

.
((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
.

2010-06-14 07:15 . 2010-06-14 07:19 -------- d-----w- c:\documents and settings\Ben\Application Data\QuickScan
2010-06-13 17:35 . 2010-06-13 17:35 -------- d-----w- c:\program files\ESET
2010-06-13 16:14 . 2010-06-14 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-11 18:20 . 2010-06-11 18:20 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\PCHealth
2010-06-11 18:20 . 2010-06-11 18:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-06-11 05:02 . 2010-06-11 05:02 -------- d-----w- C:\_OTL
2010-06-10 18:10 . 2010-05-21 13:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-10 18:04 . 2010-06-10 18:04 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-10 17:34 . 2010-06-10 17:34 -------- d-----w- c:\program files\ERUNT
2010-06-09 19:11 . 2010-06-09 19:12 -------- d-----w- C:\Rooter$
2010-06-09 07:08 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-30 10:59 . 2010-06-13 21:14 -------- d-----w- c:\documents and settings\Ben\Application Data\Bioshock
2010-05-28 18:54 . 2010-06-13 13:52 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Spotify
2010-05-28 18:54 . 2010-06-13 13:47 -------- d-----w- c:\documents and settings\Ben\Application Data\Spotify
2010-05-28 18:53 . 2010-05-28 18:53 -------- d-----w- c:\program files\Spotify
2010-05-15 19:15 . 2010-05-15 19:15 28672 ----a-w- c:\windows\system32\qttask.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 18:01 . 2008-02-29 23:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-13 16:15 . 2010-06-13 16:14 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-06-13 09:10 . 2007-08-26 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-13 07:44 . 2008-11-12 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-12 21:37 . 2008-12-27 10:27 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-11 17:46 . 2008-12-27 10:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-11 17:46 . 2009-01-10 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-05 08:44 . 2007-04-19 06:45 -------- d-----w- c:\documents and settings\Ben\Application Data\U3
2010-06-05 08:14 . 2010-02-21 15:50 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-03 20:36 . 2007-04-03 17:58 -------- d-----w- c:\documents and settings\Ben\Application Data\Digidesign
2010-06-03 20:27 . 2007-04-06 09:17 32 ----a-w- c:\windows\msocreg32.dat
2010-05-31 15:34 . 2010-06-14 07:15 702120 ----a-w- c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-05-31 15:34 . 2010-06-14 07:15 868456 ----a-w- c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-05-29 08:33 . 2009-02-10 18:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-28 18:54 . 2010-05-28 18:54 655360 ----a-w- c:\documents and settings\Ben\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-28 18:54 . 2010-05-28 18:54 282624 ----a-w- c:\documents and settings\Ben\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-28 18:54 . 2010-05-28 18:54 208896 ----a-w- c:\documents and settings\Ben\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-15 19:27 . 2010-04-13 07:09 -------- d-----w- c:\program files\QuickTime
2010-05-06 10:41 . 2005-08-16 03:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2005-08-16 03:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 12:46 . 2007-12-29 10:20 23 ----a-w- c:\windows\popcinfot.dat
2010-04-29 14:39 . 2009-02-10 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-02-10 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2005-08-16 03:18 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-02 12:37 . 2010-01-29 23:03 50354 ----a-w- c:\documents and settings\Ben\Application Data\Facebook\uninstall.exe
2010-03-20 07:57 . 2010-03-20 07:57 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-20 07:57 . 2010-03-20 07:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-20 07:57 . 2010-03-20 07:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-20 07:57 . 2010-03-20 07:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-20 07:57 . 2010-03-20 07:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-20 07:57 . 2010-03-20 07:57 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-20 07:57 . 2010-03-20 07:57 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-20 07:57 . 2010-03-20 07:57 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-20 07:57 . 2010-03-20 07:57 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-03-20 07:56 . 2006-07-11 18:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-19 22:33 . 2006-04-05 20:59 66472 ----a-w- c:\documents and settings\Ben\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-05-20 22:00 . 2006-05-20 22:00 251 ----a-w- c:\program files\wt3d.ini
2006-04-05 21:02 . 2006-04-05 20:59 56 --sh--r- c:\windows\system32\C60B96B314.sys
2009-07-27 06:52 . 2009-07-27 06:52 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fraps"="c:\fraps\FRAPS.EXE" [2009-01-03 1031848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2005-01-12 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2005-01-12 16384]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"HostManager"="c:\program files\Common Files\AOL\1161414575\ee\AOLSoftware.exe" [2006-11-17 50736]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-11-13 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 3096576]
"Gainward"="c:\windows\TBPanel.exe" [2007-11-15 2189864]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-20 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-17 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-3 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave4"=Digi32.dll
"MIDI3"=diomidi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLink Pro\\Engine.exe"=
"c:\\Program Files\\VideoLink Pro\\SMListenEngine.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161414575\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\benjg\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161414575\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\the longest journey\\game.exe"=
"c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\the secret of monkey island special edition\\MISE.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\runaway a road adventure\\Runaway.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\max payne 2 the fall of max payne\\maxpayne2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\benjg\\half-life\\hl.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [05/04/2007 19:22 16384]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/02/2007 20:45 646392]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [05/04/2007 19:21 11776]
S2 gupdate1c98e3ca9da9028;Google Update Service (gupdate1c98e3ca9da9028);c:\program files\Google\Update\GoogleUpdate.exe [14/02/2009 01:39 133104]
S3 BCUMXMIDI;BCUMXMIDI;c:\windows\system32\drivers\bumxmidi.sys [03/05/2009 09:19 22752]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [16/04/2006 01:44 223232]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [05/04/2007 19:21 109056]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29/08/2006 00:54 10664]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [05/04/2007 19:21 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [05/04/2007 19:21 15232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [21/08/2008 19:58 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [21/08/2008 19:58 8320]
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-12 16:43]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 00:39]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 00:39]

2010-06-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 17:02]

2010-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3843634061-819627678-391793244-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-06-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3843634061-819627678-391793244-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
uInternet Settings,ProxyOverride = 127.0.0.1
Trusted Zone: bitdefender.com
Trusted Zone: bitdefender.com\quickscan
Trusted Zone: internet
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Ben\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Ben\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-14 19:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll >>UNKNOWN [0x84D531E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e8dcb8
\Driver\atapi -> sfsync02.sys @ 0xb8338d60
\Driver\iaStor -> sfsync02.sys @ 0xb8338d60
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3843634061-819627678-391793244-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:be,21,6a,ae,fc,8e,9a,03,44,69,f5,8f,3f,5d,37,68,db,5c,84,39,a6,5d,37,
e2,91,fa,83,33,4b,ed,ba,1f,11,d5,70,06,66,b3,4a,30,04,5a,50,9b,29,df,2a,92,\
"??"=hex:25,65,bb,27,8b,92,55,34,10,3f,d9,49,2f,0e,31,37

[HKEY_USERS\S-1-5-21-3843634061-819627678-391793244-1005\Software\SecuROM\License information*]
"datasecu"=hex:80,56,6a,65,0d,6c,8d,a5,5e,e1,e8,76,c6,f1,b0,a3,f2,bb,05,58,6e,
23,ba,17,ba,1f,dd,91,77,a6,13,e5,a4,60,32,61,a8,20,1f,25,15,16,44,54,14,f3,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\common files\aol\1161414575\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
.
**************************************************************************
.
Completion time: 2010-06-14 19:07:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-14 18:07
ComboFix2.txt 2010-06-13 14:11
ComboFix3.txt 2010-06-13 08:34
ComboFix4.txt 2010-06-11 19:43
ComboFix5.txt 2010-06-14 17:43

Pre-Run: 82,996,830,208 bytes free
Post-Run: 82,982,436,864 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E3EAB45C377C85BFA9353454B384687E
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,363 posts
  • MVP
combofix worked OK. Can't be sure without running the bitdefender scan again but the log looks like it ran OK.

Were you able to uninstall IE8?

Then reinstall it?

Do you still get the error when you try to put bitdefender.com in the trusted sites?

Ron
  • 0

#25
bg111

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Hi.

I was able to reinstall IE8 and it works better now, but it still crashes with the 0x04ba0068 error when i come to installing the add on. I can run it in firfox though?

The AOL Spyware protection brought up the Bifrost message after running Combofix yesterday, it always brings it up once after running it, but it doesnt give any information and nothing else can detect it. Once i click delete it does not come back till after running Combofix again.

Edited by bg111, 15 June 2010 - 01:07 AM.

  • 0

Advertisements


#26
bg111

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Hi This was scanned with Firefox.


QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Wed Jun 16 19:22:46 2010
Machine ID: B0033DB4



No infection found.
-------------------



Processes
---------
<unsigned> FRAPS 2984 C:\FRAPS\FRAPS.EXE

<verified> AOL Connectivity Service 268 C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
<verified> AOL Service Libraries 2748 C:\Program Files\Common Files\AOL\1161414575\ee\AOLSoftware.exe
<verified> AOL Service Libraries 1872 C:\program files\common files\aol\1161414575\ee\aolsoftware.exe
<verified> AOLSP Scheduler.exe 968 C:\program files\common files\aol\1161414575\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
<verified> Bluetooth Stack for Windows by TOSHIBA 860 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
<verified> Bluetooth Stack for Windows by Toshiba 1284 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
<verified> Bluetooth Stack for Windows by TOSHIBA 1920 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
<verified> BVRP Software TestLine 3400 C:\Program Files\Digital Line Detect\DLG.exe
<verified> C-Major Audio 2652 C:\WINDOWS\stsystra.exe
<verified> Capture Device Service 476 C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
<verified> Digidesign MME Binder 572 C:\Program Files\Digidesign\Drivers\MMERefresh.exe
<verified> Drive Letter Access Component 2676 C:\WINDOWS\System32\DLA\DLACTRLW.EXE
<verified> DSL Status 2712 C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
<verified> dslagent.exe 2720 C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
<verified> EXPERTool : Display Control Panel 2792 C:\WINDOWS\TBPanel.exe
<verified> Firefox 1296 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Friendly Products 2728 C:\Program Files\VoyagerTest\fts.exe
<verified> Intel® Quick Resume Technology 2184 C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
<verified> IviRegMgr Module 848 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
<verified> Java™ Platform SE 6 U17 884 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Microsoft Malware Protection 1416 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
<verified> Microsoft Security Essentials 2896 C:\Program Files\Microsoft Security Essentials\msseces.exe
<verified> Microsoft® Visual Studio .NET 936 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> Microsoft® Windows® Operating System 3308 C:\WINDOWS\eHome\ehmsas.exe
<verified> Microsoft® Windows® Operating System 596 C:\WINDOWS\eHome\ehRecvr.exe
<verified> Microsoft® Windows® Operating System 648 C:\WINDOWS\eHome\ehSched.exe
<verified> Microsoft® Windows® Operating System 2644 C:\WINDOWS\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System 2116 C:\WINDOWS\ehome\mcrdsvc.exe
<verified> Microsoft® Windows® Operating System 348 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 2576 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 980 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 2924 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 3636 C:\WINDOWS\system32\dllhost.exe
<verified> Microsoft® Windows® Operating System 1060 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 2764 C:\WINDOWS\system32\rundll32.exe
<verified> Microsoft® Windows® Operating System 2848 C:\WINDOWS\system32\RUNDLL32.EXE
<verified> Microsoft® Windows® Operating System 1048 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 724 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1836 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1532 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1964 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1456 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1376 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1312 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 436 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1676 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1724 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1752 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1656 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1004 C:\WINDOWS\system32\winlogon.exe
<verified> NVIDIA Driver Helper Service, Version 1 1260 C:\WINDOWS\system32\nvsvc32.exe
<verified> PnkBstrA.exe 960 C:\WINDOWS\system32\PnkBstrA.exe
<verified> RAID Event Monitor 2660 C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
<verified> RAID Monitor 824 C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
<verified> RealPlayer (32-bit) 2868 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified> Ulead Systems ULCDRSvr 1868 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


Network activity
----------------
Process firefox.exe (1296) connected on port 80 (HTTP) --> 66.40.145.26
Process firefox.exe (1296) connected on port 80 (HTTP) --> 216.137.63.79
Process firefox.exe (1296) connected on port 80 (HTTP) --> 66.40.145.26
Process firefox.exe (1296) connected on port 80 (HTTP) --> 66.220.153.19
Process firefox.exe (1296) connected on port 80 (HTTP) --> 92.31.236.49
Process firefox.exe (1296) connected on port 80 (HTTP) --> 92.31.236.49
Process firefox.exe (1296) connected on port 80 (HTTP) --> 74.125.79.102
Process firefox.exe (1296) connected on port 80 (HTTP) --> 65.55.177.205
Process firefox.exe (1296) connected on port 80 (HTTP) --> 209.85.229.155
Process firefox.exe (1296) connected on port 80 (HTTP) --> 209.85.229.164
Process firefox.exe (1296) connected on port 80 (HTTP) --> 88.221.173.115
Process firefox.exe (1296) connected on port 80 (HTTP) --> 92.31.236.34
Process firefox.exe (1296) connected on port 80 (HTTP) --> 92.31.236.9
Process firefox.exe (1296) connected on port 80 (HTTP) --> 66.235.142.2
Process firefox.exe (1296) connected on port 80 (HTTP) --> 66.40.145.26
Process firefox.exe (1296) connected on port 80 (HTTP) --> 209.85.229.149
Process firefox.exe (1296) connected on port 80 (HTTP) --> 209.85.229.156
Process firefox.exe (1296) connected on port 80 (HTTP) --> 66.40.145.26
Process firefox.exe (1296) connected on port 80 (HTTP) --> 66.40.145.26

Process svchost.exe (1376) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
<unsigned> FRAPS C:\FRAPS\FRAPS.EXE
<unsigned> Nokia Software Launcher C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
<unsigned> QuickTime C:\Program Files\QuickTime\QTTask.exe

<verified> Adobe Acrobat C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
<verified> Adobe Systems, Inc. Adobe Gamma Loader C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
<verified> AOL Connectivity Service C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
<verified> AOL Service Libraries C:\program files\common files\aol\1161414575\ee\aolsoftware.exe
<verified> C-Major Audio C:\WINDOWS\stsystra.exe
<verified> Digidesign MME Binder C:\Program Files\Digidesign\Drivers\MMERefresh.exe
<verified> Drive Letter Access Component C:\WINDOWS\System32\DLA\DLACTRLW.EXE
<verified> DSL Status C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
<verified> dslagent.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
<verified> EXPERTool : Display Control Panel C:\WINDOWS\TBPanel.exe
<verified> Friendly Products C:\Program Files\VoyagerTest\fts.exe
<verified> Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
<verified> Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
<verified> InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
<verified> McAfee SpamKiller C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
<verified> Microsoft Malware Protection c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
<verified> Microsoft Security Essentials C:\Program Files\Microsoft Security Essentials\msseces.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\bthprops.cpl
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll
<verified> NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
<verified> RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
<verified> RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified> RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe
<verified> Ulead VideoStudio C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
<verified> Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> Java™ Platform SE 6 U17 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned> RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
<unsigned> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> RealPlayer Version Plugin c:\program files\real\realplayer\Netscape6\nprpjplug.dll
<unsigned> RealPlayer™ HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> ATLCamImage Module C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx
<verified> BitDefender QuickScan C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> CamCli Module C:\WINDOWS\Downloaded Program Files\CamCli.dll
<verified> Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx
<verified> Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx
<verified> Google Update C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
<verified> Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
<verified> GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
<verified> IE Toolbar c:\program files\aol toolbar\toolbar.dll
<verified> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<verified> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<verified> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
<verified> Intel® JPEG Library C:\WINDOWS\Downloaded Program Files\ijl11.dll
<verified> Java Deployment Toolkit 6.0.170.4 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<verified> Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wshbth.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> MsnMessengerSetupDownloader C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Picture Manager, Wells and Layout C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
<verified> RealPlayer Download and Record Plugin c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
<verified> RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified> RealPlayer™ G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll
<verified> sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
<verified> Snapfish Activia C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx
<verified> Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll


Scan
----
<unsigned> MD5: 09140164d5c69dbee25d8abef4d76b01 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
<unsigned> MD5: f4c253d1c2da99696e135a320c54dbad C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
<unsigned> MD5: 4304f67c4e9cdb8bec846b9c9887a33f C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
<unsigned> MD5: c1be7bdf79452d5445a33f3002f89060 C:\Fraps\fraps.dll
<unsigned> MD5: 660a60936e67c926fa9860356cf48eb8 C:\FRAPS\FRAPS.EXE
<unsigned> MD5: 8aa0f6018b3b52dbe74ce77a9a7e85aa C:\Program Files\Common Files\AOL\1161414575\ee\services\localStorage\ver7_1_6_1\clsSvc.dll
<unsigned> MD5: 73f7d9f137af435d763e7906ae5366c7 C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
<unsigned> MD5: 30c11d027da6df390772146490273fd1 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: dee8f03d1eace0c8f914a2c76568ea32 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> MD5: 26b018758226a5dc06de45496c394d40 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: b3d219844f5fcce314b4f1bca2758d6a C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: edf657cc6d35e4bff1e4f144eb5e027f C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned> MD5: 8908ac33d36f55a60a87a5290360fa27 C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: aa03850865846bac4ee7ab0271540efa C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
<unsigned> MD5: ed7a6d40b20dc34be06f4ae196ae7d50 C:\Program Files\QuickTime\QTTask.exe
<unsigned> MD5: edf657cc6d35e4bff1e4f144eb5e027f c:\program files\real\realplayer\Netscape6\nprjplug.dll
<unsigned> MD5: 8908ac33d36f55a60a87a5290360fa27 c:\program files\real\realplayer\Netscape6\nprpjplug.dll
<unsigned> MD5: 14f62235c287d65c5ec6dd10e3223bca C:\WINDOWS\system32\Digi32.dll
<unsigned> MD5: 479288032d991756580c82f29b69e46f C:\WINDOWS\System32\Drivers\bumxmidi.sys
<unsigned> MD5: 2f32abe51836f197429a32c14ff6abd7 C:\WINDOWS\system32\drivers\dalwdm.sys
<unsigned> MD5: ba912376605b72b1039da461c1fa19c6 C:\WINDOWS\System32\drivers\DigiFilt.sys
<unsigned> MD5: 224e5710c0ba4e23222db1383062e0d2 C:\WINDOWS\system32\drivers\DIGINET.sys
<unsigned> MD5: c25c70fd4d49391091d9eb8c747f19e6 C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
<unsigned> MD5: 201a22110f1c67c6c491a951fabe8941 C:\WINDOWS\SYSTEM32\DRIVERS\MBX2DFU.sys
<unsigned> MD5: 750d2c6acbc6312866b67d8407d070ca C:\WINDOWS\system32\drivers\mbx2midk.sys
<unsigned> MD5: 3ad2b15ccc03febfbaf5ff057822aa75 C:\WINDOWS\system32\drivers\SFHLP02.sys
<unsigned> MD5: e8b705f9abe446aaf7a315ef8b4aea5a C:\WINDOWS\system32\drivers\SPTD.sys
<unsigned> MD5: 9029401ae599ca21c6a8f364c2362265 C:\WINDOWS\system32\nvrseng.dll
<unsigned> MD5: 3e9a33113d663d8bd5ed38858e669652 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll

The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

Upload started - 10 file(s)
npqtplugin5.dll (159744)
Upload speed - 27 KB/s
Upload finished - 10 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 6 sec
Total traffic - 0.16 MB sent, 0.18 KB recvd
Scanned 865 files and modules - 47 seconds

==============================================================================

Edited by bg111, 16 June 2010 - 12:26 PM.

  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,363 posts
  • MVP
OK. False positive from AOL. BitDefender is happy so I think you are reasonably clean. I don't know why IE can't run it but can't say it's that important. I only use IE when I talk to Microsoft sites.

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.


You do not have the latest Java (Java™ 6 Update 20). Get the latest at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 17 which may be new enough that the upgrade will remove it but check anyway.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox



If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html


Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Ron
  • 0

#28
bg111

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Excellent, Thanks for all the help Ron. Ok, lets see how things go.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP