Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Gmer scan not completing

Started by brodigan , Oct 19 2010 10:37 AM

  • Please log in to reply

#76
RKinner
Posted 28 October 2010 - 12:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Just run it. No script.

Ron
  • 0

Advertisements

#77
brodigan
Posted 28 October 2010 - 04:06 PM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Hi Ron

Some strange things happened as I was running combofix this time.
During the scan two seperate windows appeared saying that;

1) dumphive,cfxxe had encountered a problem and had to close and
2)pev.cfxxe had encountered a problem and had to close.
Here is the log.





ComboFix 10-10-27.A3 - Maureen 28/10/2010 22:44:07.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.375.136 [GMT 1:00]
Running from: c:\documents and settings\Maureen\Desktop\george.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-28 18:07 . 2010-10-07 15:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{636BA6A5-3EAE-4D2A-9E65-1014390A2BA6}\mpengine.dll
2010-10-28 15:34 . 2008-04-14 00:12 52224 -c--a-w- c:\windows\system32\dllcache\mspmsnsv.dll
2010-10-28 15:34 . 2008-04-14 00:12 52224 ----a-w- c:\windows\system32\mspmsnsv.dll
2010-10-26 01:14 . 2010-10-26 01:15 -------- d-----w- c:\documents and settings\Administrator
2010-10-25 18:31 . 2010-10-25 18:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-10-24 20:43 . 2004-08-04 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2010-10-24 20:43 . 2004-08-04 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2010-10-24 20:43 . 2004-08-04 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2010-10-24 20:43 . 2004-08-04 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2010-10-24 20:43 . 2004-08-04 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2010-10-24 20:43 . 2004-08-04 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2010-10-24 20:43 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-10-24 20:43 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-10-24 20:43 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-10-24 20:43 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-10-24 20:43 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-10-24 20:43 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-10-24 20:42 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-10-24 20:42 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-10-24 20:42 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-10-24 20:42 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-10-24 20:42 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-10-24 20:42 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-10-24 20:42 . 2004-08-03 21:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-10-24 20:40 . 2001-08-17 12:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2010-10-24 20:39 . 2008-04-13 18:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-10-24 20:38 . 2001-08-17 12:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-10-24 20:37 . 2001-08-17 11:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-10-24 20:36 . 2001-08-17 13:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2010-10-24 20:35 . 2001-08-17 11:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-10-24 20:34 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-10-24 20:33 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-10-24 20:32 . 2001-07-21 13:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-10-24 20:31 . 2001-08-17 21:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2010-10-24 20:30 . 2001-08-17 11:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-10-24 20:29 . 2004-08-04 12:00 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2010-10-24 20:28 . 2004-08-04 12:00 131584 -c--a-w- c:\windows\system32\dllcache\pmxviceo.dll
2010-10-24 20:27 . 2001-08-17 11:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2010-10-24 20:26 . 2001-08-17 13:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2010-10-24 20:26 . 2001-08-17 12:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-10-24 20:26 . 2001-08-17 11:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2010-10-24 20:26 . 2001-08-17 11:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2010-10-24 20:26 . 2001-08-17 11:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2010-10-24 20:26 . 2001-08-17 11:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-10-24 20:26 . 2001-08-17 21:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-10-24 20:26 . 2001-08-17 11:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-10-24 20:26 . 2001-08-17 21:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-10-24 20:26 . 2001-08-17 12:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-10-24 20:26 . 2001-08-17 12:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2010-10-24 20:26 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2010-10-24 20:24 . 2001-08-17 11:11 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2010-10-24 20:24 . 2001-08-17 11:11 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2010-10-24 20:24 . 2001-08-17 12:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2010-10-24 20:24 . 2001-08-17 21:36 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2010-10-24 20:24 . 2001-08-17 12:49 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2010-10-24 20:24 . 2001-08-17 21:36 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-10-24 20:24 . 2001-08-17 12:50 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2010-10-24 20:24 . 2004-08-04 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-10-24 20:24 . 2001-08-17 11:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-10-24 20:24 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-10-24 20:24 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-10-24 20:23 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-10-24 20:23 . 2001-08-17 13:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-10-24 20:23 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-10-24 20:23 . 2004-08-04 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-10-24 20:23 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-10-24 20:23 . 2001-08-17 12:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-10-24 20:23 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-10-24 20:23 . 2001-08-17 12:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-10-24 20:22 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-10-24 20:21 . 2001-08-17 12:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-10-24 20:21 . 2004-08-04 12:00 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2010-10-24 20:21 . 2001-08-17 11:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-10-24 20:19 . 2001-08-17 11:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2010-10-24 20:18 . 2001-08-17 12:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-10-24 20:17 . 2001-08-17 13:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2010-10-24 20:16 . 2001-08-17 12:28 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2010-10-24 20:15 . 2001-08-17 21:36 123392 -c--a-w- c:\windows\system32\dllcache\hpgt21tk.dll
2010-10-24 20:14 . 2001-08-17 11:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-10-24 20:13 . 2001-08-17 11:19 37120 -c--a-w- c:\windows\system32\dllcache\es1370mp.sys
2010-10-24 20:12 . 2001-08-17 13:07 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
2010-10-24 20:11 . 2001-08-17 12:52 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
2010-10-24 20:10 . 2001-08-17 13:56 111232 -c--a-w- c:\windows\system32\dllcache\cl5465.dll
2010-10-24 20:09 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-10-24 20:08 . 2001-08-17 11:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2010-10-24 20:07 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-10-24 19:01 . 2010-10-24 19:02 -------- d-----w- c:\documents and settings\Maureen\Application Data\QuickScan
2010-10-24 18:49 . 2010-10-24 18:49 -------- d-sh--w- c:\documents and settings\Maureen\IECompatCache
2010-10-24 18:39 . 2010-10-24 18:39 -------- d-sh--w- c:\documents and settings\Maureen\UserData
2010-10-24 16:39 . 2010-10-24 16:39 -------- d-----w- C:\_OTL
2010-10-19 16:19 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-19 16:18 . 2010-10-19 16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 16:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 11:29 . 2010-10-14 11:29 1409 ----a-w- c:\windows\QTFont.for
2010-10-01 18:09 . 2010-10-01 18:09 -------- d-sh--w- c:\documents and settings\Declan\IETldCache
2010-09-29 14:45 . 2010-10-07 15:21 6146896 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-28 22:16 . 2010-09-28 22:16 -------- d-sh--w- c:\documents and settings\Maureen\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-09-27 18:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 11:23 . 2004-09-20 16:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-09-20 16:44 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-09-20 16:44 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-09-20 16:44 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-09-20 16:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-09-20 16:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-09-20 16:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-09-20 16:42 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-09-20 16:46 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-09-20 16:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-09-20 16:45 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-09-20 16:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 19:26 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-09-20 16:42 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-09-20 16:45 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-09-20 16:45 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-03-11 135168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"SoundMan"="SOUNDMAN.EXE" [2004-07-02 73728]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-24 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-25 229952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-07 155648]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 2550272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\David\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2005-3-1 81920]

c:\documents and settings\Maureen\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-5-13 155648]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.
Contents of the 'Scheduled Tasks' folder

2010-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3973658002-517912522-2237625449-1010Core.job
- c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 09:22]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3973658002-517912522-2237625449-1010UA.job
- c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 09:22]

2010-10-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 22:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2168)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-28 23:01:41
ComboFix-quarantined-files.txt 2010-10-28 22:01
ComboFix2.txt 2010-10-28 11:51
ComboFix3.txt 2010-10-24 17:21

Pre-Run: 58,670,403,584 bytes free
Post-Run: 58,669,162,496 bytes free

- - End Of File - - 06F48E9A540281C24D1AF6926FDC249A
  • 0

#78
RKinner
Posted 28 October 2010 - 05:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Both files are combofix related. Don't know why they suddenly had problems. We didn't get a list of drivers this time so that may be why. Can you try it again and see if you get the same errors?

Ron
  • 0

#79
brodigan
Posted 28 October 2010 - 05:24 PM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
No warnings this time.


ComboFix 10-10-27.A3 - Maureen 29/10/2010 0:09.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.375.121 [GMT 1:00]
Running from: c:\documents and settings\Maureen\Desktop\george.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-28 22:38 . 2010-10-28 22:38 423656 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-28 22:38 . 2010-10-28 22:38 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-28 18:07 . 2010-10-07 15:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{636BA6A5-3EAE-4D2A-9E65-1014390A2BA6}\mpengine.dll
2010-10-28 15:34 . 2008-04-14 00:12 52224 -c--a-w- c:\windows\system32\dllcache\mspmsnsv.dll
2010-10-28 15:34 . 2008-04-14 00:12 52224 ----a-w- c:\windows\system32\mspmsnsv.dll
2010-10-26 01:14 . 2010-10-26 01:15 -------- d-----w- c:\documents and settings\Administrator
2010-10-25 18:31 . 2010-10-25 18:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-10-24 20:43 . 2004-08-04 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2010-10-24 20:43 . 2004-08-04 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2010-10-24 20:43 . 2004-08-04 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2010-10-24 20:43 . 2004-08-04 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2010-10-24 20:43 . 2004-08-04 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2010-10-24 20:43 . 2004-08-04 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2010-10-24 20:43 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-10-24 20:43 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-10-24 20:43 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-10-24 20:43 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-10-24 20:43 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-10-24 20:43 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-10-24 20:42 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-10-24 20:42 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-10-24 20:42 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-10-24 20:42 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-10-24 20:42 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-10-24 20:42 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-10-24 20:42 . 2004-08-03 21:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-10-24 20:40 . 2001-08-17 12:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2010-10-24 20:39 . 2008-04-13 18:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-10-24 20:38 . 2001-08-17 12:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-10-24 20:37 . 2001-08-17 11:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-10-24 20:36 . 2001-08-17 13:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2010-10-24 20:35 . 2001-08-17 11:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-10-24 20:34 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-10-24 20:33 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-10-24 20:32 . 2001-07-21 13:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-10-24 20:31 . 2001-08-17 21:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2010-10-24 20:30 . 2001-08-17 11:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-10-24 20:29 . 2004-08-04 12:00 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2010-10-24 20:28 . 2004-08-04 12:00 131584 -c--a-w- c:\windows\system32\dllcache\pmxviceo.dll
2010-10-24 20:27 . 2001-08-17 11:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2010-10-24 20:26 . 2001-08-17 13:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2010-10-24 20:26 . 2001-08-17 12:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-10-24 20:26 . 2001-08-17 11:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2010-10-24 20:26 . 2001-08-17 11:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2010-10-24 20:26 . 2001-08-17 11:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2010-10-24 20:26 . 2001-08-17 11:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-10-24 20:26 . 2001-08-17 21:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-10-24 20:26 . 2001-08-17 11:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-10-24 20:26 . 2001-08-17 21:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-10-24 20:26 . 2001-08-17 12:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-10-24 20:26 . 2001-08-17 12:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2010-10-24 20:26 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2010-10-24 20:24 . 2001-08-17 11:11 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2010-10-24 20:24 . 2001-08-17 11:11 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2010-10-24 20:24 . 2001-08-17 12:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2010-10-24 20:24 . 2001-08-17 21:36 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2010-10-24 20:24 . 2001-08-17 12:49 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2010-10-24 20:24 . 2001-08-17 21:36 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-10-24 20:24 . 2001-08-17 12:50 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2010-10-24 20:24 . 2004-08-04 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-10-24 20:24 . 2001-08-17 11:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-10-24 20:24 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-10-24 20:24 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-10-24 20:23 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-10-24 20:23 . 2001-08-17 13:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-10-24 20:23 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-10-24 20:23 . 2004-08-04 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-10-24 20:23 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-10-24 20:23 . 2001-08-17 12:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-10-24 20:23 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-10-24 20:23 . 2001-08-17 12:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-10-24 20:22 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-10-24 20:21 . 2001-08-17 12:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-10-24 20:21 . 2004-08-04 12:00 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2010-10-24 20:21 . 2001-08-17 11:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-10-24 20:19 . 2001-08-17 11:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2010-10-24 20:18 . 2001-08-17 12:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-10-24 20:17 . 2001-08-17 13:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2010-10-24 20:16 . 2001-08-17 12:28 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2010-10-24 20:15 . 2001-08-17 21:36 123392 -c--a-w- c:\windows\system32\dllcache\hpgt21tk.dll
2010-10-24 20:14 . 2001-08-17 11:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-10-24 20:13 . 2001-08-17 11:19 37120 -c--a-w- c:\windows\system32\dllcache\es1370mp.sys
2010-10-24 20:12 . 2001-08-17 13:07 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
2010-10-24 20:11 . 2001-08-17 12:52 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
2010-10-24 20:10 . 2001-08-17 13:56 111232 -c--a-w- c:\windows\system32\dllcache\cl5465.dll
2010-10-24 20:09 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-10-24 20:08 . 2001-08-17 11:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2010-10-24 20:07 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-10-24 19:01 . 2010-10-24 19:02 -------- d-----w- c:\documents and settings\Maureen\Application Data\QuickScan
2010-10-24 18:49 . 2010-10-24 18:49 -------- d-sh--w- c:\documents and settings\Maureen\IECompatCache
2010-10-24 18:39 . 2010-10-24 18:39 -------- d-sh--w- c:\documents and settings\Maureen\UserData
2010-10-24 16:39 . 2010-10-24 16:39 -------- d-----w- C:\_OTL
2010-10-19 16:19 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-19 16:18 . 2010-10-19 16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 16:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 11:29 . 2010-10-14 11:29 1409 ----a-w- c:\windows\QTFont.for
2010-10-01 18:09 . 2010-10-01 18:09 -------- d-sh--w- c:\documents and settings\Declan\IETldCache
2010-09-29 14:45 . 2010-10-07 15:21 6146896 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 22:38 . 2008-06-09 11:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-19 20:51 . 2010-09-27 18:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 11:23 . 2004-09-20 16:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-09-20 16:44 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-09-20 16:44 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-09-20 16:44 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-09-20 16:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-09-20 16:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-09-20 16:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-09-20 16:42 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-09-20 16:46 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-09-20 16:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-09-20 16:45 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-09-20 16:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 19:26 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-09-20 16:42 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-09-20 16:45 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-09-20 16:45 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-03-11 135168]
"SoundMan"="SOUNDMAN.EXE" [2004-07-02 73728]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-24 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-25 229952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-07 155648]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 2550272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Maureen\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-5-13 155648]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=


--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder

2010-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3973658002-517912522-2237625449-1010Core.job
- c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 09:22]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3973658002-517912522-2237625449-1010UA.job
- c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 09:22]

2010-10-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-29 00:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2316)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-29 00:20:48
ComboFix-quarantined-files.txt 2010-10-28 23:20
ComboFix2.txt 2010-10-28 22:01
ComboFix3.txt 2010-10-28 11:51
ComboFix4.txt 2010-10-24 17:21

Pre-Run: 58,461,470,720 bytes free
Post-Run: 58,473,070,592 bytes free

- - End Of File - - D8DCBDF6A0A373DB4C57F3E3C2AFB582
  • 0

#80
RKinner
Posted 28 October 2010 - 05:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Go to http://virustotal.com and submit this file:

C:\WINDOWS\HKNTDLL.dll

It should tell you what about 41 anti-virus companies think about it. If it comes back 0/41 or so then it's OK. If not then please copy the report and paste it into a reply.

Ron
  • 0

#81
brodigan
Posted 28 October 2010 - 06:05 PM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Hi Ron,

It seems that this file you mentioned had been submitted before.
And the results were 0/42
What do you think now on how we should proceed. Do you think we have an infection or is it just that there may be a chink in the operating system?


File name:
HKNTDLL.dll
Submission date:
2010-10-17 18:38:28 (UTC)
Current status:
finished
Result:
0 /42 (0.0%)
  • 0

#82
RKinner
Posted 28 October 2010 - 06:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't think we have an infection now tho looking back to your first posts we certainly had one then. Just a glitch somewhere or some program that doesn't get along with GMER.


I see you still have Limewire. Best to remove it. P2P programs like limewire are dangerous. Not of themselves but the programs they pick up can be infected since there is no central control. Also they tend to be resource hogs.


Got to go out for a few hours.

Ron
  • 0

#83
brodigan
Posted 28 October 2010 - 06:26 PM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Hi Ron,

I have removed Limewire just a short time ago!
I will wait for you then in a few hours and hopefully get finished up so
I can can return it to it's owners!

Kind Regards,
  • 0

#84
RKinner
Posted 28 October 2010 - 09:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't think there's anything left for us to do with it unless you want to try running gmer one check at a time.

Ron
  • 0

#85
brodigan
Posted 29 October 2010 - 01:22 AM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Hi Ron,

Here are some scan from Gmer;

1 System; no system modifications found

2 Sections

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-29 08:17:16
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Maureen\LOCALS~1\Temp\kxgcqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF7A77300]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[844] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[844] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[844] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[844] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[844] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[844] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[844] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[844] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[844] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

#86
brodigan
Posted 29 October 2010 - 01:26 AM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
3 IAT/EAT

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-29 08:24:06
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Maureen\LOCALS~1\Temp\kxgcqpob.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1000] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#87
brodigan
Posted 29 October 2010 - 01:29 AM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
4. Devices

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-29 08:26:16
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Maureen\LOCALS~1\Temp\kxgcqpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



5 Modules No system modification found
6 Processes No system modification found
7 Threads No system modification found
8 Libraries No system modification found
9 Services No system modification found
10 Registry No system modification found

Edited by brodigan, 29 October 2010 - 01:35 AM.

  • 0

#88
brodigan
Posted 29 October 2010 - 02:44 AM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
And finally

11 Files No system modification found


Gmer seemed to work fine there for the individual scans.
I will try a full one now.
Could it be that I installed a faulty version of gmer as I installed a new one for this task and it seemed better?
  • 0

#89
brodigan
Posted 29 October 2010 - 11:52 AM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Hi Ron,

I have spent the last few hours carrying out the tasks in Post #18 with regards Clean up etc.
However now the computer seems to be running much slower than it was before these actions.
The micorsoft xp startup page is pretty slow as is the screen where I select the user.
I think the computer was faster when it came to me and I don't want to send it back (maybe clean)slow.

Please advise.
  • 0

#90
RKinner
Posted 29 October 2010 - 08:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. What do you see in the top 5 and what percentage does each use? It's normal for System Idle to use 95 or more. Process explorer used to use about 10 but I think the latest version is much improved.
I'm not going to be able to help much - starting early tomorrow on a cross-country trip and I don't have a laptop to take with me so will be pretty much off line for a week or more.

Another thing you can do is

Start, Run, msconfig, OK then under Startup turn off everything except the antivirus then under Services, Hide Microsoft Services and then uncheck everything except the antivirus. Then OK and reboot. If it runs faster go back into MSCONFIG and turn some on then OK and reboot. Eventually you will find which item is slowing you down. WinPatrol also has an option to stop stuff from loading and also to make stuff do a delayed boot so that might also help your speed.

If you installed the No Script option you probably should uninstall it. Most people can't seem to get it to work for them.

Also check your event logs to see if a service is not starting and is timing out. That will cause a delay during boot.

IF Firefox or IE is slow then first go into Tools, (Manage) Add-ons and disable all add-ons and see if it is faster. Uninstall any add-ons which are causing a slowness. I've seen Java have several add-ons at one time and that slowed the browser down a lot. I uninstalled Java and the add-ons and reinstalled Java and it was much better.

Of course if adding WinPatrol or AutorunEater are slowing you down then just remove them.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP