PC turn off and on automatically!!!
Solved/Closed
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
-
Mar 20, 2010 at 05:26 AM
Devansh - Aug 12, 2017 at 04:47 AM
Devansh - Aug 12, 2017 at 04:47 AM
Related:
- PC turn off and on automatically!!!
- Gta 5 download apk pc - Download - Action and adventure
- College brawl pc - Download - Adult games
- How to type @ on pc - Guide
- Minecraft bedrock free download pc - Download - Sandbox
- Minecraft java edition free download for pc - Download - Sandbox
12 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 20, 2010 at 06:33 AM
Mar 20, 2010 at 06:33 AM
Hello Sherlock,
How old is your CPU?
What brand is it?
Is your fan working allright?
I once had a similar problem (booting and turning off all by itself) and alrhough I has a good power bar, was caused by a power surge.
The problem came from the power supply, thus a motherboard issue.
I would appreciate your feedback.
Best regards
How old is your CPU?
What brand is it?
Is your fan working allright?
I once had a similar problem (booting and turning off all by itself) and alrhough I has a good power bar, was caused by a power surge.
The problem came from the power supply, thus a motherboard issue.
I would appreciate your feedback.
Best regards
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 21, 2010 at 05:23 AM
Mar 21, 2010 at 05:23 AM
Hello Sherlock,
I suggest we check for a possible virus infection which seems the case because you can boot in safe mode, I hope with Networking
Could you please download Hyjacthis (Beta version). Request a scan and save a log.
Copy the log and paste it here. The log will list all processes and registry entries susceptible of hiding a virus, in your case probably more a worm than a Trojan Horse.
Here is where you can download Hyjackthis:
http://free.antivirus.com/hijackthis/
I suggest we check for a possible virus infection which seems the case because you can boot in safe mode, I hope with Networking
Could you please download Hyjacthis (Beta version). Request a scan and save a log.
Copy the log and paste it here. The log will list all processes and registry entries susceptible of hiding a virus, in your case probably more a worm than a Trojan Horse.
Here is where you can download Hyjackthis:
http://free.antivirus.com/hijackthis/
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 21, 2010 at 06:05 AM
Mar 21, 2010 at 06:05 AM
Hi...
Yes t can start as safe mode with networking but (im using broadband) when i try to connect its says connection terminated.....
i try to download the beta version of hijackthis on my laptop and copy it to a pendrive then try to install it to my desktop but its say" the system administrator has set policies to prevent this installation....
Yes t can start as safe mode with networking but (im using broadband) when i try to connect its says connection terminated.....
i try to download the beta version of hijackthis on my laptop and copy it to a pendrive then try to install it to my desktop but its say" the system administrator has set policies to prevent this installation....
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 21, 2010 at 06:18 AM
Mar 21, 2010 at 06:18 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:04 PM, on 3/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21183)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
G:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.goodmima.cn/nod32id/nod32-94.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R3 - URLSearchHook: IMBooster4web-en Toolbar - {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files\IMBooster4web-en\tbIMB1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IMBooster4web-en Toolbar - {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files\IMBooster4web-en\tbIMB1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {AF83E43C-DD2B-4787-826B-31B17DEE52ED} - mscoree.dll (file missing)
O3 - Toolbar: QT TabBar - {D2BF470E-ED1C-487F-A333-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: IMBooster4web-en Toolbar - {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files\IMBooster4web-en\tbIMB1.dll
O4 - HKLM\..\Run: [WINFLIP] C:\Program Files\WinFlip\WinFlip.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [DriveSpace] "C:\Program Files\Drive Space Indicator\DrvSpace.exe" /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\IMBooster.exe /warmup
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
O4 - HKLM\..\Run: [PerfectSpeed.exe] C:\Program Files\Raxco\PerfectSpeed20\PerfectSpeed.exe /tray /startrun
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe (User 'Default user')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rx2Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe
O23 - Service: Rx2Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
Scan saved at 7:16:04 PM, on 3/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21183)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
G:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.goodmima.cn/nod32id/nod32-94.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R3 - URLSearchHook: IMBooster4web-en Toolbar - {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files\IMBooster4web-en\tbIMB1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IMBooster4web-en Toolbar - {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files\IMBooster4web-en\tbIMB1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {AF83E43C-DD2B-4787-826B-31B17DEE52ED} - mscoree.dll (file missing)
O3 - Toolbar: QT TabBar - {D2BF470E-ED1C-487F-A333-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: IMBooster4web-en Toolbar - {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files\IMBooster4web-en\tbIMB1.dll
O4 - HKLM\..\Run: [WINFLIP] C:\Program Files\WinFlip\WinFlip.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [DriveSpace] "C:\Program Files\Drive Space Indicator\DrvSpace.exe" /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\IMBooster.exe /warmup
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
O4 - HKLM\..\Run: [PerfectSpeed.exe] C:\Program Files\Raxco\PerfectSpeed20\PerfectSpeed.exe /tray /startrun
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe (User 'Default user')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rx2Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe
O23 - Service: Rx2Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 21, 2010 at 06:20 AM
Mar 21, 2010 at 06:20 AM
should i fix all this???
im using the executable hijackthis... version 2.0.2 executable.. i downloaded tat because cannot installed the beta.
im using the executable hijackthis... version 2.0.2 executable.. i downloaded tat because cannot installed the beta.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 21, 2010 at 06:34 AM
Mar 21, 2010 at 06:34 AM
Hello Sherlock,
Now I am 99% sure it is a virus, the type which is self protective for it recognized Hyjackthis as a potential danger. It is running malicious processes.
This will require some powerful poison and I happened to have some in my secret cabinet.
Let us try the following steps:
1. Remove the Hyjackthis copy on your computer, it may have been corrupted.
2. Try renaming Hyjackthis to Explorer.exe and then install in your C:\ folder and attempt running it.
If the above is not successful:
3. Download Combofix:
http://www.combofix.org/download.php
4. Again, save it to your C:\
5. Disable your antivirus and all other applications
Run Combofix
If after running Combofix your system is not stabilized, I will eat my socks.
Let me know how it went.
Regards
Now I am 99% sure it is a virus, the type which is self protective for it recognized Hyjackthis as a potential danger. It is running malicious processes.
This will require some powerful poison and I happened to have some in my secret cabinet.
Let us try the following steps:
1. Remove the Hyjackthis copy on your computer, it may have been corrupted.
2. Try renaming Hyjackthis to Explorer.exe and then install in your C:\ folder and attempt running it.
If the above is not successful:
3. Download Combofix:
http://www.combofix.org/download.php
4. Again, save it to your C:\
5. Disable your antivirus and all other applications
Run Combofix
If after running Combofix your system is not stabilized, I will eat my socks.
Let me know how it went.
Regards
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 21, 2010 at 08:51 AM
Mar 21, 2010 at 08:51 AM
well, dude....
u gonna eat ur socks....kidding..
its failed...maybe because sumthing i did wrong....plz show me the steps... each steps carefully.....
i think its a bit different because i using it in safe mode instead of normal mode....
u gonna eat ur socks....kidding..
its failed...maybe because sumthing i did wrong....plz show me the steps... each steps carefully.....
i think its a bit different because i using it in safe mode instead of normal mode....
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 21, 2010 at 11:13 AM
Mar 21, 2010 at 11:13 AM
I detest the taste of socks.
Please Sherlock, lets skip the Hyjackthis thing.
Just download combofix (some people reported that it does not work in safe mode)
Just to fool the Trojan, if a Trojan, put Combofix in your c:\folder and run it.
Then reboot your machine after which you come back to me dancing the lambada and crying out Alleluia.
Please Sherlock, lets skip the Hyjackthis thing.
Just download combofix (some people reported that it does not work in safe mode)
Just to fool the Trojan, if a Trojan, put Combofix in your c:\folder and run it.
Then reboot your machine after which you come back to me dancing the lambada and crying out Alleluia.
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 21, 2010 at 11:20 AM
Mar 21, 2010 at 11:20 AM
...
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 21, 2010 at 11:28 AM
Mar 21, 2010 at 11:28 AM
And my problems seem to be same as "Can't get past the windows loading screen" by tehJamis...... any suggestion?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 21, 2010 at 12:10 PM
Mar 21, 2010 at 12:10 PM
I just noticed that I have your log,
I will return in a minute
I will return in a minute
Didn't find the answer you are looking for?
Ask a question
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 21, 2010 at 11:30 AM
Mar 21, 2010 at 11:30 AM
I fail to understand why you need my email.
You are a member and therefore, you can me private messages through this site, just click on my nick and click on private message, as I will do for you in a moment, you will see a red number on the envelope, top right hand corner, just click on it.
You are a member and therefore, you can me private messages through this site, just click on my nick and click on private message, as I will do for you in a moment, you will see a red number on the envelope, top right hand corner, just click on it.
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 21, 2010 at 11:39 AM
Mar 21, 2010 at 11:39 AM
sorry for the inconvinient....
My problems seem to be same as "Can't get past the windows loading screen" by tehJamis...... any suggestion? Maybe if u solve my prob simultaneously solve his prob...
My problems seem to be same as "Can't get past the windows loading screen" by tehJamis...... any suggestion? Maybe if u solve my prob simultaneously solve his prob...
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 21, 2010 at 11:53 AM
Mar 21, 2010 at 11:53 AM
Sorry but who is tehJamis?
Have you tried to run Combofix in safe mode? I don't remember if you told me.
While you are in safe mode, can you open your task manager?
Have you tried to run Combofix in safe mode? I don't remember if you told me.
While you are in safe mode, can you open your task manager?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 21, 2010 at 12:23 PM
Mar 21, 2010 at 12:23 PM
By George, I think I'v got it!
Your QT for Explorer is sick!
Your QT for Explorer is sick!
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 21, 2010 at 12:49 PM
Mar 21, 2010 at 12:49 PM
You are missing a most important .dll, to be more specific mscoree.dll
In the private messages, give me your e-mail and I will send you two, hoping that one of them will fit.
In 20 minutes or so, I must leave for a couple of hours.
In the private messages, give me your e-mail and I will send you two, hoping that one of them will fit.
In 20 minutes or so, I must leave for a couple of hours.
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 22, 2010 at 12:13 AM
Mar 22, 2010 at 12:13 AM
when im using combofix, im running it in safe mode(i only can run my windows in safe mode)
i run it and its say i need to download Windows Recovery Console...its say i must need active internet connection but my pc cant get access to the internet...im using broadband right now...when i click on connect button, its say "connection terminated"....so i download it from my laptop and tranfer it to my desktop...im not sure whether it is the right console? im using Windows XP Professional Edition service pack 3...and i downloaded service pack 2.... can it be used??
i think i did many wrong things....so please tell me the right steps and maybe i fixed or deleted the wrong file...... plz send me the right file...i had sended my email to you...
i run it and its say i need to download Windows Recovery Console...its say i must need active internet connection but my pc cant get access to the internet...im using broadband right now...when i click on connect button, its say "connection terminated"....so i download it from my laptop and tranfer it to my desktop...im not sure whether it is the right console? im using Windows XP Professional Edition service pack 3...and i downloaded service pack 2.... can it be used??
i think i did many wrong things....so please tell me the right steps and maybe i fixed or deleted the wrong file...... plz send me the right file...i had sended my email to you...
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 22, 2010 at 03:14 AM
Mar 22, 2010 at 03:14 AM
i just remember.... i deleted some .dll file, if im not mistaken it is midimap.dll..because the log said its infected so i deleted it...is it ok??
i run combofix in safe mode because my windows cant access to start windiws normally...
i run combofix in safe mode because my windows cant access to start windiws normally...
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 22, 2010 at 03:15 AM
Mar 22, 2010 at 03:15 AM
this is the log for the Combofix...
ComboFix 10-03-20.04 - SK7 03/21/2010 22:07:41.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.791 [GMT 8:00]
Running from: G:\ComboFix.exe
Command switches used :: G:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\midimap.dll . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.
2010-03-21 12:59 . 2010-03-21 12:55 4608744 ----a-w- C:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2010-03-21 12:04 . 2010-03-21 11:43 3896261 ----a-r- C:\ComboFix.exe
2010-03-21 12:00 . 2010-03-21 12:00 -------- d-----w- c:\windows\LastGood.Tmp
2010-03-21 10:57 . 2010-03-21 10:57 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-03-20 08:35 . 2010-03-20 08:35 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-20 08:34 . 2010-03-21 13:48 -------- d-----w- c:\program files\Yontoo Layers Client
2010-03-20 01:27 . 2010-03-21 12:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-19 07:56 . 2010-03-20 08:34 -------- d-----w- c:\program files\Pivot Stickfigure Animator
2010-03-16 08:58 . 2010-02-24 23:01 108544 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
2010-03-16 08:58 . 2010-02-24 22:59 179200 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
2010-03-16 08:58 . 2010-03-16 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2010-03-16 08:58 . 2010-02-12 00:27 226304 --s---r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
2010-03-14 05:25 . 2010-03-20 08:31 -------- d-----w- c:\program files\Guitar Pro 5
2010-03-13 09:10 . 2010-03-13 09:10 -------- d-----w- C:\Mp3 Output
2010-03-13 09:10 . 2009-06-08 07:33 8676883 ----a-w- c:\windows\system32\mp3Media2.dll
2010-03-13 09:10 . 2010-03-13 09:10 -------- d-----w- c:\program files\Smallvideosoft
2010-03-13 05:36 . 2010-03-13 05:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-03-12 13:47 . 2010-03-18 15:53 -------- d-----w- c:\documents and settings\SK7\Local Settings\Application Data\Temp
2010-03-12 13:47 . 2010-03-12 13:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-03-12 13:46 . 2010-03-12 14:27 -------- d-----w- c:\documents and settings\SK7\Local Settings\Application Data\Google
2010-03-12 13:46 . 2010-03-12 13:58 -------- d-----w- c:\program files\Google
2010-03-12 13:01 . 2010-02-15 15:53 199680 ----a-w- c:\windows\crd.exe
2010-03-10 14:25 . 2010-03-10 14:25 -------- d-----w- c:\documents and settings\SK7\Local Settings\Application Data\Identities
2010-03-10 10:22 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 09:57 . 2010-03-10 14:33 -------- d-----w- c:\program files\QK SMTP Server 3
2010-03-10 09:24 . 2010-03-10 09:24 18944 ----a-w- c:\documents and settings\SK7\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2010-03-10 09:23 . 2010-03-10 09:31 -------- d-----w- c:\documents and settings\SK7\Application Data\LimeWire
2010-03-07 05:28 . 2010-03-07 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-03-07 05:27 . 2010-03-20 08:33 -------- d-----w- c:\program files\Raxco
2010-03-07 00:58 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2010-03-07 00:58 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2010-03-07 00:58 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2010-03-07 00:58 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2010-03-07 00:58 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2010-03-06 12:52 . 2010-03-06 12:52 -------- d-----w- c:\program files\uTorrent
2010-03-06 12:51 . 2010-03-12 13:46 -------- d-----w- c:\documents and settings\SK7\Application Data\uTorrent
2010-03-06 11:58 . 2010-03-06 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-03-06 11:58 . 2010-03-06 12:21 -------- d-----w- c:\documents and settings\SK7\Application Data\Azureus
2010-03-05 10:25 . 2010-03-05 10:25 -------- d--h--w- c:\windows\PIF
2010-03-05 06:09 . 2010-03-05 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2010-03-03 07:59 . 2010-03-03 08:06 -------- d-----w- c:\program files\Counter-Strike Source
2010-02-26 04:22 . 2010-02-26 04:22 -------- d-----w- c:\documents and settings\SK7\Local Settings\Application Data\Western_Digital
2010-02-26 04:16 . 2010-02-26 04:16 -------- d-----w- c:\documents and settings\SK7\Application Data\Western Digital
2010-02-26 04:16 . 2010-02-26 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2010-02-26 04:16 . 2010-02-26 04:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2010-02-26 04:16 . 2009-02-13 03:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2010-02-26 04:16 . 2010-02-26 04:16 -------- d-----w- c:\program files\Western Digital
2010-02-26 04:14 . 2010-02-26 04:14 -------- d-----w- c:\documents and settings\SK7\Local Settings\Application Data\Western Digital
2010-02-24 15:14 . 2010-03-07 06:05 -------- d-----w- c:\program files\TRELLIAN
2010-02-24 13:19 . 2010-02-24 13:19 -------- d-----w- c:\program files\Common Files\SolarWinds
2010-02-24 13:19 . 2010-03-07 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SolarWinds
2010-02-24 13:19 . 2010-03-07 06:05 -------- d-----w- c:\program files\SolarWinds
2010-02-24 13:18 . 2010-02-24 13:18 -------- d-----w- c:\windows\Downloaded Installations
2010-02-23 12:38 . 2010-02-22 12:12 2348696 ----a-w- c:\documents and settings\All Users\Application Data\{0145F9DA-C702-4614-9CCB-04D1279C9CB2}\NotifierSetup.exe
2010-02-23 12:37 . 2010-02-23 12:38 -------- d--h--w- c:\documents and settings\All Users\Application Data\{0145F9DA-C702-4614-9CCB-04D1279C9CB2}
2010-02-23 12:37 . 2010-02-22 12:07 44280 ----a-w- c:\documents and settings\All Users\Application Data\{0145F9DA-C702-4614-9CCB-04D1279C9CB2}\offline\1B39965F\21A18D0C\Iminent.BHO.NavigationError.dll
2010-02-23 12:36 . 2010-02-22 12:09 528896 ----a-w- c:\documents and settings\All Users\Application Data\{0145F9DA-C702-4614-9CCB-04D1279C9CB2}\offline\A5E06B3C\21A18D0C\Iminent.Notifier.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 14:03 . 2009-12-13 14:03 -------- d-----w- c:\program files\Internet Download Manager
2010-03-20 08:34 . 2009-12-13 14:50 -------- d-----w- c:\program files\WinFlip
2010-03-19 23:49 . 2009-12-13 14:03 -------- d-----w- c:\documents and settings\SK7\Application Data\DMCache
2010-03-16 00:40 . 2010-01-12 13:48 6024 --sha-w- c:\windows\system32\sys_drv.dat
2010-03-16 00:40 . 2010-01-12 13:48 5020 --sha-w- c:\windows\system32\sys_drv_2.dat
2010-03-15 11:14 . 2009-12-22 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AutoHideIP
2010-03-15 08:07 . 2009-12-13 15:27 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-03-14 05:26 . 2009-12-13 15:23 493464 ----a-w- c:\documents and settings\SK7\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 14:43 . 2009-12-13 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-07 08:14 . 2009-12-13 14:03 -------- d-----w- c:\documents and settings\SK7\Application Data\IDM
2010-03-07 07:49 . 2009-12-13 12:16 -------- d-----w- c:\documents and settings\SK7\Application Data\Skype
2010-03-06 13:36 . 2009-12-17 10:54 -------- d-----w- c:\program files\Garena
2010-02-25 11:03 . 2010-01-21 12:52 -------- d-----w- c:\program files\AutoHideIP
2010-02-24 13:20 . 2009-12-13 15:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-23 12:38 . 2010-01-16 09:36 -------- d-----w- c:\program files\Iminent
2010-02-20 12:55 . 2010-02-18 12:38 -------- d-----w- c:\documents and settings\SK7\Application Data\Canon
2010-02-20 08:37 . 2010-02-19 05:52 -------- d-----w- c:\documents and settings\SK7\Application Data\TrustPort
2010-02-19 02:49 . 2010-02-19 02:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-18 15:01 . 2010-02-18 15:01 624098 ----a-w- c:\documents and settings\SK7\Application Data\IDM\DwnlData\SK7\TrustPort_USB_Antivirus_EN_417\TrustPort_USB_Antivirus_EN.exe
2010-02-18 12:33 . 2010-02-18 12:33 -------- d-----w- c:\program files\Common Files\NewSoft
2010-02-18 12:33 . 2010-02-18 12:32 -------- d-----w- c:\program files\Common Files\PDFView
2010-02-18 12:32 . 2010-02-18 12:32 -------- d-----w- c:\program files\NewSoft
2010-02-18 12:28 . 2010-02-18 12:28 -------- d-----w- c:\documents and settings\SK7\Application Data\ScanSoft
2010-02-18 12:28 . 2010-02-18 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-02-18 12:28 . 2010-02-18 12:28 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-02-18 12:28 . 2010-02-18 12:28 -------- d-----w- c:\program files\ScanSoft
2010-02-18 12:25 . 2009-12-13 15:45 -------- d-----w- c:\program files\Canon
2010-02-18 12:23 . 2010-02-18 12:23 -------- d--h--w- c:\program files\CanonBJ
2010-02-18 06:38 . 2010-02-18 06:38 -------- d-----w- c:\program files\dwm32
2010-02-18 06:16 . 2010-02-18 06:16 -------- d-----w- c:\program files\Common Files\CANON
2010-02-16 17:24 . 2010-02-16 17:24 -------- d-----w- c:\program files\UlisesSoft
2010-02-05 23:55 . 2009-12-16 11:29 -------- d-----w- c:\program files\Left 4 Dead 2
2010-02-05 10:04 . 2010-01-16 09:39 -------- d-----w- c:\program files\IMBooster4web-en
2010-02-04 13:47 . 2010-02-04 13:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\{DF3D7EF6-7048-48B8-BA35-8E517A744670}
2010-01-25 14:24 . 2009-12-29 03:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-25 08:39 . 2010-02-04 13:46 1634064 ----a-w- c:\documents and settings\All Users\Application Data\{DF3D7EF6-7048-48B8-BA35-8E517A744670}\offline\5F1CD57B\578CC1D3\IMinent Toolbar.exe
2010-01-23 15:00 . 2009-12-13 12:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-21 12:42 . 2009-12-13 09:27 -------- d-----w- c:\program files\Java
2010-01-21 12:42 . 2010-01-21 12:42 152576 ----a-w- c:\documents and settings\SK7\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-21 12:41 . 2010-01-21 12:41 79488 ----a-w- c:\documents and settings\SK7\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-21 06:18 . 2010-01-16 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Iminent
2010-01-21 06:14 . 2010-01-21 06:08 10096744 ----a-w- c:\documents and settings\All Users\Application Data\Iminent\IMBooster\Updates\update.3.0.1004.0.exe
2010-01-20 10:13 . 2010-02-04 13:46 101376 ----a-w- c:\documents and settings\All Users\Application Data\{DF3D7EF6-7048-48B8-BA35-8E517A744670}\offline\E3F41876\1E0C2003\RadioWMPCore.dll
2010-01-20 10:13 . 2010-02-04 13:46 52224 ----a-w- c:\documents and settings\All Users\Application Data\{DF3D7EF6-7048-48B8-BA35-8E517A744670}\offline\E3F41876\1E0C2003\FFExternalAlert.dll
2010-01-12 13:48 . 2010-01-12 13:48 180224 ----a-w- c:\windows\system32\WinVd32.sys
2010-01-12 13:48 . 2010-01-12 13:48 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2010-01-12 13:48 . 2010-01-12 13:48 10752 ----a-w- c:\windows\system32\WinFLdrv.sys
2010-01-07 07:15 . 2010-01-07 00:02 1699575 ----a-w- c:\documents and settings\SK7\Application Data\IDM\DwnlData\SK7\bsplayer251.1022_clip_152\bsplayer251.1022_clip.exe
2010-01-05 09:57 . 2009-07-16 13:05 841216 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2009-07-14 22:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2008-04-14 14:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2009-07-14 22:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-23 12:53 . 2009-12-23 12:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-28 22:29 . 2009-12-13 09:28 202168 ----a-w- c:\program files\mozilla firefox\plugins\SwDir.dll
.
------- Sigcheck -------
[-] 2009-07-16 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2009-07-16 . EA032FC150B9C6276C98EB3DED3B75C6 . 652800 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2009-07-16 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2009-07-16 . E382F43EEAB770932F2727B65BD888B4 . 1723904 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2009-07-16 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Lingoes"="c:\program files\Lingoes\Translator2\Lingoes.exe" [2009-10-08 2203648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"DriveSpace"="c:\program files\Drive Space Indicator\DrvSpace.exe" [2009-04-18 417761]
"VisualTooltip"="c:\program files\Utilities\VisualTooltip\VisualToolTip.exe" [2007-04-25 956928]
"WINFLIP"="c:\program files\WinFlip\WinFlip.exe" [2008-05-21 483328]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^SK7^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 9:47 PM 135664]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 11:28 AM 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [1/12/2010 9:48 PM 10752]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\SK7\LOCALS~1\Temp\DSN11CB.tmp --> c:\docume~1\SK7\LOCALS~1\Temp\DSN11CB.tmp [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/26/2010 12:16 PM 11520]
S4 Rx2Agent;Rx2Agent;c:\program files\Raxco\PerfectSpeed20\Rx2Agent.exe [12/2/2009 12:30 PM 779528]
S4 Rx2Engine;Rx2Engine;c:\program files\Raxco\PerfectSpeed20\Rx2Engine.exe [12/2/2009 12:30 PM 947464]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/13/2009 9:16 PM 685816]
.
Contents of the 'Scheduled Tasks' folder
2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 13:46]
2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 13:46]
2010-03-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 07:07]
.
.
------- Supplementary Scan -------
.
uStart Page =
uLocal Page =
uInternet Connection Wizard,ShellNext = hxxp://www.goodmima.cn/nod32id/nod32-94.html
uInternet Settings,ProxyServer = http==
FF - ProfilePath - c:\documents and settings\SK7\Application Data\Mozilla\Firefox\Profiles\9nfsrtnh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - IMBooster4web-en Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\SK7\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\SK7\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.appInstanceUid", "925e7d14-a5f1-4440-8820-0d79c8fabfde");
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.currentLcid", 1033);
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.appInstanceUid", "925e7d14-a5f1-4440-8820-0d79c8fabfde");
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.currentLcid", 1033);
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.appInstanceUid", "925e7d14-a5f1-4440-8820-0d79c8fabfde");
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.currentLcid", 1033);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{346DE098-61F9-4B42-89DA-6DFBA7091BB6} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 22:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\SK7\LOCALS~1\Temp\DSN11CB.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):51,04,b3,1a,8d,98,3e,9d,b6,6f,2b,7b,6d,15,ab,c8,0f,19,d0,40,98,
52,2d,b7,de,8e,3d,4b,b3,e2,db,98,0c,10,76,6b,bb,0d,55,01,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ff6ca8a7-1cb9-4a83-a028-9e4ec63da68c}]
@Denied: (Full) (Everyone)
"Model"=dword:0000002e
"Therad"=dword:0000000a
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(284)
c:\windows\system32\wdigest.dll
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(1852)
c:\windows\system32\WININET.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
Completion time: 2010-03-21 22:17:24
ComboFix-quarantined-files.txt 2010-03-21 14:17
ComboFix2.txt 2010-03-21 13:16
ComboFix3.txt 2010-03-21 12:43
Pre-Run: 2,791,469,056 bytes free
Post-Run: 2,760,982,528 bytes free
- - End Of File - - 89AD60017F19466C3028BE302B1662E3
ComboFix 10-03-20.04 - SK7 03/21/2010 22:07:41.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.791 [GMT 8:00]
Running from: G:\ComboFix.exe
Command switches used :: G:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\midimap.dll . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.
2010-03-21 12:59 . 2010-03-21 12:55 4608744 ----a-w- C:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2010-03-21 12:04 . 2010-03-21 11:43 3896261 ----a-r- C:\ComboFix.exe
2010-03-21 12:00 . 2010-03-21 12:00 -------- d-----w- c:\windows\LastGood.Tmp
2010-03-21 10:57 . 2010-03-21 10:57 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-03-20 08:35 . 2010-03-20 08:35 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-20 08:34 . 2010-03-21 13:48 -------- d-----w- c:\program files\Yontoo Layers Client
2010-03-20 01:27 . 2010-03-21 12:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-19 07:56 . 2010-03-20 08:34 -------- d-----w- c:\program files\Pivot Stickfigure Animator
2010-03-16 08:58 . 2010-02-24 23:01 108544 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
2010-03-16 08:58 . 2010-02-24 22:59 179200 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
2010-03-16 08:58 . 2010-03-16 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2010-03-16 08:58 . 2010-02-12 00:27 226304 --s---r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
2010-03-14 05:25 . 2010-03-20 08:31 -------- d-----w- c:\program files\Guitar Pro 5
2010-03-13 09:10 . 2010-03-13 09:10 -------- d-----w- C:\Mp3 Output
2010-03-13 09:10 . 2009-06-08 07:33 8676883 ----a-w- c:\windows\system32\mp3Media2.dll
2010-03-13 09:10 . 2010-03-13 09:10 -------- d-----w- c:\program files\Smallvideosoft
2010-03-13 05:36 . 2010-03-13 05:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-03-12 13:47 . 2010-03-18 15:53 -------- d-----w- c:\documents and settings\SK7\Local Settings\Application Data\Temp
2010-03-12 13:47 . 2010-03-12 13:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-03-12 13:46 . 2010-03-12 14:27 -------- d-----w- c:\documents and settings\SK7\Local Settings\Application Data\Google
2010-03-12 13:46 . 2010-03-12 13:58 -------- d-----w- c:\program files\Google
2010-03-12 13:01 . 2010-02-15 15:53 199680 ----a-w- c:\windows\crd.exe
2010-03-10 14:25 . 2010-03-10 14:25 -------- d-----w- c:\documents and settings\SK7\Local Settings\Application Data\Identities
2010-03-10 10:22 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 09:57 . 2010-03-10 14:33 -------- d-----w- c:\program files\QK SMTP Server 3
2010-03-10 09:24 . 2010-03-10 09:24 18944 ----a-w- c:\documents and settings\SK7\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2010-03-10 09:23 . 2010-03-10 09:31 -------- d-----w- c:\documents and settings\SK7\Application Data\LimeWire
2010-03-07 05:28 . 2010-03-07 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-03-07 05:27 . 2010-03-20 08:33 -------- d-----w- c:\program files\Raxco
2010-03-07 00:58 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2010-03-07 00:58 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2010-03-07 00:58 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2010-03-07 00:58 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2010-03-07 00:58 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2010-03-06 12:52 . 2010-03-06 12:52 -------- d-----w- c:\program files\uTorrent
2010-03-06 12:51 . 2010-03-12 13:46 -------- d-----w- c:\documents and settings\SK7\Application Data\uTorrent
2010-03-06 11:58 . 2010-03-06 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-03-06 11:58 . 2010-03-06 12:21 -------- d-----w- c:\documents and settings\SK7\Application Data\Azureus
2010-03-05 10:25 . 2010-03-05 10:25 -------- d--h--w- c:\windows\PIF
2010-03-05 06:09 . 2010-03-05 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2010-03-03 07:59 . 2010-03-03 08:06 -------- d-----w- c:\program files\Counter-Strike Source
2010-02-26 04:22 . 2010-02-26 04:22 -------- d-----w- c:\documents and settings\SK7\Local Settings\Application Data\Western_Digital
2010-02-26 04:16 . 2010-02-26 04:16 -------- d-----w- c:\documents and settings\SK7\Application Data\Western Digital
2010-02-26 04:16 . 2010-02-26 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2010-02-26 04:16 . 2010-02-26 04:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2010-02-26 04:16 . 2009-02-13 03:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2010-02-26 04:16 . 2010-02-26 04:16 -------- d-----w- c:\program files\Western Digital
2010-02-26 04:14 . 2010-02-26 04:14 -------- d-----w- c:\documents and settings\SK7\Local Settings\Application Data\Western Digital
2010-02-24 15:14 . 2010-03-07 06:05 -------- d-----w- c:\program files\TRELLIAN
2010-02-24 13:19 . 2010-02-24 13:19 -------- d-----w- c:\program files\Common Files\SolarWinds
2010-02-24 13:19 . 2010-03-07 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SolarWinds
2010-02-24 13:19 . 2010-03-07 06:05 -------- d-----w- c:\program files\SolarWinds
2010-02-24 13:18 . 2010-02-24 13:18 -------- d-----w- c:\windows\Downloaded Installations
2010-02-23 12:38 . 2010-02-22 12:12 2348696 ----a-w- c:\documents and settings\All Users\Application Data\{0145F9DA-C702-4614-9CCB-04D1279C9CB2}\NotifierSetup.exe
2010-02-23 12:37 . 2010-02-23 12:38 -------- d--h--w- c:\documents and settings\All Users\Application Data\{0145F9DA-C702-4614-9CCB-04D1279C9CB2}
2010-02-23 12:37 . 2010-02-22 12:07 44280 ----a-w- c:\documents and settings\All Users\Application Data\{0145F9DA-C702-4614-9CCB-04D1279C9CB2}\offline\1B39965F\21A18D0C\Iminent.BHO.NavigationError.dll
2010-02-23 12:36 . 2010-02-22 12:09 528896 ----a-w- c:\documents and settings\All Users\Application Data\{0145F9DA-C702-4614-9CCB-04D1279C9CB2}\offline\A5E06B3C\21A18D0C\Iminent.Notifier.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 14:03 . 2009-12-13 14:03 -------- d-----w- c:\program files\Internet Download Manager
2010-03-20 08:34 . 2009-12-13 14:50 -------- d-----w- c:\program files\WinFlip
2010-03-19 23:49 . 2009-12-13 14:03 -------- d-----w- c:\documents and settings\SK7\Application Data\DMCache
2010-03-16 00:40 . 2010-01-12 13:48 6024 --sha-w- c:\windows\system32\sys_drv.dat
2010-03-16 00:40 . 2010-01-12 13:48 5020 --sha-w- c:\windows\system32\sys_drv_2.dat
2010-03-15 11:14 . 2009-12-22 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AutoHideIP
2010-03-15 08:07 . 2009-12-13 15:27 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-03-14 05:26 . 2009-12-13 15:23 493464 ----a-w- c:\documents and settings\SK7\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 14:43 . 2009-12-13 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-07 08:14 . 2009-12-13 14:03 -------- d-----w- c:\documents and settings\SK7\Application Data\IDM
2010-03-07 07:49 . 2009-12-13 12:16 -------- d-----w- c:\documents and settings\SK7\Application Data\Skype
2010-03-06 13:36 . 2009-12-17 10:54 -------- d-----w- c:\program files\Garena
2010-02-25 11:03 . 2010-01-21 12:52 -------- d-----w- c:\program files\AutoHideIP
2010-02-24 13:20 . 2009-12-13 15:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-23 12:38 . 2010-01-16 09:36 -------- d-----w- c:\program files\Iminent
2010-02-20 12:55 . 2010-02-18 12:38 -------- d-----w- c:\documents and settings\SK7\Application Data\Canon
2010-02-20 08:37 . 2010-02-19 05:52 -------- d-----w- c:\documents and settings\SK7\Application Data\TrustPort
2010-02-19 02:49 . 2010-02-19 02:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-18 15:01 . 2010-02-18 15:01 624098 ----a-w- c:\documents and settings\SK7\Application Data\IDM\DwnlData\SK7\TrustPort_USB_Antivirus_EN_417\TrustPort_USB_Antivirus_EN.exe
2010-02-18 12:33 . 2010-02-18 12:33 -------- d-----w- c:\program files\Common Files\NewSoft
2010-02-18 12:33 . 2010-02-18 12:32 -------- d-----w- c:\program files\Common Files\PDFView
2010-02-18 12:32 . 2010-02-18 12:32 -------- d-----w- c:\program files\NewSoft
2010-02-18 12:28 . 2010-02-18 12:28 -------- d-----w- c:\documents and settings\SK7\Application Data\ScanSoft
2010-02-18 12:28 . 2010-02-18 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-02-18 12:28 . 2010-02-18 12:28 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-02-18 12:28 . 2010-02-18 12:28 -------- d-----w- c:\program files\ScanSoft
2010-02-18 12:25 . 2009-12-13 15:45 -------- d-----w- c:\program files\Canon
2010-02-18 12:23 . 2010-02-18 12:23 -------- d--h--w- c:\program files\CanonBJ
2010-02-18 06:38 . 2010-02-18 06:38 -------- d-----w- c:\program files\dwm32
2010-02-18 06:16 . 2010-02-18 06:16 -------- d-----w- c:\program files\Common Files\CANON
2010-02-16 17:24 . 2010-02-16 17:24 -------- d-----w- c:\program files\UlisesSoft
2010-02-05 23:55 . 2009-12-16 11:29 -------- d-----w- c:\program files\Left 4 Dead 2
2010-02-05 10:04 . 2010-01-16 09:39 -------- d-----w- c:\program files\IMBooster4web-en
2010-02-04 13:47 . 2010-02-04 13:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\{DF3D7EF6-7048-48B8-BA35-8E517A744670}
2010-01-25 14:24 . 2009-12-29 03:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-25 08:39 . 2010-02-04 13:46 1634064 ----a-w- c:\documents and settings\All Users\Application Data\{DF3D7EF6-7048-48B8-BA35-8E517A744670}\offline\5F1CD57B\578CC1D3\IMinent Toolbar.exe
2010-01-23 15:00 . 2009-12-13 12:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-21 12:42 . 2009-12-13 09:27 -------- d-----w- c:\program files\Java
2010-01-21 12:42 . 2010-01-21 12:42 152576 ----a-w- c:\documents and settings\SK7\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-21 12:41 . 2010-01-21 12:41 79488 ----a-w- c:\documents and settings\SK7\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-21 06:18 . 2010-01-16 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Iminent
2010-01-21 06:14 . 2010-01-21 06:08 10096744 ----a-w- c:\documents and settings\All Users\Application Data\Iminent\IMBooster\Updates\update.3.0.1004.0.exe
2010-01-20 10:13 . 2010-02-04 13:46 101376 ----a-w- c:\documents and settings\All Users\Application Data\{DF3D7EF6-7048-48B8-BA35-8E517A744670}\offline\E3F41876\1E0C2003\RadioWMPCore.dll
2010-01-20 10:13 . 2010-02-04 13:46 52224 ----a-w- c:\documents and settings\All Users\Application Data\{DF3D7EF6-7048-48B8-BA35-8E517A744670}\offline\E3F41876\1E0C2003\FFExternalAlert.dll
2010-01-12 13:48 . 2010-01-12 13:48 180224 ----a-w- c:\windows\system32\WinVd32.sys
2010-01-12 13:48 . 2010-01-12 13:48 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2010-01-12 13:48 . 2010-01-12 13:48 10752 ----a-w- c:\windows\system32\WinFLdrv.sys
2010-01-07 07:15 . 2010-01-07 00:02 1699575 ----a-w- c:\documents and settings\SK7\Application Data\IDM\DwnlData\SK7\bsplayer251.1022_clip_152\bsplayer251.1022_clip.exe
2010-01-05 09:57 . 2009-07-16 13:05 841216 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2009-07-14 22:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2008-04-14 14:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2009-07-14 22:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-23 12:53 . 2009-12-23 12:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-28 22:29 . 2009-12-13 09:28 202168 ----a-w- c:\program files\mozilla firefox\plugins\SwDir.dll
.
------- Sigcheck -------
[-] 2009-07-16 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2009-07-16 . EA032FC150B9C6276C98EB3DED3B75C6 . 652800 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2009-07-16 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2009-07-16 . E382F43EEAB770932F2727B65BD888B4 . 1723904 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2009-07-16 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Lingoes"="c:\program files\Lingoes\Translator2\Lingoes.exe" [2009-10-08 2203648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"DriveSpace"="c:\program files\Drive Space Indicator\DrvSpace.exe" [2009-04-18 417761]
"VisualTooltip"="c:\program files\Utilities\VisualTooltip\VisualToolTip.exe" [2007-04-25 956928]
"WINFLIP"="c:\program files\WinFlip\WinFlip.exe" [2008-05-21 483328]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^SK7^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 9:47 PM 135664]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 11:28 AM 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [1/12/2010 9:48 PM 10752]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\SK7\LOCALS~1\Temp\DSN11CB.tmp --> c:\docume~1\SK7\LOCALS~1\Temp\DSN11CB.tmp [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/26/2010 12:16 PM 11520]
S4 Rx2Agent;Rx2Agent;c:\program files\Raxco\PerfectSpeed20\Rx2Agent.exe [12/2/2009 12:30 PM 779528]
S4 Rx2Engine;Rx2Engine;c:\program files\Raxco\PerfectSpeed20\Rx2Engine.exe [12/2/2009 12:30 PM 947464]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/13/2009 9:16 PM 685816]
.
Contents of the 'Scheduled Tasks' folder
2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 13:46]
2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 13:46]
2010-03-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 07:07]
.
.
------- Supplementary Scan -------
.
uStart Page =
uLocal Page =
uInternet Connection Wizard,ShellNext = hxxp://www.goodmima.cn/nod32id/nod32-94.html
uInternet Settings,ProxyServer = http==
FF - ProfilePath - c:\documents and settings\SK7\Application Data\Mozilla\Firefox\Profiles\9nfsrtnh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - IMBooster4web-en Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\SK7\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\SK7\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.appInstanceUid", "925e7d14-a5f1-4440-8820-0d79c8fabfde");
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.currentLcid", 1033);
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.appInstanceUid", "925e7d14-a5f1-4440-8820-0d79c8fabfde");
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.currentLcid", 1033);
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.appInstanceUid", "925e7d14-a5f1-4440-8820-0d79c8fabfde");
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.currentLcid", 1033);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{346DE098-61F9-4B42-89DA-6DFBA7091BB6} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 22:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\SK7\LOCALS~1\Temp\DSN11CB.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):51,04,b3,1a,8d,98,3e,9d,b6,6f,2b,7b,6d,15,ab,c8,0f,19,d0,40,98,
52,2d,b7,de,8e,3d,4b,b3,e2,db,98,0c,10,76,6b,bb,0d,55,01,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ff6ca8a7-1cb9-4a83-a028-9e4ec63da68c}]
@Denied: (Full) (Everyone)
"Model"=dword:0000002e
"Therad"=dword:0000000a
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(284)
c:\windows\system32\wdigest.dll
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(1852)
c:\windows\system32\WININET.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
Completion time: 2010-03-21 22:17:24
ComboFix-quarantined-files.txt 2010-03-21 14:17
ComboFix2.txt 2010-03-21 13:16
ComboFix3.txt 2010-03-21 12:43
Pre-Run: 2,791,469,056 bytes free
Post-Run: 2,760,982,528 bytes free
- - End Of File - - 89AD60017F19466C3028BE302B1662E3
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 22, 2010 at 05:41 AM
Mar 22, 2010 at 05:41 AM
Hello Sherlock
How is your system after ComboFix?
Midimap.dll was said to be infected, that was in realtime but ComboFix, no doubt fixed it.
Midimap.dll is a necessary process library file. I suggest you restore it.
How is your system after ComboFix?
Midimap.dll was said to be infected, that was in realtime but ComboFix, no doubt fixed it.
Midimap.dll is a necessary process library file. I suggest you restore it.
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 22, 2010 at 09:00 AM
Mar 22, 2010 at 09:00 AM
it is still the same... and i havent receive the .dll files... and i had deleted Midimap.dll it in the recycle bin also...can i just download it from the internet?
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 22, 2010 at 09:38 AM
Mar 22, 2010 at 09:38 AM
my system stay the same...
My Midimap.dll file i had deleted and deleted it again in the recycle bin.... can i just download it on the internet?
and i had given my email to you...i still havent receive my missing file... the mscoree.dll file....
My Midimap.dll file i had deleted and deleted it again in the recycle bin.... can i just download it on the internet?
and i had given my email to you...i still havent receive my missing file... the mscoree.dll file....
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 22, 2010 at 12:04 PM
Mar 22, 2010 at 12:04 PM
Shipping the files in 10 minutes
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 22, 2010 at 12:20 PM
Mar 22, 2010 at 12:20 PM
Files are gone to your email.
Seems there was a lag in our exchange, hence some confusion resulted
Sorry about that chief
Seems there was a lag in our exchange, hence some confusion resulted
Sorry about that chief
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 23, 2010 at 05:23 AM
Mar 23, 2010 at 05:23 AM
I paste and both of it in windows/system32 but i did not paste Mscoree.dll file because it alrdy have the file in the system32.... so i didnt paste it because mine is a newer version...
i rebooted and it is still the same.... wat is my next steps?
i rebooted and it is still the same.... wat is my next steps?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 23, 2010 at 06:10 AM
Mar 23, 2010 at 06:10 AM
Hello Sherlock
Well after the ComboFix episode and replacing the missing files, I think that your system should be free of any malware.
Just to make sure, I suggest the following steps:
Download, install update and run a FULL system scan with Malwarebyte:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Delete the items found if any, if none are found I would like to know.
After Malwarebyte, if your system is still ill, we may need to do some repair.
Request another Hyjackthis log and paste it here. It should provide us with guidance as to what needs to be repaired.
If after all the above we are back to square one, lets us hope that it is not a motherboard, power supply problem.
Regards
Well after the ComboFix episode and replacing the missing files, I think that your system should be free of any malware.
Just to make sure, I suggest the following steps:
Download, install update and run a FULL system scan with Malwarebyte:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Delete the items found if any, if none are found I would like to know.
After Malwarebyte, if your system is still ill, we may need to do some repair.
Request another Hyjackthis log and paste it here. It should provide us with guidance as to what needs to be repaired.
If after all the above we are back to square one, lets us hope that it is not a motherboard, power supply problem.
Regards
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 25, 2010 at 05:15 AM
Mar 25, 2010 at 05:15 AM
i did the full scan... and there is 19 files infected...but still unable to open it except in safe mode.....
my pc or the virus had cross the line.... i will reformat my pc....if my pc is still the same tats mean my pc gt is damage or something.... then i need to send it to the shop...
By the way, Thank YOU a lot for helping me... I thank you a lot....^_^
my pc or the virus had cross the line.... i will reformat my pc....if my pc is still the same tats mean my pc gt is damage or something.... then i need to send it to the shop...
By the way, Thank YOU a lot for helping me... I thank you a lot....^_^
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 25, 2010 at 05:59 AM
Mar 25, 2010 at 05:59 AM
Hello Sherlock,
Before you reformat or send the cpu to the shop, which I think would be ashame but also mean that I have failed, please did you use ComboFix?
If not, it is time to use it, PLEASE, I don't want to be forced to resign.
Thanks
Before you reformat or send the cpu to the shop, which I think would be ashame but also mean that I have failed, please did you use ComboFix?
If not, it is time to use it, PLEASE, I don't want to be forced to resign.
Thanks
sherlock007
Posts
20
Registration date
Saturday March 20, 2010
Status
Member
Last seen
September 9, 2010
Mar 26, 2010 at 07:01 AM
Mar 26, 2010 at 07:01 AM
Yes, but theres a problem. Try running it in safe mode i think for my pc is not working. I did use the malwarebytes anti-malware thats recommended by sir. The result was there were 19 files infected and i deleted them.... it said must reboot the pc and i click yes...then it reboot but when it try to open the windows in normal mode, it did the same thing... turn off and on then off and on.....
And for u sir, u had done a job well done helping me. Maybe the information that i given to u is lack of description and that cause u a bit harder to help with my problem.
And i will mark this/my forum as SOLVED....
Thank you...^_^
And for u sir, u had done a job well done helping me. Maybe the information that i given to u is lack of description and that cause u a bit harder to help with my problem.
And i will mark this/my forum as SOLVED....
Thank you...^_^
Mar 21, 2010 at 02:13 AM
Think its about 3 years...it cant be the power supply because i change it just about 2 weeks... could it be a virus?? because i download and installed the Pivot Stickfigure Animation...after i did that, i play counter-strike source then it jammed?? i think maybe its the Pivot Stickfigure Animation because all of tis happen after i installed it...
The fan is working fine...in fact, i just installed a new one
Or could it be the graphic card??
Mar 21, 2010 at 05:03 AM
Aug 12, 2017 at 04:47 AM