We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
w32/alureon.co virus, need help (updated with hijack and malwarebytes)
Options
Comments
-
Im sorry, but they all say NO ACTION TAKEN
Your going to have to rescan, then at the end make sure theyre all TICKED and REMOVE them
(run a QUICK scan first, TICK and REMOVE everything thats found, then run a FULL scan which will hopefully run a lot quicker due to most already being removed)
ok, just rescanning.All the big powers they've silenced me. So much for free speech and choice on this fundamental human right, and outing the liars.0 -
(Do all these AFTER the malwarebytes scans as you have nasty trojans and theres quite a bit or work to do yet)
TICK and FIX these in hijack ~
O1 - Hosts: 80.239.151.10 rapidshare.com
O1 - Hosts: 80.239.151.11 rapidshare.com
O1 - Hosts: 80.239.151.12 rapidshare.com
O1 - Hosts: 80.239.151.13 rapidshare.com
O1 - Hosts: 80.239.151.14 rapidshare.com
O1 - Hosts: 80.239.151.15 rapidshare.com
O1 - Hosts: 80.239.151.16 rapidshare.com
O1 - Hosts: 80.239.151.17 rapidshare.com
O1 - Hosts: 80.239.151.18 rapidshare.com
O1 - Hosts: 80.239.151.19 rapidshare.com
O1 - Hosts: 80.239.151.20 rapidshare.com
O1 - Hosts: 80.239.151.21 rapidshare.com
O1 - Hosts: 80.239.151.22 rapidshare.com
O1 - Hosts: 80.239.151.250 rapidshare.com
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/appl...orLauncher.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Program Files\Java\jre6\bin\jqs.exe" -service -config "E:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
Youve made the mistake of running 2 programs (security essentials and IOBIT) that scan on the fly (Which can make your system more vulnerable as they cancel one another out)
Id recommend uninstalling IOBIT (or at least stopping it from auto starting so its not running at the same time)
.....................................................................................
Download HostsXpert
http://www.softpedia.com/progDownload/Hoster-Download-27041.html
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
.......................................................................................................
This MUST be after malwarebytes has removed everything it finds ~
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive):idea:0 -
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4211
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
18/06/2010 14:37:50
mbam-log-2010-06-18 (14-37-50).txt
Scan type: Quick scan
Objects scanned: 116966
Time elapsed: 8 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)All the big powers they've silenced me. So much for free speech and choice on this fundamental human right, and outing the liars.0 -
Odd that nothing was found, im thinking you posted the log BEFORE you removed them then
Still, run the FULL to be sure then continue as per post #13:idea:0 -
hijack this after deleted items.
Logfile of HijackThis v1.99.1
Scan saved at 15:39:01, on 18/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
e:\Program Files\Microsoft Security Essentials\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program Files\Microsoft Security Essentials\msseces.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\DivX\DivX Update\DivXUpdate.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\silky\Desktop\HijackThis.exe
e:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [SiSRaid] E:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [MSSE] "e:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262455853898
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Program Files\Java\jre6\bin\jqs.exe" -service -config "E:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exeAll the big powers they've silenced me. So much for free speech and choice on this fundamental human right, and outing the liars.0 -
Odd that nothing was found, im thinking you posted the log BEFORE you removed them then
Still, run the FULL to be sure then continue as per post #13
what i must have done is scan with malware then delited the nasties but copies the log before i delited it.
also ive uninstalled ObitAll the big powers they've silenced me. So much for free speech and choice on this fundamental human right, and outing the liars.0 -
im onto this section now.
Download HostsXpert
http://www.softpedia.com/progDownloa...oad-27041.html
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
done as you said however, when i click restore MS hosts i ger.
ERROR - cannot creat file E\windows\system32\drivers\etc\host.All the big powers they've silenced me. So much for free speech and choice on this fundamental human right, and outing the liars.0 -
im onto this section now.
Download HostsXpert
http://www.softpedia.com/progDownloa...oad-27041.html
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
done as you said however, when i click restore MS hosts i ger.
ERROR - cannot creat file E\windows\system32\drivers\etc\host.
RIGHT CLICK and select RUN AS (Administrator) on the exe file to run it:idea:0 -
combofix
ComboFix 10-06-17.02 - silky 18/06/2010 15:58:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1550 [GMT 1:00]
Running from: e:\documents and settings\silky\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
The following files were disabled during the run:
e:\windows\system32\dvduolsv.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\documents and settings\silky\Application Data\inst.exe
e:\windows\system32\1177516406.dat
e:\windows\system32\win.com
.
((((((((((((((((((((((((( Files Created from 2010-05-18 to 2010-06-18 )))))))))))))))))))))))))))))))
.
2010-06-18 13:09 . 2010-06-18 13:11
dc-h--w- e:\windows\ie8
2010-06-18 13:05 . 2010-04-16 11:43 41984 -c----w- e:\windows\system32\dllcache\iecompat.dll
2010-06-17 20:24 . 2010-06-17 20:28
d
w- e:\documents and settings\silky\Application Data\SafeReturner
2010-06-17 20:23 . 2010-06-17 20:29
d
w- e:\program files\Safe Returner
2010-06-17 20:06 . 2010-06-17 20:06 50176 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{A8691956-2B15-6333-07BD-3BA7428AD79F}-961.exe
2010-06-17 19:57 . 2010-06-17 19:57 50176 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{41001908-6ECA-F09B-5BA1-4723C33B61B2}-961.exe
2010-06-17 19:53 . 2010-06-17 19:53 50176 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{0C6AF5D4-6DDF-CF52-75D4-75F708AEFF89}-961.exe
2010-06-17 19:45 . 2010-06-17 19:45 50176 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{21A1C4C1-D404-2B91-1EAE-76E95D79C9B2}-961.exe
2010-06-17 19:34 . 2010-06-17 19:34 50176 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{7A3F0A07-A011-2077-8B82-78AB72E3D57F}-961.exe
2010-06-17 15:06 . 2010-06-17 15:06 56765 ----a-w- e:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-17 15:06 . 2010-06-17 15:06 56997 ----a-w- e:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-17 15:06 . 2010-06-17 15:06 53600 ----a-w- e:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-17 15:05 . 2010-06-17 15:06 57715 ----a-w- e:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-17 15:04 . 2010-06-17 15:04 84062 ----a-w- e:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-17 15:04 . 2010-04-27 18:40 9200 ----a-w- e:\windows\system32\drivers\cdralw2k.sys
2010-06-17 15:04 . 2010-04-27 18:40 9072 ----a-w- e:\windows\system32\drivers\cdr4_xp.sys
2010-06-17 15:04 . 2010-04-27 18:40 45648 ----a-w- e:\windows\system32\drivers\PxHelp20.sys
2010-06-17 15:04 . 2010-04-27 18:40 133616 ----a-w- e:\windows\system32\pxafs.dll
2010-06-17 15:02 . 2010-06-17 15:02 54153 ----a-w- e:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-17 15:02 . 2010-06-17 15:02 54128 ----a-w- e:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-17 15:01 . 2010-06-17 15:01 54644 ----a-w- e:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-17 14:59 . 2010-06-17 14:59 54101 ----a-w- e:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-17 14:47 . 2010-06-17 14:47 50176 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D40F7F26-E625-C806-6173-0399E4A775B3}-Vkb.exe
2010-06-17 14:04 . 2010-06-17 14:04
d
w- e:\windows\system32\wbem\Repository
2010-06-11 09:55 . 2010-06-11 09:55
d
w- e:\windows\Replay Media Catcher
2010-06-11 09:54 . 2010-06-11 10:11
d
w- e:\program files\Replay Media Catcher
2010-06-10 11:41 . 2010-06-17 14:04
d
w- e:\documents and settings\silky\Application Data\BitTorrent
2010-06-10 11:41 . 2010-06-10 11:41
d
w- e:\program files\BitTorrent
2010-06-10 09:34 . 2010-06-10 09:34 8086976 ----a-w- e:\documents and settings\silky\Application Data\Azureus\tmp\AZU7146335054560918026.tmp\Vuze_4.4.0.6_win32.exe
2010-06-09 14:58 . 2010-05-06 10:41 743424 -c----w- e:\windows\system32\dllcache\iedvtool.dll
2010-06-09 12:54 . 2010-06-09 12:54 46592 ----a-w- e:\windows\system32\dvduolsv.dll.vir
2010-06-08 11:33 . 2010-04-29 14:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-06-08 11:33 . 2010-06-08 11:34
d
w- e:\program files\Malwarebytes' Anti-Malware
2010-06-08 11:33 . 2010-04-29 14:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-06-08 11:02 . 2010-06-10 09:58
d
w- e:\documents and settings\silky\Local Settings\Application Data\AskToolbar
2010-06-07 09:27 . 2010-06-07 09:27
d
w- E:\CV's
2010-06-05 09:29 . 2010-06-08 11:22
d
w- e:\documents and settings\silky\Application Data\LimeWire
2010-06-05 09:29 . 2010-06-08 11:22
d
w- e:\program files\LimeWire
2010-06-02 07:42 . 2009-10-27 13:44 24576 ----a-w- e:\documents and settings\silky\Application Data\LG Electronics\LG PC Suite III\UpdateHelper.exe
2010-06-02 07:41 . 2009-10-19 20:49 1164728 ----a-w- e:\windows\system32\NMSDVDXU.dll
2010-06-02 07:41 . 2010-06-02 07:41
d--h--w- e:\documents and settings\silky\Application Data\{D94BA408-F110-488B-A65E-3AE7945F79E6}
2010-06-02 07:41 . 2010-06-02 07:41
d
w- e:\documents and settings\silky\Application Data\LG Electronics
2010-05-23 21:12 . 2010-05-23 21:12
d
w- e:\windows\system32\AGEIA
2010-05-23 21:12 . 2010-05-23 21:13
d
w- e:\program files\AGEIA Technologies
2010-05-23 21:12 . 2010-05-23 21:12
d
w- e:\program files\Common Files\Wise Installation Wizard
2010-05-22 12:38 . 2010-05-26 16:12
d
w- e:\program files\Microsoft ActiveSync
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-17 15:07 . 2010-05-14 19:16 57344 ----a-w- e:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-17 15:06 . 2010-01-14 18:57
d
w- e:\program files\DivX
2010-06-17 15:06 . 2010-01-14 18:57
d
w- e:\program files\Common Files\DivX Shared
2010-06-17 15:06 . 2010-05-14 19:12
d
w- e:\documents and settings\All Users\Application Data\DivX
2010-06-17 15:05 . 2010-01-15 19:51
d
w- e:\documents and settings\silky\Application Data\DivX
2010-06-17 14:56 . 2010-05-14 19:16 1062184 ----a-w- e:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-17 14:56 . 2010-05-14 19:16 895256 ----a-w- e:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-17 14:04 . 2010-02-08 15:47
d
w- e:\documents and settings\silky\Application Data\uTorrent
2010-06-15 18:20 . 2010-01-29 16:22
d
w- e:\documents and settings\silky\Application Data\Vso
2010-06-13 12:48 . 2010-02-07 15:02
d
w- e:\documents and settings\All Users\Application Data\NOS
2010-06-10 11:43 . 2010-02-09 16:31
d
w- e:\program files\Simple Port Forwarding
2010-06-10 09:41 . 2010-01-14 19:20
d
w- e:\documents and settings\silky\Application Data\Azureus
2010-06-03 16:32 . 2010-06-03 16:32 4 ----a-w- e:\documents and settings\silky\Application Data\dhxiuw.dat
2010-06-02 07:43 . 2010-04-26 16:13
d
w- e:\program files\LG Electronics
2010-06-02 07:43 . 2010-01-02 18:06
d--h--w- e:\program files\InstallShield Installation Information
2010-05-21 13:14 . 2010-03-16 11:48 221568 ----a-w- e:\windows\system32\MpSigStub.exe
2010-05-14 19:16 . 2010-05-14 19:16 57054 ----a-w- e:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-14 19:16 . 2010-05-14 19:15 54166 ----a-w- e:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-14 19:15 . 2010-05-14 19:15 57532 ----a-w- e:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-14 19:15 . 2010-05-14 19:15 56458 ----a-w- e:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-14 19:15 . 2010-05-14 19:15 54174 ----a-w- e:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-14 19:15 . 2010-05-14 19:15 57409 ----a-w- e:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-14 19:15 . 2010-05-14 19:15 52963 ----a-w- e:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-14 19:15 . 2010-05-14 19:15 54073 ----a-w- e:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-14 19:15 . 2010-05-14 19:15 56969 ----a-w- e:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-12 15:09 . 2010-01-02 21:06
d
w- e:\documents and settings\All Users\Application Data\EPSON
2010-05-08 16:19 . 2010-01-02 19:09
d
w- e:\program files\NVIDIA Corporation
2010-05-08 15:59 . 2010-05-08 15:58
d
w- e:\program files\XP Codec Pack
2010-05-06 17:24 . 2010-01-02 18:46
d
w- e:\documents and settings\All Users\Application Data\UAB
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- e:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- e:\windows\system32\win32k.sys
2010-04-27 18:40 . 2010-01-14 18:58 126448 ----a-w- e:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2010-01-14 18:58 123888 ----a-w- e:\windows\system32\pxcpyi64.exe
2010-04-22 17:46 . 2010-04-22 17:46
d
w- e:\program files\CCleaner
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- e:\windows\system32\atmfd.dll
2010-04-03 22:55 . 2010-03-16 17:08 61440 ----a-w- e:\windows\system32\OpenCL.dll
2010-04-03 22:55 . 2010-03-16 17:07 11647592 ----a-w- e:\windows\system32\nvcompiler.dll
2010-04-03 22:55 . 2009-09-27 16:12 6432128 ----a-w- e:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2009-09-27 16:12 4075520 ----a-w- e:\windows\system32\nvcuda.dll
2010-04-03 22:55 . 2009-09-27 16:12 2646632 ----a-w- e:\windows\system32\nvcuvenc.dll
2010-04-03 22:55 . 2009-09-27 16:12 227944 ----a-w- e:\windows\system32\nvcodins.dll
2010-04-03 22:55 . 2009-09-27 16:12 227944 ----a-w- e:\windows\system32\nvcod.dll
2010-04-03 22:55 . 2009-09-27 16:12 2183470 ----a-w- e:\windows\system32\nvdata.bin
2010-04-03 22:55 . 2009-09-27 16:12 2030184 ----a-w- e:\windows\system32\nvcuvid.dll
2010-04-03 22:55 . 2009-09-27 16:12 14757888 ----a-w- e:\windows\system32\nvoglnt.dll
2010-04-03 22:55 . 2009-09-27 16:12 1097728 ----a-w- e:\windows\system32\nvapi.dll
2010-04-03 22:55 . 2009-09-27 16:12 10232128 ----a-w- e:\windows\system32\drivers\nv4_mini.sys
2010-04-03 18:23 . 2010-04-03 18:23 278120 ----a-w- e:\windows\system32\nvmccs.dll
2010-04-03 18:23 . 2010-04-03 18:23 154216 ----a-w- e:\windows\system32\nvsvc32.exe
2010-04-03 18:23 . 2010-04-03 18:23 145000 ----a-w- e:\windows\system32\nvcolor.exe
2010-04-03 18:23 . 2010-04-03 18:23 13670504 ----a-w- e:\windows\system32\nvcpl.dll
2010-04-03 18:23 . 2010-04-03 18:23 110696 ----a-w- e:\windows\system32\nvmctray.dll
2010-04-03 18:22 . 2010-04-03 18:22 81920 ----a-w- e:\windows\system32\nvwddi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSRaid"="e:\program files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2007-01-18 389120]
"MSSE"="e:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"Malwarebytes' Anti-Malware"="e:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
backup=e:\windows\pss\DSLMON.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- e:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 15:35 202024 ----a-w- e:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 05:01 180736 ----a-w- e:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-28 21:06 135664 ----atw- e:\documents and settings\silky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 19:16 141608 ----a-w- e:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232
w- e:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 09:51 1836328 ----a-w- e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 ----a-w- e:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- e:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 15:21 246504 ----a-w- e:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
ntkrdump REG_SZ e:\windows\system32\dvduolsv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_DUPA20.EXE"=
"e:\\Program Files\\Simple Port Forwarding\\spf.exe"=
"e:\\WINDOWS\\system32\\spoolsv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"60001:TCP"= 60001:TCP:bittorrent
R2 MBAMService;MBAMService;e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/06/2010 12:34 304464]
R3 LgBttPort;LGE Bluetooth TransPort;e:\windows\system32\drivers\lgbtport.sys [29/09/2009 08:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;e:\windows\system32\drivers\lgbtbus.sys [29/09/2009 08:11 10496]
R3 LGVMODEM;LGE Virtual Modem;e:\windows\system32\drivers\lgvmodem.sys [29/09/2009 08:11 12928]
R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [08/06/2010 12:33 20952]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;e:\windows\system32\drivers\ousbehci.sys [02/01/2010 21:35 45824]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;e:\windows\system32\drivers\ousb2hub.sys [02/01/2010 21:35 56960]
.
Contents of the 'Scheduled Tasks' folder
2010-06-14 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-06-18 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-688789844-1060284298-1004Core.job
- e:\documents and settings\silky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-28 21:06]
2010-06-18 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-688789844-1060284298-1004UA.job
- e:\documents and settings\silky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-28 21:06]
2010-06-18 e:\windows\Tasks\MP Scheduled Scan.job
- e:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 18:02]
2010-06-18 e:\windows\Tasks\User_Feed_Synchronization-{CE4E2892-D071-4BB4-96B7-41E55D0E9A30}.job
- e:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.talktalk.co.uk/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - e:\documents and settings\silky\Application Data\Mozilla\Firefox\Profiles\xw8vdh6r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.talktalk.co.uk/
FF - plugin: e:\documents and settings\silky\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: e:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-nwiz - nwiz.exe
SharedTaskScheduler-{B2956219-3581-46C6-AF44-8FFE42BCEBAE} - (no file)
AddRemove-HijackThis - e:\documents and settings\silky\Desktop\New Folder (2)\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 16:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-2052111302-688789844-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{267A75E8-BD31-14AD-2FD7-D81483B6536C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abnbdodllajcdlkknfdbfpanjagdmbmclc"=hex:65,62,6e,70,6c,66,69,67,6a,6c,61,6a,
6e,66,6c,67,6a,64,6b,64,67,6d,6a,69,67,67,6c,68,70,68,6e,65,65,70,70,69,63,\
"bbnbdodllajcdlkknfabcegofhikjhegdoen"=hex:61,62,6a,70,67,6a,6a,6a,6f,65,6f,70,
68,61,6f,70,66,67,6a,6f,63,6b,63,6c,67,6c,65,63,63,6a,6e,68,61,6c,00,69
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-06-18 16:06:52
ComboFix-quarantined-files.txt 2010-06-18 15:06
Pre-Run: 74,561,839,104 bytes free
Post-Run: 74,573,619,200 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(2)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /FASTDETECT /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" =OPTIN /FASTDETECT
- - End Of File - - 594C906D03CD6D12AF2F4FF149177376All the big powers they've silenced me. So much for free speech and choice on this fundamental human right, and outing the liars.0 -
RIGHT CLICK and select RUN AS (Administrator) on the exe file to run it
when i do that it asks me
which user account do you want to use this program to run.
current user, or the following user, but the following users requires a user name and password, which i do not know, i put in admin for both but it says login failure.All the big powers they've silenced me. So much for free speech and choice on this fundamental human right, and outing the liars.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards