Hey,
When I did that Combofix launched and it was stating that it was preparing to run. When will it close by itself? Is it after that message? I didn't allow it to run I closed afterwards.
Thanks for the help.
Printable View
Hey,
When I did that Combofix launched and it was stating that it was preparing to run. When will it close by itself? Is it after that message? I didn't allow it to run I closed afterwards.
Thanks for the help.
ComboFix opens when you drag CFScript into it.
You should allow it to run and not close it.
So please do it again :)
Hey, When I've put the CFScript on combofix it ran and redid all the scanning thing. It deleted mostly limewire things. And then the internet connection failed and even manually I couldnt' log in to the net. When I restarted the PC the connection was back again but I kept on getting pop ups that windows has closed a program for you protection I guess its name was win32 or something like this. Here's the combofix log and HJT, please tell me if there's something wrong.
----------------------------------------------------------------
HJT LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:29 PM, on 8/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.200:8080
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 74BE16.lnk = C:\WINDOWS\system32\ACF7EF\74BE16.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: FreshDownload - {18DD7274-43DF-4196-AEFC-EE9020D455A1} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com...reqlab_srl.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n027p/EN/install/gtdownlr.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.7.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/...r_4.0.15.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D4F5C7B-D6F1-4664-811F-4D5FB835B3FA}: NameServer = 192.168.2.200
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 11975 bytes
-----------------------------------------------------------
COMBO FIX LOG:
ComboFix 09-08-10.06 - user 08/15/2009 14:38.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1022.469 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\BHODemon 2
c:\program files\BHODemon 2\_BHODemon_HICHAM.log
c:\program files\limewire
c:\program files\limewire\.NetworkShare\LimeWirePackedJars4.8.1.7z
c:\program files\limewire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\limewire\.NetworkShare\LimeWireWin4.8.1.exe
c:\program files\limewire\Buy LimeWire PRO.url
c:\program files\limewire\COPYING
c:\program files\limewire\data.ser
c:\program files\limewire\hs_err_pid1088.log
c:\program files\limewire\hs_err_pid3032.log
c:\program files\limewire\hs_err_pid3224.log
c:\program files\limewire\hs_err_pid3884.log
c:\program files\limewire\hs_err_pid4072.log
c:\program files\limewire\inspection.props
c:\program files\limewire\install.log
c:\program files\limewire\language.prop
c:\program files\limewire\lib\aopalliance.jar
c:\program files\limewire\lib\clink.jar
c:\program files\limewire\lib\commons-codec-1.3.jar
c:\program files\limewire\lib\commons-logging.jar
c:\program files\limewire\lib\commons-net.jar
c:\program files\limewire\lib\daap.jar
c:\program files\limewire\lib\dnsjava.jar
c:\program files\limewire\lib\forms.jar
c:\program files\limewire\lib\foxtrot.jar
c:\program files\limewire\lib\gettext-commons.jar
c:\program files\limewire\lib\guice-1.0.jar
c:\program files\limewire\lib\hashes
c:\program files\limewire\lib\hsqldb.jar
c:\program files\limewire\lib\httpclient-4.0-alpha3.jar
c:\program files\limewire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\program files\limewire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\program files\limewire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\program files\limewire\lib\httpcore-niossl-4.0-alpha7.jar
c:\program files\limewire\lib\icu4j.jar
c:\program files\limewire\lib\jaudiotagger.jar
c:\program files\limewire\lib\jcraft.jar
c:\program files\limewire\lib\jdic.dll
c:\program files\limewire\lib\jdic.jar
c:\program files\limewire\lib\jdic_stub.jar
c:\program files\limewire\lib\jflac.jar
c:\program files\limewire\lib\jl.jar
c:\program files\limewire\lib\jmdns.jar
c:\program files\limewire\lib\jogg.jar
c:\program files\limewire\lib\jorbis.jar
c:\program files\limewire\lib\LimeWire.ico
c:\program files\limewire\lib\LimeWire.jar
c:\program files\limewire\lib\log4j.jar
c:\program files\limewire\lib\log4j.properties
c:\program files\limewire\lib\looks.jar
c:\program files\limewire\lib\messages.jar
c:\program files\limewire\lib\mp3spi.jar
c:\program files\limewire\lib\onion-common.jar
c:\program files\limewire\lib\onion-fec.jar
c:\program files\limewire\lib\ProgressTabs.jar
c:\program files\limewire\lib\swt.jar
c:\program files\limewire\lib\SystemUtilities.dll
c:\program files\limewire\lib\SystemUtilitiesA.dll
c:\program files\limewire\lib\themes.jar
c:\program files\limewire\lib\tray.dll
c:\program files\limewire\lib\tritonus.jar
c:\program files\limewire\lib\UnpackedJars.7z
c:\program files\limewire\lib\vorbisspi.jar
c:\program files\limewire\LimeWire On Startup.lnk
c:\program files\limewire\LimeWire.exe
c:\program files\limewire\LimeWire.ico
c:\program files\limewire\pmf.ico
c:\program files\limewire\root\magnet10\badge.img
c:\program files\limewire\root\magnet10\canHandle.img
c:\program files\limewire\root\magnet10\limewire.gif
c:\program files\limewire\root\magnet10\options.js
c:\program files\limewire\root\magnet10\silentdetect.js
c:\program files\limewire\SOURCE
c:\program files\limewire\spacer.gif
c:\program files\limewire\Thumbs.db
c:\program files\limewire\uninstall.exe
c:\program files\limewire\unpack.log
.
((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))
.
2009-08-15 00:01 . 2009-08-15 00:01 -------- d-----w- c:\windows\ServicePackFiles
2009-08-13 03:25 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-11 21:48 . 2009-08-11 21:50 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-11 17:26 . 2009-08-11 17:26 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-09 13:53 . 2009-08-09 13:57 -------- d-----w- c:\documents and settings\user\.housecall6.6
2009-08-05 09:11 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-30 12:07 . 2009-08-15 11:41 -------- d-----w- c:\documents and settings\user\Application Data\HPAppData
2009-07-30 11:49 . 2009-07-30 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-07-30 11:47 . 2009-07-30 11:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\HP
2009-07-30 11:41 . 2007-10-30 09:25 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-07-30 11:41 . 2007-10-30 09:25 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-07-30 11:41 . 2009-07-30 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-07-30 11:40 . 2007-11-08 14:56 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-07-30 11:40 . 2007-10-20 15:25 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2009-07-30 11:40 . 2007-10-30 09:25 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-07-30 11:40 . 2007-10-30 09:25 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-07-30 11:40 . 2007-10-30 09:25 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-07-30 11:40 . 2007-10-21 16:45 581632 ----a-r- c:\windows\system32\hpotscl6.dll
2009-07-30 11:40 . 2007-10-21 16:45 303104 ----a-r- c:\windows\system32\hpovst15.dll
2009-07-30 11:40 . 2007-10-21 16:45 729088 ----a-r- c:\windows\system32\hpowiax7.dll
2009-07-30 11:35 . 2009-07-30 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-30 11:35 . 2009-07-30 11:35 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-07-30 11:31 . 2009-07-30 11:49 157529 ----a-w- c:\windows\hpoins28.dat
2009-07-30 11:31 . 2007-12-13 00:01 932 ------w- c:\windows\hpomdl28.dat
2009-07-29 13:09 . 2009-03-06 14:00 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-07-29 13:09 . 2009-02-09 10:01 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-07-29 13:09 . 2009-02-09 10:01 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-07-29 13:09 . 2009-02-06 10:22 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-07-29 13:09 . 2009-02-06 09:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-07-29 13:09 . 2009-02-06 09:41 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-29 13:09 . 2005-07-26 04:20 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-07-29 13:09 . 2009-02-09 10:01 617984 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-07-29 13:09 . 2009-02-09 10:01 715264 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-07-29 12:29 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-07-29 11:34 . 2009-07-29 11:34 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-07-29 11:34 . 2009-08-03 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-29 11:34 . 2009-08-03 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 11:34 . 2009-07-29 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-29 11:34 . 2009-08-11 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 21:38 . 2009-07-28 17:56 -------- d--h--w- c:\windows\system32\0F6226
2009-07-27 21:38 . 2009-07-27 21:54 -------- d--h--w- c:\windows\system32\76682F
2009-07-27 21:38 . 2009-08-11 19:12 -------- d--h--w- c:\windows\system32\5A8DCC
2009-07-27 21:38 . 2009-07-30 18:40 -------- d--h--w- c:\windows\system32\ACF7EF
2009-07-21 13:44 . 2009-08-12 12:31 -------- d-----w- c:\program files\NOS
2009-07-21 13:44 . 2009-08-12 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-17 18:55 . 2009-07-17 18:55 58880 ------w- c:\windows\system32\dllcache\atl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 10:03 . 2007-01-30 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-15 09:51 . 2007-07-10 18:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-15 09:36 . 2008-09-27 15:30 -------- d-----w- c:\program files\Anno 1701
2009-08-15 09:36 . 2009-01-13 23:46 -------- d-----w- c:\program files\Starcraft
2009-08-15 09:35 . 2009-03-25 16:43 -------- d-----w- c:\program files\Warcraft III
2009-08-15 01:00 . 2007-04-21 11:57 -------- d-----w- c:\program files\FLVPlayer
2009-08-11 21:31 . 2008-11-16 01:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-11 21:31 . 2008-11-16 01:39 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-11 21:31 . 2008-11-16 01:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 21:31 . 2008-11-16 01:39 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-11 20:11 . 2008-08-07 11:11 -------- d-----w- c:\program files\UtopiaBOX 2.02
2009-08-11 20:11 . 2008-06-17 18:49 -------- d-----w- c:\program files\Pharaoh
2009-08-11 19:42 . 2007-01-30 00:36 -------- d-----w- c:\program files\NetWaiting
2009-08-11 19:42 . 2007-01-30 00:36 -------- d-----w- c:\program files\Microsoft Works
2009-08-09 13:42 . 2008-01-22 15:20 -------- d--h--w- c:\documents and settings\user\Application Data\GetRightToGo
2009-08-08 15:58 . 2009-02-03 19:51 -------- d-----w- c:\program files\KGB Archiver
2009-08-05 09:11 . 2004-08-04 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 20:54 . 2008-11-16 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-30 12:15 . 2007-01-30 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-07-30 12:15 . 2007-01-29 10:30 -------- d--h--w- c:\documents and settings\user\Application Data\HP
2009-07-17 18:55 . 2004-08-04 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 07:08 . 2004-08-04 21:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 13:53 . 2008-08-30 12:26 -------- d-----w- c:\program files\Lucasarts
2009-07-03 20:25 . 2008-07-31 09:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-29 16:12 . 2004-08-04 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-28 18:07 . 2009-06-28 18:07 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-28 18:06 . 2007-01-29 14:44 -------- d-----w- c:\program files\Common Files\Real
2009-06-28 18:06 . 2003-02-21 19:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-23 11:42 . 2009-04-27 23:11 -------- d-----w- c:\program files\EA Games
2009-06-23 10:00 . 2009-06-23 10:00 -------- d-----w- c:\program files\iXi Tools
2009-06-22 23:27 . 2009-06-22 23:27 10134 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-06-16 14:55 . 2005-10-18 05:14 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2005-10-18 05:14 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-08-04 21:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-12 01:19 . 2009-06-12 01:19 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 14:21 . 2004-08-04 21:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-04 21:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2004-08-04 21:00 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2005-08-30 11:54 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 08:33 . 2008-11-26 11:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 21:16 . 2007-11-22 16:53 1014 ----a-w- c:\windows\eReg.dat
2009-05-19 21:12 . 2009-05-19 21:12 0 ----a-w- c:\windows\system32\_r_a_p_.tmp
.
((((((((((((((((((((((((((((( SnapShot@2009-08-12_13.29.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-15 09:52 . 2009-08-15 09:52 16384 c:\windows\Temp\Perflib_Perfdata_7b0.dat
- 2005-06-29 00:21 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2005-06-29 00:21 . 2007-07-27 07:41 26488 c:\windows\system32\spupdsvc.exe
- 2006-10-27 05:25 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2006-10-27 05:25 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2009-06-12 11:50 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-06-10 14:21 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-04 21:00 . 2009-07-13 07:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
- 2006-08-17 12:28 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-08-17 12:28 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2005-12-20 10:30 . 2007-04-30 05:20 5537792 c:\windows\system32\wmp.dll
+ 2005-12-20 10:30 . 2009-07-13 07:08 5537792 c:\windows\system32\wmp.dll
+ 2005-12-20 10:30 . 2009-07-13 07:08 5537792 c:\windows\system32\dllcache\wmp.dll
- 2005-12-20 10:30 . 2007-04-30 05:20 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2006-11-08 05:06 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2007-02-02 09:41 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-11 1948440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-28 198160]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-1-29 102400]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Firewall Client Management.lnk - c:\windows\Installer\{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}\NewShortcut1_8C7A59A89ABE459A9A9308C281A4A264.exe [2007-11-2 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-11 21:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24387:TCP"= 24387:TCP:BitComet 24387 TCP
"24387:UDP"= 24387:UDP:BitComet 24387 UDP
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [7/5/2006 3:46 PM 63352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/16/2008 4:39 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/16/2008 4:39 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/12/2009 12:31 AM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/12/2009 12:31 AM 298776]
R2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [6/10/2004 3:00 AM 115544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/31/2008 12:10 PM 206096]
--- Other Services/Drivers In Memory ---
*Deregistered* - MBAMSwissArmy
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 192.168.2.200:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{18DD7274-43DF-4196-AEFC-EE9020D455A1} - c:\program files\FreshDevices\FreshDownload\fd.exe
LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll
TCP: {3D4F5C7B-D6F1-4664-811F-4D5FB835B3FA} = 192.168.2.200
Name-Space Handler: ftp\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} -
Name-Space Handler: http\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} -
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 14:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???hc??????`?@?????L?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1931326976-3242642446-1606852611-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1931326976-3242642446-1606852611-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:36,15,eb,c9,ff,ec,df,c2,01,25,cf,ad,25,47,b6,bc,a7,6a,c8,60,3f,82,87,
29,67,e6,59,e6,e7,3a,d0,4f,99,97,9b,23,c0,0d,a5,42,0a,1b,d7,9c,d2,eb,43,c7,\
"??"=hex:12,3b,d3,bf,0e,56,91,99,89,0e,2d,b9,8f,10,31,d3
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE52F6C-4102-5735-8131-2C63BF62CC95}\InProcServer32*]
"oabhpdckjmoafefbloommokcgdggim"=hex:69,61,6a,6a,70,68,65,70,66,65,66,6f,6e,6b,
68,61,67,61,00,00
"nabhfemehpcokmaaidlgakikojgb"=hex:69,61,6a,6a,70,68,67,70,68,65,69,61,6b,67,
6c,61,64,6f,00,00
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-08-15 14:47
ComboFix-quarantined-files.txt 2009-08-15 11:47
ComboFix2.txt 2009-08-15 11:34
ComboFix3.txt 2009-08-12 13:36
Pre-Run: 14,402,777,088 bytes free
Post-Run: 14,370,177,024 bytes free
343 --- E O F --- 2009-08-15 00:05
Can you give me further details about those popups?
It seems the pop ups are gone. I've restarted my pc two times and its gone.
Now I need to tell you one thing. Because It seems I just found out about it.
When I download a stream video (adult) to my pc and just click on it or enter the folder in which its in, the explorer.exe gets to 50%.
So I got into safe mode and deleted the video. If I try to delete on windows it tells me that it is being used by another program which is probably explorer.exe
I guess this changes alot right?
Which video that is and where it is located?
It's a video from empflix. I downloaded it using Realplayer. On the video if you move your cursor on it it will pop a down this video from real player. I deleted it and ever since then I didn't get the 50 or 99% cpu usage of explorer. I downloaded one today and after I had this issue solved it was up again, so I deleted it using safe mode.
Sounds like fake video to me.
Where did you download it from?
I had downloaded several videos from their site and never got this, I don't know why lately I encountered this.
It's from empflix.com A streaming website
So maybe those are fake videos then.
Any other issues left?