Solved Symptoms of a rogue virus?

Status
Not open for further replies.
Hi DMJ, I cleaned inside the tower with an electric duster (DataVac) last week but I didn't replace the cards and cables. I just did that now including cleaning the RAM gold connectors and even replaced the thermal take of video card as well as clean it that thoroughly. So I've done all the cleaning and reattachments, let's see, is there anything else we can do in the meantime?
 
Ok so it happened again!

I did some research and found out someone who had the exact problem as me and how they fixed it. He/she said that they installed Drive Sweeper and it got rid of some older drivers and bam even after 10 days it never happened again. So I want to ask you if you know about this program and which version I should get and any instructions incase it messes something up I can have a backup? Maybe it will work!

UPDATE: Upon further research it sounds like a memory leak, so any tools or such so we can snipe whatever driver/file is causing this would be of great help!
 
Well, technically we already ran MEMTEST.

Please go to this page, agree to the Terms, and download Threat Expert Memory Scanner.
  • Install the program.
  • Then, run the program. Click the Start button on the main screen.
  • It will search for threats, and finish in 5-10 minutes.
  • When done, press the View Report button.
  • It will launch a web page with results. Please copy those results, and paste it in to your next reply.
 
Right, but the memory leak is supposed to be related to some useless drivers or something like that. Should I just use Drive Sweeper or can you recommend some other good program that will delete useless drivers?
 
Ok will give it a try.

Here's the report for the ThreatScanner
Full Scan Summary:

  • Scan details:
    • Scan started: Sunday, July 15, 2012 15:35:13
    • Scan time: 02 minutes, 19 seconds
    • Number of memory objects scanned: 6846
      • processes: 40
      • modules: 1976
      • heap pages: 4830
    • Number of suspicious memory objects detected: 0
    • Number of malicious memory objects detected: 0
    • Overall Risk Level: Safe
  • Summary of the detected threat characteristics:
    • No suspicious characteristics detected.
  • Summary of the detected memory objects:
    • No suspicious memory objects detected.
 
It went weird, wouldn't complete but I think it did delete some drivers, they had an update so I tried the update called Driver Fusion, ran that also and it didn't complete but did delete drivers as my screen started to go odd with the graphics.

I uninstalled and reinstalled my NVIDIA drivers and still waiting to see if it happens again, so far it hasn't happened yet, will keep you posted!

Oh forgot to mention that I also ran Drivecleanup, it removes USB drivers I think, someone else posted here on Techspot regarding that. I think actually it has to do with this because I installed a blutooth dongle from Asus a few weeks ago and then all this started, not to mention everytime I put my ipodnano in another USB device would not work all of a sudden. So let's see. Right now I have10 tabs open in firefox no problem yet.
 
Okay. Keep close eye for trouble, and let me know within five days, or this topic will be closed for inactivity.
 
Sorry to hear that.

A lot of common "unknown" memory leaks are usually due to CD emulation drivers or antivirus/security programs.

Can you give a brief history of any security software you have had and currently have installed, as well as DVD or CD authoring programs.
 
Well the only security programs I run are Avast Antivirus and Malwarebytes, I've not tested any other security programs except ESET Scanner.

I don't burn any dvds so I don't use those.

Below are two images I uploaded on the first page, just wondering do these give any clues? Would you like to see my Event viewer? I really would like to get this fixed if possible, Thanks for your help so far.
https://www.techspot.com/community/attachments/capture3-jpg.73220/
https://www.techspot.com/community/attachments/capture1-jpg.73221/
 
For the second error screen you posted...

  • 1. Click on the "Start" menu, and then select "Run."
  • 2. Type "msconfig" (without the quotation marks) into the open box, and click "OK."
  • 3. Click on the "Startup" tab.
  • 4. Clear the "dumprep 0 -k" or "dumprep 0 -u" checkbox, and then click "OK."
  • 5. It will ask to restart your computer. Continue.
  • Let me know if that error shows up again.
For the first error screen, xul.dll, I'm guessing is due to a lack of updated version of Firefox, or has to do with xul.dll being access from other system files, because the one that should exist in the system should be in the system folders.

Please update to the latest version of Firefox, or let me know if done.
 
Hi, I don't see any dumpreps at all in the Startup tab of msconfig.

Yes firefox has always been upto date.
 
ERUNT - Emergency Recovery Utility NT
  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.

If you did not complete this step, DO NOT continue with the other steps and post back to tell me.

The actual fix:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  3. In the right pane, click Dumprep, and then press DELETE.
  4. Restart the computer.
  5. Let me know if the error persists.
 
I specified that drive for firefox to be installed. I just went into that folder and found some funky files so you can see, and there is more at the bottom.
 

Attachments

  • capture4.jpg
    capture4.jpg
    94.7 KB · Views: 3
  • capture6.jpg
    capture6.jpg
    43.7 KB · Views: 3
ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    DirLook::
    c:\program files\mozilla firefox
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
ComboFix 12-07-20.02 - Main 07/20/2012 14:03:15.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1259 [GMT -4:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Main\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-17 20:57 . 2012-07-17 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-17 20:57 . 2012-07-17 20:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 21:12 . 2012-07-15 21:12 -------- d-----w- c:\documents and settings\UpdatusUser
2012-07-15 21:12 . 2012-07-15 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2012-07-15 21:12 . 2012-05-15 09:40 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-07-15 21:12 . 2012-05-15 09:40 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-07-15 21:12 . 2012-05-15 09:40 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-07-15 21:12 . 2012-05-15 09:40 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-15 21:12 . 2012-05-15 09:40 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-07-15 21:10 . 2012-07-15 21:12 -------- d-----w- c:\program files\NVIDIA Corporation
2012-07-15 21:10 . 2012-07-15 21:10 -------- d-----w- C:\NVIDIA
2012-07-15 20:06 . 2012-07-15 20:06 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2012-06-22 08:36 . 2012-06-22 08:36 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2011-10-08 17:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 12:52 . 2010-01-31 04:20 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-28 12:52 . 2010-01-31 04:20 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-28 12:52 . 2011-04-23 01:31 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-28 12:52 . 2010-01-31 04:20 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-28 12:52 . 2010-01-31 04:20 97352 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-06-28 12:52 . 2010-01-31 04:20 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-06-28 12:52 . 2010-01-31 04:20 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-28 12:52 . 2010-01-31 04:20 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-06-28 12:52 . 2011-04-23 01:30 41224 ----a-w- c:\windows\avastSS.scr
2012-06-28 12:51 . 2010-01-31 04:20 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-13 13:19 . 2010-01-31 04:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2010-01-31 04:59 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2010-01-31 03:16 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2010-01-31 03:16 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2010-01-31 03:16 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2010-01-31 03:16 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2010-01-31 03:16 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2010-01-31 03:16 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2010-01-31 03:16 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2011-04-23 01:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2011-04-23 01:23 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2011-04-23 01:23 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 23:29 . 2012-02-23 20:57 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 23:29 . 2012-06-17 23:16 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-04 23:29 . 2011-04-24 01:43 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16 . 2010-01-31 04:59 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2010-01-31 04:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-01-31 04:59 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\mozilla firefox ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-07_19.21.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-20 14:08 . 2012-07-20 14:08 16384 c:\windows\Temp\Perflib_Perfdata_1a8.dat
+ 2012-07-15 21:11 . 2012-05-15 10:18 65536 c:\windows\system32\OpenCL.dll
- 2011-11-20 03:12 . 2012-02-10 04:10 65536 c:\windows\system32\OpenCL.dll
+ 2011-07-13 14:00 . 2011-07-13 14:00 26112 c:\windows\system32\drivers\tap0901.sys
+ 2012-03-15 03:22 . 2012-07-13 10:15 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2012-03-15 03:22 . 2012-06-14 02:18 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2012-03-15 03:22 . 2012-06-14 02:18 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2012-03-15 03:22 . 2012-07-13 10:15 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2012-03-15 03:22 . 2012-06-14 02:18 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-03-15 03:22 . 2012-07-13 10:15 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-07-20 10:28 . 2011-07-20 10:28 54104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCANOST.EXE
+ 2011-07-20 10:28 . 2011-07-20 10:28 75624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RM.DLL
+ 2011-07-20 10:28 . 2011-07-20 10:28 38248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RECALL.DLL
+ 2011-05-27 00:18 . 2011-05-27 00:18 52088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLVBA.DLL
+ 2011-07-20 10:28 . 2011-07-20 10:28 34208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\DUMPSTER.DLL
+ 2011-07-20 10:28 . 2011-07-20 10:28 87408 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\DLGSETP.DLL
+ 2012-07-15 21:11 . 2012-05-15 10:18 883008 c:\windows\system32\nvgenco32.dll
+ 2012-07-17 20:57 . 2012-07-17 20:57 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe
- 2012-07-05 12:56 . 2012-07-05 12:56 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe
+ 2012-07-17 20:57 . 2012-07-17 20:57 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-03 14:51 . 2012-07-05 12:56 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2010-01-30 22:05 . 2012-06-14 14:56 296456 c:\windows\system32\FNTCACHE.DAT
+ 2010-01-30 22:05 . 2012-07-13 10:26 296456 c:\windows\system32\FNTCACHE.DAT
+ 2008-12-05 06:54 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll
+ 2010-11-09 14:52 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll
- 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
- 2012-03-15 03:22 . 2012-06-14 02:18 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-03-15 03:22 . 2012-07-13 10:15 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2012-03-15 03:22 . 2012-06-14 02:18 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2012-03-15 03:22 . 2012-07-13 10:15 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2012-03-15 03:22 . 2012-06-14 02:18 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-03-15 03:22 . 2012-07-13 10:15 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2012-03-15 03:22 . 2012-06-14 02:18 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-03-15 03:22 . 2012-07-13 10:15 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-03-15 03:22 . 2012-07-13 10:15 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2012-03-15 03:22 . 2012-06-14 02:18 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2012-03-15 03:22 . 2012-07-13 10:15 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2012-03-15 03:22 . 2012-06-14 02:18 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-03-15 03:22 . 2012-07-13 10:15 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2012-03-15 03:22 . 2012-06-14 02:18 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-07-20 10:28 . 2011-07-20 10:28 282032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCNPST64.DLL
+ 2011-07-20 10:28 . 2011-07-20 10:28 273832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCNPST32.DLL
+ 2011-07-27 08:55 . 2011-07-27 08:55 410992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RTFHTML.DLL
+ 2011-07-20 11:06 . 2011-07-20 11:06 770480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\REGFORM.EXE
+ 2011-07-20 10:28 . 2011-07-20 10:28 421736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\PSTPRX32.DLL
+ 2011-05-31 20:15 . 2011-05-31 20:15 177040 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLPH.DLL
+ 2011-07-27 08:55 . 2011-07-27 08:55 596888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLMIME.DLL
+ 2011-05-27 00:18 . 2011-05-27 00:18 136536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLCTL.DLL
+ 2011-07-27 10:03 . 2011-07-27 10:03 194448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OMSXP32.DLL
+ 2011-07-27 10:03 . 2011-07-27 10:03 661888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OMSMAIN.DLL
+ 2011-07-20 10:28 . 2011-07-20 10:28 253824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OLKFSTUB.DLL
+ 2011-07-20 10:28 . 2011-07-20 10:28 340320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MIMEDIR.DLL
+ 2012-03-22 03:55 . 2012-03-22 03:55 117160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPOMINT.DLL
+ 2011-07-20 11:06 . 2011-07-20 11:06 176024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPOLK.DLL
+ 2011-07-20 10:28 . 2011-07-20 10:28 138088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IMPMAIL.DLL
+ 2009-02-26 16:09 . 2009-02-26 16:09 154000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\ENVELOPE.DLL
+ 2011-05-27 00:18 . 2011-05-27 00:18 115584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\EMABLT32.DLL
+ 2011-07-27 08:55 . 2011-07-27 08:55 128376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\CONTAB32.DLL
+ 2012-07-19 19:34 . 2012-07-19 19:34 552960 c:\windows\ERDNT\7-19-2012\Users\00000002\UsrClass.dat
+ 2012-07-19 19:31 . 2005-10-20 16:02 163328 c:\windows\ERDNT\7-19-2012\ERDNT.EXE
+ 2012-07-15 20:06 . 2012-07-15 20:06 200704 c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll
- 2012-03-22 03:55 . 2012-03-22 03:55 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2012-07-12 04:46 . 2012-07-12 04:46 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2004-08-04 12:00 . 2012-06-08 14:26 8462848 c:\windows\system32\shell32.dll
+ 2012-07-15 21:11 . 2012-07-15 21:11 1074636 c:\windows\system32\nvdrsdb1.bin
+ 2012-07-15 21:11 . 2012-07-15 21:11 1074636 c:\windows\system32\nvdrsdb0.bin
+ 2012-07-15 21:11 . 2012-05-15 10:18 1000768 c:\windows\system32\nvdispco32.dll
+ 2012-07-15 21:11 . 2012-05-15 10:18 2530624 c:\windows\system32\nvcuvid.dll
+ 2012-07-15 21:11 . 2012-05-15 10:18 2445120 c:\windows\system32\nvcuvenc.dll
+ 2012-07-15 21:11 . 2012-05-15 10:18 6012928 c:\windows\system32\nvcuda.dll
+ 2012-07-15 21:11 . 2012-05-15 10:18 2359808 c:\windows\system32\nvapi.dll
+ 2012-07-15 21:11 . 2012-05-15 10:18 4373248 c:\windows\system32\nv4_disp.dll
- 2012-07-05 12:56 . 2012-07-05 12:56 9459912 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
+ 2012-07-17 20:57 . 2012-07-17 20:57 9459912 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
+ 2009-08-14 13:21 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2012-06-08 14:26 8462848 c:\windows\system32\dllcache\shell32.dll
+ 2012-07-15 21:11 . 2012-05-15 10:18 4373248 c:\windows\system32\dllcache\nv4_disp.dll
- 2008-04-14 00:12 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-04-14 00:12 . 2012-06-05 15:50 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2004-08-04 12:00 . 2012-06-05 15:50 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2004-08-04 12:00 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2012-06-19 16:54 . 2012-06-19 16:54 5009920 c:\windows\Installer\afa6c.msp
+ 2012-04-05 02:37 . 2012-04-05 02:37 2540544 c:\windows\Installer\a570de.msp
+ 2012-05-30 11:18 . 2012-05-30 11:18 1739264 c:\windows\Installer\592fac.msp
+ 2012-06-19 16:54 . 2012-06-19 16:54 2239488 c:\windows\Installer\592fa1.msp
+ 2012-06-19 16:54 . 2012-06-19 16:54 2239488 c:\windows\Installer\2d839.msp
+ 2012-06-19 16:54 . 2012-06-19 16:54 5009920 c:\windows\Installer\2d837.msp
+ 2012-04-05 02:37 . 2012-04-05 02:37 3149824 c:\windows\Installer\2315b9.msp
- 2012-03-15 03:22 . 2012-06-14 02:18 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-03-15 03:22 . 2012-07-13 10:15 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-03-15 03:22 . 2012-07-13 10:15 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2012-03-15 03:22 . 2012-06-14 02:18 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-10-10 03:10 . 2009-10-10 03:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-07-27 08:55 . 2011-07-27 08:55 3004800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OLMAPI32.DLL
+ 2011-07-27 09:09 . 2011-07-27 09:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPEDITOR.DLL
+ 2011-07-27 09:09 . 2011-07-27 09:09 5484416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPDESIGN.DLL
+ 2011-07-27 09:09 . 2011-07-27 09:09 1460088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\INFOPATH.EXE
+ 2012-07-19 19:34 . 2012-07-19 19:34 5160960 c:\windows\ERDNT\7-19-2012\Users\00000001\ntuser.dat
+ 2012-07-15 21:11 . 2012-05-15 10:18 18771968 c:\windows\system32\nvoglnt.dll
+ 2012-07-15 21:11 . 2012-05-15 10:18 17543168 c:\windows\system32\nvcompiler.dll
+ 2010-01-31 04:30 . 2012-07-12 12:58 57442464 c:\windows\system32\MRT.exe
+ 2012-07-15 21:11 . 2012-05-15 10:18 14014656 c:\windows\system32\drivers\nv4_mini.sys
+ 2012-07-15 21:11 . 2012-05-15 10:18 14014656 c:\windows\system32\dllcache\nv4_mini.sys
+ 2012-05-30 11:18 . 2012-05-30 11:18 11885056 c:\windows\Installer\b14da.msp
+ 2012-05-11 20:53 . 2012-05-11 20:53 48410624 c:\windows\Installer\6fcdf0c.msi
+ 2011-08-03 22:18 . 2011-08-03 22:18 12997488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLOOK.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-19 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 73728]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 2550272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-06-28 4273976]
"Malwarebytes' Anti-Malware"="e:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
.
c:\documents and settings\Main\Start Menu\Programs\Startup\
RBTray.lnk - c:\program files\RBTray\RBTray.exe [2009-6-2 54272]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Main^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk]
path=c:\documents and settings\Main\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk
backup=c:\windows\pss\DesktopVideoPlayer.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-02-07 23:11 451856 ----a-w- e:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AmmyyAdmin"=2 (0x2)
"idsvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"e:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\IBP 9\\IBP.exe"=
"e:\\Program Files\\SopCast\\SopCast.exe"=
"e:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"e:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.515\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.516\\Agent.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\MP3 Skype Recorder\\MP3 Skype Recorder.exe"=
"d:\\Program Files\\CounterPath\\eyeBeam 1.5\\eyeBeam.exe"=
"c:\\Documents and Settings\\Main\\Local Settings\\Application Data\\vghd\\bin\\Virtuagirl_Downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/22/2011 9:31 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/31/2010 12:20 AM 353688]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4/25/2011 6:25 PM 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/31/2010 12:20 AM 21256]
R2 MBAMService;MBAMService;e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/8/2011 1:39 PM 655944]
R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [4/3/2010 2:56 PM 42884448]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [7/15/2012 5:12 PM 1262400]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/8/2011 1:39 PM 22344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/15/2012 1:30 PM 158856]
S3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys --> c:\windows\system32\Drivers\AthDfu.sys [?]
S3 Atheros_btAudio;Bluetooth Virtual SCO Driver;c:\windows\system32\drivers\btathsco.sys --> c:\windows\system32\drivers\btathsco.sys [?]
S3 btatha2dp;Bluetooth A2DP Audio Device Driver;c:\windows\system32\drivers\btatha2dp.sys --> c:\windows\system32\drivers\btatha2dp.sys [?]
S3 btathPan;Bluetooth PAN Miniport Device;c:\windows\system32\DRIVERS\btathpan.sys --> c:\windows\system32\DRIVERS\btathpan.sys [?]
S3 BTATHPROT;General Bluetooth Filter;c:\windows\system32\DRIVERS\btathprot.sys --> c:\windows\system32\DRIVERS\btathprot.sys [?]
S3 btathrcp;Bluetooth AVRCP Target Device;c:\windows\system32\DRIVERS\btathrcp.sys --> c:\windows\system32\DRIVERS\btathrcp.sys [?]
S3 btathspp;Bluetooth Serial Port Device;c:\windows\system32\DRIVERS\btathspp.sys --> c:\windows\system32\DRIVERS\btathspp.sys [?]
S3 BTATHUSB;General Bluetooth Device;c:\windows\system32\DRIVERS\btathusb.sys --> c:\windows\system32\DRIVERS\btathusb.sys [?]
S3 btfilter;General Bluetooth Filter ss;c:\windows\system32\DRIVERS\btfilter.sys --> c:\windows\system32\DRIVERS\btfilter.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [8/10/2011 2:42 AM 23456]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [11/24/2011 4:36 PM 95304]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 11:06 PM 113120]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [12/14/2011 7:41 PM 25088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 2:56 PM 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 2:56 PM 367456]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-162531612-725345543-1004Core.job
- c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-10 01:08]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-162531612-725345543-1004UA.job
- c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-10 01:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - e:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AB1E8D68-CDA5-4E9F-AAB1-87F92CA37C3F}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\3dc188pm.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-20 14:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.23.01]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3196)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-07-20 14:14:16
ComboFix-quarantined-files.txt 2012-07-20 18:13
ComboFix2.txt 2012-07-07 19:23
.
Pre-Run: 6,275,567,616 bytes free
Post-Run: 6,534,008,832 bytes free
.
- - End Of File - - 626BD8A4E75A5F34ED18E74BA4600A4C
 
Sure thing. Keep an eye on the comp. for a couple days for any more error messages. If none, then we'll solve this topic. Sound cool?
 
Unfortunately the same problem persists, just tried to install Google sketchup and it couldn't install it then said there is "insufficient resources" . I'm thinking maybe to do a format as a last resort because I'm also feeling like we're not getting anywhere, but really I'd like to avoid formatting if possible. If you have any further suggesting let me know, I'm willing to try.
 
Status
Not open for further replies.
Back