• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Win Xp Virus, but no traces?

thescreensavers

thescreensavers

Diamond Member
A friends computer keeps having "about:navigationfailure" in IE and in FF it says that the URL is invalid.

I can Ping google.com and it works fine.

I have ran Malwarebytes(finds nothing) Combofix and hijackthis

ComboFix 12-02-24.02 - 02/24/2012 12:36:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.267 [GMT -5:00]
Running from: H:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.mrxsmb
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-18 20:03 . 2012-02-18 20:03 -------- d-----w- c:\windows.0\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-22 23:03 . 2012-01-22 23:03 12872 ----a-w- c:\windows.0\system32\bootdelete.exe
2012-01-22 22:52 . 2012-01-22 22:52 23624 ----a-w- c:\windows.0\system32\drivers\hitmanpro35.sys
2011-12-10 20:24 . 2010-11-15 16:37 20464 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2011-12-08 00:19 . 2011-12-08 00:19 414368 ----a-w- c:\windows.0\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62d27c7f-1fae-422f-a8fe-11a0091185ae}]
2011-11-14 17:51 85288 ----a-w- c:\program files\link180\link180X.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DA17D5A-5718-4130-A605-FC316C827836}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af6ac4f2-9825-4fb6-a600-92bc5361f209}]
2011-12-22 07:44 87488 ----a-w- c:\progra~1\SEARCH~2\Datamngr\ToolBar\searchcoredtx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 21:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f409caa5-db4f-48aa-a238-ca307c481237}]
2011-06-24 15:13 81920 ----a-w- c:\program files\usjobsearchtoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{f409caa5-db4f-48aa-a238-ca307c481237}"= "c:\program files\usjobsearchtoolbar\vmntemplateX.dll" [2011-06-24 81920]
"{af6ac4f2-9825-4fb6-a600-92bc5361f209}"= "c:\progra~1\SEARCH~2\Datamngr\ToolBar\searchcoredtx.dll" [2011-12-22 87488]
"{62d27c7f-1fae-422f-a8fe-11a0091185ae}"= "c:\program files\link180\link180X.dll" [2011-11-14 85288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{f409caa5-db4f-48aa-a238-ca307c481237}]
.
[HKEY_CLASSES_ROOT\clsid\{af6ac4f2-9825-4fb6-a600-92bc5361f209}]
.
[HKEY_CLASSES_ROOT\clsid\{62d27c7f-1fae-422f-a8fe-11a0091185ae}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Olecaime"= {0869C952-2C3E-4E3B-A513-E9BD92ADE0E8} - c:\windows.0\system32\setocbot.dll [2008-04-14 1401344]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows.0\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 22:43 69632 ----a-w- c:\windows.0\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2005-07-25 16:47 2806272 ------w- c:\windows.0\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]
2011-03-18 15:18 231592 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-01-03 21:31 1391272 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows.0\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 19:51 118784 ----a-w- c:\windows.0\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-20 19:55 155648 ----a-w- c:\windows.0\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 09:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDReminder]
c:\program files\PC Performer\PCPerformer.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-07-25 16:47 90112 ------w- c:\windows.0\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-03-11 20:18 135168 ----a-w- c:\program files\eMachines Bay Reader\shwiconEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"TermService"=3 (0x3)
"ose"=3 (0x3)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\WINDOWS.0\\system32\\freecell.exe"=
"c:\\WINDOWS.0\\system32\\mmc.exe"=
"c:\\Program Files\\Searchcore Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP😡xpsp2res.dll,-22009
.
S0 cobwwk;cobwwk;c:\windows.0\system32\drivers\ltbkr.sys --> c:\windows.0\system32\drivers\ltbkr.sys [?]
S1 MpKsl05eb0feb;MpKsl05eb0feb;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76C2601E-E46C-4971-B61E-DE96061FE4DF}\MpKsl05eb0feb.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76C2601E-E46C-4971-B61E-DE96061FE4DF}\MpKsl05eb0feb.sys [?]
S1 MpKsl08e235d8;MpKsl08e235d8;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69EB6EBF-25F8-4DAF-8114-6282EAB943E5}\MpKsl08e235d8.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69EB6EBF-25F8-4DAF-8114-6282EAB943E5}\MpKsl08e235d8.sys [?]
S1 MpKsl0ac652ab;MpKsl0ac652ab;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37D0F355-3A43-4A75-AFC3-8C779582E3A1}\MpKsl0ac652ab.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37D0F355-3A43-4A75-AFC3-8C779582E3A1}\MpKsl0ac652ab.sys [?]
S1 MpKsl0f6cbe88;MpKsl0f6cbe88;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BF98F3EA-313D-4241-AD13-385591B2E9AA}\MpKsl0f6cbe88.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BF98F3EA-313D-4241-AD13-385591B2E9AA}\MpKsl0f6cbe88.sys [?]
S1 MpKsl123d50d4;MpKsl123d50d4;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CC9E0A1-EB51-4849-870A-B025572C6560}\MpKsl123d50d4.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CC9E0A1-EB51-4849-870A-B025572C6560}\MpKsl123d50d4.sys [?]
S1 MpKsl2490e945;MpKsl2490e945;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8209E6EA-0560-45E9-B5A8-377704FA9EC6}\MpKsl2490e945.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8209E6EA-0560-45E9-B5A8-377704FA9EC6}\MpKsl2490e945.sys [?]
S1 MpKsl261b7ae9;MpKsl261b7ae9;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{116CD0E3-B482-4DD5-BEF9-0ED08D2AF0C4}\MpKsl261b7ae9.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{116CD0E3-B482-4DD5-BEF9-0ED08D2AF0C4}\MpKsl261b7ae9.sys [?]
S1 MpKsl2a09e2f2;MpKsl2a09e2f2;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A4F56E8-2517-44A0-AA49-6D703C818D65}\MpKsl2a09e2f2.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A4F56E8-2517-44A0-AA49-6D703C818D65}\MpKsl2a09e2f2.sys [?]
S1 MpKsl2df28154;MpKsl2df28154;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55CFB9F5-CBD1-447D-A56E-23C536BCF18A}\MpKsl2df28154.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55CFB9F5-CBD1-447D-A56E-23C536BCF18A}\MpKsl2df28154.sys [?]
S1 MpKsl2e63bc10;MpKsl2e63bc10;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A91979E3-C599-4B1E-831A-B4E3B146A443}\MpKsl2e63bc10.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A91979E3-C599-4B1E-831A-B4E3B146A443}\MpKsl2e63bc10.sys [?]
S1 MpKsl336aee54;MpKsl336aee54;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02529059-AB05-4A56-86D3-8D69A0EB03B9}\MpKsl336aee54.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02529059-AB05-4A56-86D3-8D69A0EB03B9}\MpKsl336aee54.sys [?]
S1 MpKsl338209fd;MpKsl338209fd;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D106BF6D-3F3D-45C1-A188-4C7A4F3CB278}\MpKsl338209fd.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D106BF6D-3F3D-45C1-A188-4C7A4F3CB278}\MpKsl338209fd.sys [?]
S1 MpKsl3ce91acc;MpKsl3ce91acc;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D0534E3-4A57-45A9-B63B-300B7FD661D7}\MpKsl3ce91acc.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D0534E3-4A57-45A9-B63B-300B7FD661D7}\MpKsl3ce91acc.sys [?]
S1 MpKsl4254433b;MpKsl4254433b;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F53B119-A7A0-4026-9F79-2404228C7234}\MpKsl4254433b.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F53B119-A7A0-4026-9F79-2404228C7234}\MpKsl4254433b.sys [?]
S1 MpKsl42e204e4;MpKsl42e204e4;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A141211-0497-4FE4-A46A-3CE85CC11F96}\MpKsl42e204e4.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A141211-0497-4FE4-A46A-3CE85CC11F96}\MpKsl42e204e4.sys [?]
S1 MpKsl479acf8c;MpKsl479acf8c;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{665EB1B7-C7AB-454F-8CEE-CB8923A90E30}\MpKsl479acf8c.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{665EB1B7-C7AB-454F-8CEE-CB8923A90E30}\MpKsl479acf8c.sys [?]
S1 MpKsl5317bde0;MpKsl5317bde0;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{822BB507-7F9C-42DD-B635-C2127BBD418D}\MpKsl5317bde0.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{822BB507-7F9C-42DD-B635-C2127BBD418D}\MpKsl5317bde0.sys [?]
S1 MpKsl538fe54e;MpKsl538fe54e;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{790F9697-DF55-4248-AD8B-FF0D238DAC2F}\MpKsl538fe54e.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{790F9697-DF55-4248-AD8B-FF0D238DAC2F}\MpKsl538fe54e.sys [?]
S1 MpKsl5942281e;MpKsl5942281e;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A7C1052-8E2E-43E4-A510-FDDC78A0B9F6}\MpKsl5942281e.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A7C1052-8E2E-43E4-A510-FDDC78A0B9F6}\MpKsl5942281e.sys [?]
S1 MpKsl8150f23a;MpKsl8150f23a;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F6B5D24-412A-454E-A897-9B0C2E0DE44B}\MpKsl8150f23a.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F6B5D24-412A-454E-A897-9B0C2E0DE44B}\MpKsl8150f23a.sys [?]
S1 MpKsl81fdad77;MpKsl81fdad77;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BF84D9D-D019-467C-87D3-B26E3BEE45D4}\MpKsl81fdad77.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BF84D9D-D019-467C-87D3-B26E3BEE45D4}\MpKsl81fdad77.sys [?]
S1 MpKsl82ad8d42;MpKsl82ad8d42;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55CFB9F5-CBD1-447D-A56E-23C536BCF18A}\MpKsl82ad8d42.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55CFB9F5-CBD1-447D-A56E-23C536BCF18A}\MpKsl82ad8d42.sys [?]
S1 MpKsl9102c256;MpKsl9102c256;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96E26D27-ABE0-44A1-A4D8-01ED0A8D5614}\MpKsl9102c256.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96E26D27-ABE0-44A1-A4D8-01ED0A8D5614}\MpKsl9102c256.sys [?]
S1 MpKsl93d1944e;MpKsl93d1944e;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{384B8ED4-D201-443D-8969-4F4431111090}\MpKsl93d1944e.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{384B8ED4-D201-443D-8969-4F4431111090}\MpKsl93d1944e.sys [?]
S1 MpKsl980ef5c5;MpKsl980ef5c5;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7992C46-4C1C-478D-B4B0-8ABED69E4A8B}\MpKsl980ef5c5.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7992C46-4C1C-478D-B4B0-8ABED69E4A8B}\MpKsl980ef5c5.sys [?]
S1 MpKsl99b5f5d3;MpKsl99b5f5d3;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B15A4397-03D4-41C8-801C-212A7B9479CB}\MpKsl99b5f5d3.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B15A4397-03D4-41C8-801C-212A7B9479CB}\MpKsl99b5f5d3.sys [?]
S1 MpKsl9c689ba2;MpKsl9c689ba2;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{922FC15F-30F8-4CCD-899D-0F3C66189234}\MpKsl9c689ba2.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{922FC15F-30F8-4CCD-899D-0F3C66189234}\MpKsl9c689ba2.sys [?]
S1 MpKsl9d0536dd;MpKsl9d0536dd;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ABD2B29E-D3DB-4C34-95EE-2DF4259B0AEC}\MpKsl9d0536dd.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ABD2B29E-D3DB-4C34-95EE-2DF4259B0AEC}\MpKsl9d0536dd.sys [?]
S1 MpKsla2398d3b;MpKsla2398d3b;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{58B0F7F8-ED9E-4432-B853-35F91DDFE287}\MpKsla2398d3b.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{58B0F7F8-ED9E-4432-B853-35F91DDFE287}\MpKsla2398d3b.sys [?]
S1 MpKsla2e079f9;MpKsla2e079f9;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4111A2AA-E421-482A-9B8D-B6B13B8480D5}\MpKsla2e079f9.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4111A2AA-E421-482A-9B8D-B6B13B8480D5}\MpKsla2e079f9.sys [?]
S1 MpKsla8602b56;MpKsla8602b56;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5049D15A-4FF3-4BCE-8CF2-0D96A416E396}\MpKsla8602b56.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5049D15A-4FF3-4BCE-8CF2-0D96A416E396}\MpKsla8602b56.sys [?]
S1 MpKslaff705c6;MpKslaff705c6;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B07C485-27D5-44C0-8BF5-394A79FFBB06}\MpKslaff705c6.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B07C485-27D5-44C0-8BF5-394A79FFBB06}\MpKslaff705c6.sys [?]
S1 MpKslc47396b7;MpKslc47396b7;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{922FC15F-30F8-4CCD-899D-0F3C66189234}\MpKslc47396b7.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{922FC15F-30F8-4CCD-899D-0F3C66189234}\MpKslc47396b7.sys [?]
S1 MpKslc5014e91;MpKslc5014e91;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CC9E0A1-EB51-4849-870A-B025572C6560}\MpKslc5014e91.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CC9E0A1-EB51-4849-870A-B025572C6560}\MpKslc5014e91.sys [?]
S1 MpKslcc809212;MpKslcc809212;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{254D7813-373F-4098-99B8-58F9F08C2582}\MpKslcc809212.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{254D7813-373F-4098-99B8-58F9F08C2582}\MpKslcc809212.sys [?]
S1 MpKsld0836a3e;MpKsld0836a3e;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82679C4F-B280-4053-959A-4B80E6408279}\MpKsld0836a3e.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82679C4F-B280-4053-959A-4B80E6408279}\MpKsld0836a3e.sys [?]
S1 MpKsldb4bb680;MpKsldb4bb680;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{922FC15F-30F8-4CCD-899D-0F3C66189234}\MpKsldb4bb680.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{922FC15F-30F8-4CCD-899D-0F3C66189234}\MpKsldb4bb680.sys [?]
S1 MpKsldd6ad2bc;MpKsldd6ad2bc;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{822BB507-7F9C-42DD-B635-C2127BBD418D}\MpKsldd6ad2bc.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{822BB507-7F9C-42DD-B635-C2127BBD418D}\MpKsldd6ad2bc.sys [?]
S1 MpKslde365b7f;MpKslde365b7f;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE6FD8DE-8B2E-4FF0-8205-F1B512B724EF}\MpKslde365b7f.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE6FD8DE-8B2E-4FF0-8205-F1B512B724EF}\MpKslde365b7f.sys [?]
S1 MpKsle776c0e1;MpKsle776c0e1;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D106BF6D-3F3D-45C1-A188-4C7A4F3CB278}\MpKsle776c0e1.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D106BF6D-3F3D-45C1-A188-4C7A4F3CB278}\MpKsle776c0e1.sys [?]
S1 MpKslf2b6c74b;MpKslf2b6c74b;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23988C84-E5E6-4F4C-9678-C2B902191344}\MpKslf2b6c74b.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23988C84-E5E6-4F4C-9678-C2B902191344}\MpKslf2b6c74b.sys [?]
S1 MpKslf5c7678c;MpKslf5c7678c;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{355202AB-F1FE-4B53-B298-26EBFAA65A8D}\MpKslf5c7678c.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{355202AB-F1FE-4B53-B298-26EBFAA65A8D}\MpKslf5c7678c.sys [?]
S1 MpKslf92b0b1d;MpKslf92b0b1d;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{992FA0BC-97FF-4BCA-8C54-6BF856F18A72}\MpKslf92b0b1d.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{992FA0BC-97FF-4BCA-8C54-6BF856F18A72}\MpKslf92b0b1d.sys [?]
S1 MpKslfc955285;MpKslfc955285;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BE7A442-524C-42FE-BABE-767360CC00B0}\MpKslfc955285.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BE7A442-524C-42FE-BABE-767360CC00B0}\MpKslfc955285.sys [?]
S1 MpKslfdc3440a;MpKslfdc3440a;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35A5C2E0-A3F9-4622-B317-638278419290}\MpKslfdc3440a.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35A5C2E0-A3F9-4622-B317-638278419290}\MpKslfdc3440a.sys [?]
S1 MpKslfe3fbeec;MpKslfe3fbeec;\??\c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F53B119-A7A0-4026-9F79-2404228C7234}\MpKslfe3fbeec.sys --> c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F53B119-A7A0-4026-9F79-2404228C7234}\MpKslfe3fbeec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows.0\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows.0\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows.0\Tasks\OGALogon.job
- c:\windows.0\system32\OGAEXEC.exe [2009-08-03 20:07]
.
2012-02-24 c:\windows.0\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 21:31]
.
2012-02-24 c:\windows.0\Tasks\User_Feed_Synchronization-{20B22692-3F99-4592-BE78-B3977C585105}.job
- c:\windows.0\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.link180.com
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\SpecialSavings\SpecialSavingsSinged.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{032F2D4A-5753-4F90-B7C7-006E8839B0D8} - (no file)
BHO-{114255C0-FEC9-4F55-80A8-13A297628EBc} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-24 12:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(436)
c:\windows.0\system32\WININET.dll
c:\windows.0\system32\ieframe.dll
c:\windows.0\system32\webcheck.dll
c:\windows.0\system32\WPDShServiceObj.dll
c:\windows.0\system32\setocbot.dll
c:\windows.0\system32\logulico.dll
c:\windows.0\system32\PortableDeviceTypes.dll
c:\windows.0\system32\PortableDeviceApi.dll
c:\windows.0\system32\dllixobj\avifeng\camewcon.dll
.
Completion time: 2012-02-24 12:48:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-24 17:48
ComboFix2.txt 2012-02-18 20:00
.
Pre-Run: 164,316,065,792 bytes free
Post-Run: 164,292,358,144 bytes free
.
- - End Of File - - AF7846922AB3652FE956F1AF194805AC
Click to expand...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:05:54 PM, on 2/24/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Documents and Settings\Emma Duffy\Desktop\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O21 - SSODL: Olecaime - {0869C952-2C3E-4E3B-A513-E9BD92ADE0E8} - C:\WINDOWS.0\system32\setocbot.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll

--
End of file - 2785 bytes
Click to expand...


I am not sure what else to do, It still gets navigation failed. in IE
 
I'm not a programmer, so I can't "read" the above... Out of curiosity, have you eliminated the possibility that the network adapter has gone wonky?
 
Adware - did he sign up for this?
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\SpecialSavings\SpecialSavingsSinged.dll

I also see several Browser Helper Objects attached to IE (link180, ask.com, etc. -- have you tried disabling all of these in IE?
 
corkyg said:
Uninstall IE and try Chrome or Firefox.
Click to expand...
IE is a core system component, so it can't be uninstalled. The best you can do is remove a later version that reverts the machine to IE6, and this can potentially wreak havoc on BHOs.

Besides, as OP stated, he's already failing with Firefox.

Historically, many BHOs are poorly coded. I would begin by uninstalling them.

Using something similar to OpenDNS or Google DNS? If configuration was changed or something, this could be the culprit.

Also, check the HOSTS file, it might be screwed up.

ShellServiceObjectDelayLoad is utilized by some malware, and google returns nothing on setocbot.dll (except for this thread), so that's suspicious to me...could be a randomly generated filename.

Also, Windows Messenger is still running in the background...almost nobody uses it anymore, and as it loads in the background it adds to boot time. I'd launch the UI, go to Options and find the checkbox that enables it to run in the background and uncheck it.

Unless he often uses Acrobat, reader_sl.exe is another thing worthy of disabling at boot.

I also noticed that this is a secondary OS installation...what other OS is installed? It might be worth it to backup files and rebuild from the ground up.
 
Slugbait said:
IE is a core system component, so it can't be uninstalled. The best you can do is remove a later version that reverts the machine to IE6, and this can potentially wreak havoc on BHOs.

Besides, as OP stated, he's already failing with Firefox.

Historically, many BHOs are poorly coded. I would begin by uninstalling them.

Using something similar to OpenDNS or Google DNS? If configuration was changed or something, this could be the culprit.

Also, check the HOSTS file, it might be screwed up.

ShellServiceObjectDelayLoad is utilized by some malware, and google returns nothing on setocbot.dll (except for this thread), so that's suspicious to me...could be a randomly generated filename.

Also, Windows Messenger is still running in the background...almost nobody uses it anymore, and as it loads in the background it adds to boot time. I'd launch the UI, go to Options and find the checkbox that enables it to run in the background and uncheck it.

Unless he often uses Acrobat, reader_sl.exe is another thing worthy of disabling at boot.

I also noticed that this is a secondary OS installation...what other OS is installed? It might be worth it to backup files and rebuild from the ground up.
Click to expand...

Thanks for the tips,

I ended up installing Avira Free and running a scan, it took 29 hours, yep 29. It found 25 different infections and took care of them, I deleted some of the other crap and installed Chrome.

All is well now.btw MSE was installed before, no idea why it did not catch any of this.
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

Back
Top