Jump to content

Malwarebytes

Infections I haven't been able to remove

- - - - -
Started by Gunslinger, Mar 02 2012 08:57 PM


68 replies to this topic

#61
Gunslinger
Posted 31 March 2012 - 10:35 PM

    New Member

  • Members
  • Pip
  • 42 posts
I'm pretty sure that was in Normal Mode. Here is another scan.

It does give me a pop up saying: Current date is 3/31/12. ComboFix is expired. Click Yes to run ComboFix in reduced functionality. To which I have been clicking Yes. Is that goofing it up?

ComboFix 12-03-22.01 - Owner 03/31/2012 20:07:44.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1167 [GMT -7:00]
Running from: G:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 03:10 . 2012-04-01 03:14 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-04-01 03:10 . 2012-04-01 03:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-30 18:05 . 2012-03-30 18:05 -------- d-----w- C:\found.000
2012-03-24 00:04 . 2012-03-24 00:05 -------- d-----w- C:\FRST
2012-03-14 04:38 . 2012-03-23 23:16 -------- d-----w- C:\ieexplore
2012-03-13 18:22 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 18:22 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 18:22 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 18:22 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 18:22 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 18:22 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 18:22 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-13 04:10 . 2012-03-13 04:10 -------- d--h--w- c:\windows\PIF
2012-03-07 21:52 . 2012-03-07 21:52 2923248 ----a-w- c:\users\Owner\WindowsXP-KB914882-x86-ENU.exe
2012-03-06 01:52 . 2012-03-06 01:51 389024 ----a-w- c:\windows\unhide.exe
2012-03-06 00:04 . 2012-03-06 00:03 607260 ------r- c:\program files\dds.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2012-03-30 08:56 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08A38AB7-683E-4431-8949-5A07316E09DE}\mpengine.dll
2012-03-13 18:50 . 2011-05-17 08:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 16:18 . 2010-01-31 09:43 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-02 15:16 . 2012-03-13 18:22 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 15:54 . 2012-03-13 18:22 613376 ----a-w- c:\windows\system32\rdpencom.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-01 2295080]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-19 296056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2007-9-19 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
U81xbus
hpdskflt
LwUsbHid
mi-raysat_3dsMax2008_32
cpqdmi
sdcoreservice
WaveFDE
btwavdt
usbio
abiosdsk
update
roxmediadb
forcewarewebinterface
db2ntsecserver
houdinilicenseserver
ypcservice
cdudf_xp
symmpi
mqdmbus
Wtcls2k
netcfgsvr
NetTcpActivator
bwmservice
CDRPDACC
tosrfusb
w810bus
mail2ec
alerter
lxcf_device
acmservice
Spsmqvsm
dmprimer
WcesComm
pcx1unic
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\Autorun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bab5aa97-8580-11df-8545-001a73ca750c}]
\shell\AutoRun\command - F:\VZAccess_Manager.exe /z detect
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5db9a4c-1513-11e0-9571-001a73ca750c}]
\shell\AutoRun\command - F:\VZAccess_Manager.exe /z detect
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5db9a52-1513-11e0-9571-001a73ca750c}]
\shell\AutoRun\command - G:\VZAccess_Manager.exe /z detect
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-04 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-31 20:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}"=hex:51,66,7a,6c,4c,1d,38,12,1d,2b,6f,
36,3f,a7,59,09,d5,8b,53,ec,9e,f5,e0,78
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}"=hex:51,66,7a,6c,4c,1d,38,12,70,56,ea,
6c,23,4a,8a,0d,e5,b9,08,84,2f,34,02,aa
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{03C1C47F-0538-4645-8372-D3109B9FC636}"=hex:51,66,7a,6c,4c,1d,38,12,11,c7,d2,
07,0a,4b,2b,03,fc,64,90,50,9e,c1,82,22
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:da,fd,33,c1,1e,bc,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,6a,24,96,a5,f9,aa,47,8b,65,f0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,6a,24,96,a5,f9,aa,47,8b,65,f0,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1372)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\system32\locator.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-03-31 20:21:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-01 03:21
ComboFix2.txt 2012-03-28 07:50
ComboFix3.txt 2012-03-16 07:39
ComboFix4.txt 2012-03-15 22:41
.
Pre-Run: 99,912,736,768 bytes free
Post-Run: 99,685,531,648 bytes free
.
- - End Of File - - 95E78696F421A8CA2C5DB071A099FD4D

#62
LDTate
Posted 01 April 2012 - 05:58 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,091 posts
  • Gender:Male
  • Location:Missouri, USA
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#63
LDTate
Posted 01 April 2012 - 06:22 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,091 posts
  • Gender:Male
  • Location:Missouri, USA
Also run a new OTL scan if you can.
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#64
Gunslinger
Posted 03 April 2012 - 01:55 AM

    New Member

  • Members
  • Pip
  • 42 posts
Farbar:

Farbar Service Scanner Version: 01-03-2012
Ran by Owner (administrator) on 02-04-2012 at 23:53:43
Running from "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1234GB6D"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-27 02:57] - [2011-09-20 14:02] - 0913280 ____A (Microsoft Corporation)
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#65
Gunslinger
Posted 03 April 2012 - 02:04 AM

    New Member

  • Members
  • Pip
  • 42 posts
OTL:

OTL logfile created on: 4/2/2012 11:56:04 PM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = G:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 54.44% Memory free
4.11 Gb Paging File | 2.96 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 91.76 Gb Free Space | 65.25% Space Free | Partition Type: NTFS
Drive D: | 7.36 Gb Total Space | 0.74 Gb Free Space | 10.00% Space Free | Partition Type: NTFS
Drive F: | 1.07 Gb Total Space | 1.04 Gb Free Space | 96.98% Space Free | Partition Type: NTFS
Drive G: | 3.80 Gb Total Space | 3.79 Gb Free Space | 99.76% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - G:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe (ScanSoft, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()


========== Win32 Services (SafeList) ==========

SRV - (ypcservice) -- %systemroot%\system32\mrvw245.dll File not found
SRV - (Wtcls2k) -- %systemroot%\system32\cpqrcmc.dll File not found
SRV - (WcesComm) -- %systemroot%\system32\iam.dll File not found
SRV - (WaveFDE) -- %systemroot%\system32\pdlnemap.dll File not found
SRV - (w810bus) -- %systemroot%\system32\sthda.dll File not found
SRV - (usbio) -- %systemroot%\system32\WUSB54Gv4SVC.dll File not found
SRV - (update) -- %systemroot%\system32\RadProbe.dll File not found
SRV - (U81xbus) -- %systemroot%\system32\vsapint.dll File not found
SRV - (tosrfusb) -- %systemroot%\system32\pdlndqll.dll File not found
SRV - (symmpi) -- %systemroot%\system32\mcredirector.dll File not found
SRV - (Spsmqvsm) -- %systemroot%\system32\PAC7302.dll File not found
SRV - (sdcoreservice) -- %systemroot%\system32\areschatserver.dll File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (roxmediadb) -- %systemroot%\system32\flpydisk.dll File not found
SRV - (pcx1unic) -- %systemroot%\system32\Nmea.dll File not found
SRV - (NetTcpActivator) -- \.\globalroot\C:\Windows\system32\svchost.exe File not found
SRV - (netcfgsvr) -- \.\globalroot\C:\Windows\system32\svchost.exe File not found
SRV - (mqdmbus) -- %systemroot%\system32\nv4.dll File not found
SRV - (mi-raysat_3dsMax2008_32) -- %systemroot%\system32\mi-raysat_3dsmax8.dll File not found
SRV - (mail2ec) -- %systemroot%\system32\bb-run.dll File not found
SRV - (lxcf_device) -- %systemroot%\system32\netrcacm.dll File not found
SRV - (LwUsbHid) -- %systemroot%\system32\vhidmini.dll File not found
SRV - (hpdskflt) -- %systemroot%\system32\basic2.dll File not found
SRV - (houdinilicenseserver) -- \.\globalroot\C:\Windows\system32\svchost.exe File not found
SRV - (forcewarewebinterface) -- %systemroot%\system32\TPPWRIF.dll File not found
SRV - (dmprimer) -- %systemroot%\system32\FreeTdi.dll File not found
SRV - (db2ntsecserver) -- %systemroot%\system32\lxbu_device.dll File not found
SRV - (cpqdmi) -- %systemroot%\system32\avgio.dll File not found
SRV - (cdudf_xp) -- %systemroot%\system32\radclock.dll File not found
SRV - (CDRPDACC) -- %systemroot%\system32\SlNtHal.dll File not found
SRV - (bwmservice) -- %systemroot%\system32\hclinetd.dll File not found
SRV - (btwavdt) -- %systemroot%\system32\se58mdm.dll File not found
SRV - (acmservice) -- %systemroot%\system32\DellAMBrokerService.dll File not found
SRV - (abiosdsk) -- %systemroot%\system32\diskperf.dll File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (pgjpxip) -- System32\drivers\wucwo.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (nirt) -- System32\drivers\voctbbry.sys File not found
DRV - (MpKslfeeef98d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F814F7FC-9794-40B4-82B5-31C885B0CFE4}\MpKslfeeef98d.sys File not found
DRV - (MpKslcfdd02b5) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63944471-EB60-4FC0-B4DF-C82C4BB7CD18}\MpKslcfdd02b5.sys File not found
DRV - (MpKsl87a4b570) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63944471-EB60-4FC0-B4DF-C82C4BB7CD18}\MpKsl87a4b570.sys File not found
DRV - (MpKsl7822d4ae) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4A683FD5-BF58-43C0-9297-A737121C30AF}\MpKsl7822d4ae.sys File not found
DRV - (MpKsl60112352) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2ABA641D-25A7-4764-89C7-381D2C4D11B8}\MpKsl60112352.sys File not found
DRV - (MpKsl5699652f) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5489BF18-738E-4984-84E6-4905A03FB040}\MpKsl5699652f.sys File not found
DRV - (MpKsl3aff7631) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50D9AB1C-A2F8-4E13-9C73-29450A54A765}\MpKsl3aff7631.sys File not found
DRV - (MpKsl0cba7c5d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8285B75C-890B-4747-8165-26CF0DFF5395}\MpKsl0cba7c5d.sys File not found
DRV - (MpKsl0b5bfdbb) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{077FF1BE-D17E-421B-9CEC-F748555BE244}\MpKsl0b5bfdbb.sys File not found
DRV - (MpKsl0aef8e47) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D179CC0-5036-43F4-B9AC-2EEEAE774FD9}\MpKsl0aef8e47.sys File not found
DRV - (MpKsl06f78e51) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50D9AB1C-A2F8-4E13-9C73-29450A54A765}\MpKsl06f78e51.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (garee) -- System32\drivers\uamddits.sys File not found
DRV - (eslvbdj) -- System32\drivers\jucfh.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Company)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmeaext) -- C:\Windows\System32\drivers\ZTEusbnmeaext.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (ZTEusbgps) -- C:\Windows\System32\drivers\ZTEusbgps.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (MBB Incorporated)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NWUSBCDFIL) -- C:\Windows\System32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\Windows\System32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (WinPhlash) -- C:\SwSetup\SP42853\SWinFlash\PhlashNT.sys ()
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {8E8176CF-3C72-4F29-B0AF-5E670D763FBD}
IE - HKLM\..\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{8E8176CF-3C72-4F29-B0AF-5E670D763FBD}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{E4A7BA5D-1FCA-4261-85CA-307FC5471A6D}: "URL" = http://search.live.c...#38;FORM=HVDUS7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1051714609-433273425-4273803940-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1051714609-433273425-4273803940-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1051714609-433273425-4273803940-1000\..\SearchScopes,DefaultScope = {8E8176CF-3C72-4F29-B0AF-5E670D763FBD}
IE - HKU\S-1-5-21-1051714609-433273425-4273803940-1000\..\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1051714609-433273425-4273803940-1000\..\SearchScopes\{8E8176CF-3C72-4F29-B0AF-5E670D763FBD}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKU\S-1-5-21-1051714609-433273425-4273803940-1000\..\SearchScopes\{E4A7BA5D-1FCA-4261-85CA-307FC5471A6D}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKU\S-1-5-21-1051714609-433273425-4273803940-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/19 09:28:06 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/03/31 20:12:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OPSE reminder] C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1051714609-433273425-4273803940-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1051714609-433273425-4273803940-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1051714609-433273425-4273803940-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1051714609-433273425-4273803940-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C4C231C-BD71-4AC7-A165-5023550969D3}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 04:08:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{bab5aa97-8580-11df-8545-001a73ca750c}\Shell - "" = AutoRun
O33 - MountPoints2\{bab5aa97-8580-11df-8545-001a73ca750c}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{c5db9a4c-1513-11e0-9571-001a73ca750c}\Shell - "" = AutoRun
O33 - MountPoints2\{c5db9a4c-1513-11e0-9571-001a73ca750c}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{c5db9a52-1513-11e0-9571-001a73ca750c}\Shell - "" = AutoRun
O33 - MountPoints2\{c5db9a52-1513-11e0-9571-001a73ca750c}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 20:21:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/31 20:21:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/03/31 20:13:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/31 20:05:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/30 11:05:52 | 000,000,000 | ---D | C] -- C:\found.000
[2012/03/23 17:04:33 | 000,000,000 | ---D | C] -- C:\FRST
[2012/03/13 21:38:19 | 000,000,000 | ---D | C] -- C:\ieexplore
[2012/03/13 11:22:34 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/13 11:22:33 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/13 11:22:32 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/13 11:22:32 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/13 11:22:31 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/13 11:22:31 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/13 11:22:31 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/12 21:10:39 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/03/08 00:29:58 | 004,443,082 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/03/08 00:08:12 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2012/03/07 14:52:05 | 002,923,248 | ---- | C] (Microsoft Corporation) -- C:\Users\Owner\WindowsXP-KB914882-x86-ENU.exe
[2012/03/06 20:02:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/06 20:02:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/06 20:02:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/06 20:01:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/06 17:18:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/05 18:52:57 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Windows\unhide.exe
[2012/03/05 17:04:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Program Files\dds.scr
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/02 23:53:02 | 000,631,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/02 23:53:02 | 000,114,930 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/02 23:37:17 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/04/02 23:35:37 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 23:35:37 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 23:35:34 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/04/02 23:35:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/01 19:28:16 | 022,360,147 | ---- | M] () -- C:\Users\Owner\Desktop\He-Shall-Have-Dominion-FREE-eBook.pdf
[2012/04/01 14:52:09 | 000,000,938 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/04/01 14:52:03 | 000,002,633 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Outlook 2003.lnk
[2012/03/31 20:44:39 | 000,002,229 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/31 20:12:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/23 15:41:09 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2012/03/23 15:41:07 | 000,003,121 | ---- | M] () -- C:\Windows\System32\responseBody.xml
[2012/03/23 15:41:07 | 000,002,253 | ---- | M] () -- C:\Windows\System32\requestBody.xml
[2012/03/23 15:41:07 | 000,000,881 | ---- | M] () -- C:\Windows\System32\request.gzip
[2012/03/23 13:03:12 | 004,443,082 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/03/23 01:04:25 | 000,000,035 | ---- | M] () -- C:\Users\Owner\Desktop\Bookmark
[2012/03/21 19:51:00 | 000,199,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/19 17:58:43 | 000,089,448 | ---- | M] () -- C:\Users\Owner\Desktop\DiskMgmt screen shot.png
[2012/03/15 18:10:41 | 000,007,620 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2012/03/15 10:48:02 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/03/14 17:36:18 | 000,026,785 | ---- | M] () -- C:\logfile
[2012/03/13 11:50:08 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/13 11:42:52 | 000,441,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/13 11:28:26 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/03/12 23:42:59 | 000,000,112 | ---- | M] () -- C:\ProgramData\1VjM2R.dat
[2012/03/12 03:38:38 | 000,000,001 | ---- | M] () -- C:\ProgramData\2jFf5J64.exe_.b
[2012/03/12 03:38:38 | 000,000,001 | ---- | M] () -- C:\ProgramData\2jFf5J64.exe.b
[2012/03/11 20:36:03 | 000,000,667 | ---- | M] () -- C:\Windows\winpoint.ini
[2012/03/08 22:17:52 | 000,000,809 | ---- | M] () -- C:\Users\Owner\Documents\15.gif
[2012/03/08 00:08:04 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2012/03/07 14:52:18 | 002,923,248 | ---- | M] (Microsoft Corporation) -- C:\Users\Owner\WindowsXP-KB914882-x86-ENU.exe
[2012/03/06 17:03:00 | 000,000,456 | ---- | M] () -- C:\ProgramData\JGLCtmoyv2sFma
[2012/03/06 17:02:40 | 000,000,288 | ---- | M] () -- C:\ProgramData\~JGLCtmoyv2sFma
[2012/03/06 17:02:40 | 000,000,200 | ---- | M] () -- C:\ProgramData\~JGLCtmoyv2sFmar
[2012/03/05 18:51:47 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Windows\unhide.exe
[2012/03/05 17:03:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Program Files\dds.scr
[2012/03/04 18:18:27 | 000,000,629 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/01 19:28:16 | 022,360,147 | ---- | C] () -- C:\Users\Owner\Desktop\He-Shall-Have-Dominion-FREE-eBook.pdf
[2012/03/23 01:04:47 | 000,000,035 | ---- | C] () -- C:\Users\Owner\Desktop\Bookmark
[2012/03/19 17:58:43 | 000,089,448 | ---- | C] () -- C:\Users\Owner\Desktop\DiskMgmt screen shot.png
[2012/03/13 11:28:26 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/03/12 03:38:38 | 000,000,001 | ---- | C] () -- C:\ProgramData\2jFf5J64.exe_.b
[2012/03/12 03:38:38 | 000,000,001 | ---- | C] () -- C:\ProgramData\2jFf5J64.exe.b
[2012/03/08 22:17:35 | 000,000,809 | ---- | C] () -- C:\Users\Owner\Documents\15.gif
[2012/03/06 20:02:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/06 20:02:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/06 20:02:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/06 20:02:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/06 18:03:55 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/03/06 18:03:55 | 000,000,659 | ---- | C] () -- C:\Users\Public\Desktop\Manual CanoScan LiDE 60.lnk
[2012/03/05 19:58:06 | 000,001,568 | ---- | C] () -- C:\Users\Public\Desktop\PowerChurch Plus Version 10.lnk
[2012/03/05 19:58:06 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2012/03/05 19:58:06 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/03/05 19:58:05 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\iP1700 On-screen Manual.lnk
[2012/03/05 19:58:05 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Kodak EasyShare.lnk
[2012/03/05 19:58:05 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\HP Help and Support.lnk
[2012/03/05 19:58:05 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/03/05 19:58:05 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\Movie Magic Screenwriter.lnk
[2012/03/05 19:58:05 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/03/05 19:58:05 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2012/03/05 19:58:05 | 000,001,737 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/03/05 19:58:05 | 000,001,400 | ---- | C] () -- C:\Users\Public\Desktop\Point.lnk
[2012/03/05 19:58:05 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/03/05 19:58:05 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/03/05 19:58:05 | 000,001,079 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/05 19:58:05 | 000,000,963 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\EasyWorship 2007.lnk
[2012/03/05 19:58:05 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Easy-PhotoPrint.lnk
[2012/03/05 19:58:05 | 000,000,938 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/05 19:58:05 | 000,000,938 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/03/05 19:58:05 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Canon iP1700 User Registration.LNK
[2012/03/05 19:58:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\My Printer.lnk
[2012/03/05 19:58:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/03/05 19:58:05 | 000,000,777 | ---- | C] () -- C:\Users\Public\Desktop\CanoScan Toolbox 4.9.lnk
[2012/03/05 19:58:05 | 000,000,258 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/05 19:58:05 | 000,000,240 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/05 19:58:05 | 000,000,162 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\The Mary Miracle Part II.url
[2012/03/05 19:58:05 | 000,000,104 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\The Internet - Shortcut.lnk
[2012/03/05 19:58:04 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2012/03/05 19:58:04 | 000,001,764 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012/03/05 19:58:04 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2012/03/05 19:58:04 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZAccess Manager.lnk
[2012/03/05 19:58:03 | 000,001,769 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPlay Manager.lnk
[2012/03/05 19:58:03 | 000,001,728 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPlay.lnk
[2012/03/05 19:58:01 | 000,001,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/03/05 19:58:00 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2012/03/05 19:58:00 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/05 19:57:56 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/05 19:57:55 | 000,002,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Home movies made easy!.lnk
[2012/03/05 19:57:53 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2012/03/05 19:57:53 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/03/05 16:19:29 | 000,000,200 | ---- | C] () -- C:\ProgramData\~JGLCtmoyv2sFmar
[2012/03/05 16:19:28 | 000,000,288 | ---- | C] () -- C:\ProgramData\~JGLCtmoyv2sFma
[2012/03/04 20:14:01 | 000,000,629 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/04 18:18:21 | 000,000,456 | ---- | C] () -- C:\ProgramData\JGLCtmoyv2sFma
[2012/02/20 15:06:01 | 000,000,058 | ---- | C] () -- C:\Windows\mchguid.ini
[2012/01/29 19:26:19 | 000,000,027 | ---- | C] () -- C:\Windows\SmAudio.INI
[2011/12/26 23:36:04 | 000,011,188 | -HS- | C] () -- C:\Users\Owner\AppData\Local\m5klyyaimx332xcj
[2011/12/26 23:36:04 | 000,011,188 | -HS- | C] () -- C:\ProgramData\m5klyyaimx332xcj
[2011/12/26 20:06:28 | 000,010,742 | -HS- | C] () -- C:\Users\Owner\AppData\Local\33tc3173v44sqee43uclq23c54s20c2j
[2011/12/26 20:06:28 | 000,010,742 | -HS- | C] () -- C:\ProgramData\33tc3173v44sqee43uclq23c54s20c2j
[2011/12/16 08:50:54 | 000,000,112 | ---- | C] () -- C:\ProgramData\1VjM2R.dat
[2011/12/14 01:24:54 | 000,012,836 | -HS- | C] () -- C:\Users\Owner\AppData\Local\502843u1s876d065e433s4int3x4
[2011/12/14 01:24:54 | 000,012,836 | -HS- | C] () -- C:\ProgramData\502843u1s876d065e433s4int3x4
[2011/12/13 05:13:29 | 000,000,290 | ---- | C] () -- C:\Windows\wininit.ini
[2011/09/15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/04/21 15:04:19 | 000,000,160 | ---- | C] () -- C:\ProgramData\~43900680
[2011/04/21 15:04:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~43900680r
[2011/04/21 15:04:10 | 000,000,392 | ---- | C] () -- C:\ProgramData\43900680
[2011/01/23 22:33:24 | 000,033,236 | ---- | C] () -- C:\Windows\System32\uninst_KOAIR.exe
[2011/01/15 14:28:01 | 000,000,532 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/12/30 19:35:02 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2010/12/30 19:34:52 | 000,003,679 | ---- | C] () -- C:\Windows\GrAddrBk.ini
[2010/12/30 19:34:52 | 000,000,995 | ---- | C] () -- C:\Windows\GRACE.INI
[2010/12/30 19:34:52 | 000,000,053 | ---- | C] () -- C:\Windows\PRSRVDLL.INI
[2010/12/30 19:34:50 | 000,010,875 | ---- | C] () -- C:\Windows\ESOA.INI
[2010/12/30 19:33:27 | 000,000,667 | ---- | C] () -- C:\Windows\winpoint.ini
[2010/10/16 22:51:24 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/28 11:07:16 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
< End of report >

#66
LDTate
Posted 03 April 2012 - 06:18 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,091 posts
  • Gender:Male
  • Location:Missouri, USA
How's it running now?
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#67
Gunslinger
Posted 04 April 2012 - 10:01 PM

    New Member

  • Members
  • Pip
  • 42 posts
It's running sweet, LD, you rock! The step that finally re-enabled my firewall made a world of difference, keeping all the parasites from returning.

Many things got re-set and/or changed along the way, including the background color of my desktop, but I assume I should not be concerned, that some things went to different default settings and such?

The only major item that is still messed up is MS Essentials, which will not function - as well as not allowing me to uninstall it (it says I need some filter file and sends me off for an XP file even though my system is Vista). Is this simply something I'm going to have to work out on the Microsoft web site?

#68
LDTate
Posted 05 April 2012 - 07:20 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,091 posts
  • Gender:Male
  • Location:Missouri, USA
Go here and you'll find MSE listed.
See if that will remove it so you can re-install it.
http://www.appremove...ed-applications
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#69
LDTate
Posted 10 April 2012 - 07:22 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,091 posts
  • Gender:Male
  • Location:Missouri, USA
Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us