Sign In
Create Account- Malwarebytes Forum
- Viewing Profile: Striker911
Striker911
Find contentCommunity Stats
- Group Members
- Active Posts 21 (0.06 per day)
- Most Active In Resolved HijackThis Logs (13 posts)
- Profile Views 653
- Member Title New Member
- Age 32 years old
- Birthday July 13, 1980
-
Gender
Male
-
Location
Mountain Home, AR USA
Contact Information
User Tools
Display name historyLatest Visitors
No latest visitors to show
In Topic: Wont Let Me Upload Or Update. Computer Has STD : (
25 June 2012 - 02:21 PM
Aww. No windows CD. After I built my computer, I took it to a computer shop to get the programing done. I live 5 hours away now.
In Topic: Wont Let Me Upload Or Update. Computer Has STD : (
25 June 2012 - 01:16 PM
I do but I dont know whats next. The run command fix did not work. I tried the AVG tool that wanted to fix 3,000 errors and it only fixed half of them. I am stuck and just dont know what to do at this point.
In Topic: Wont Let Me Upload Or Update. Computer Has STD : (
21 June 2012 - 07:01 PM
Its faster but somethings are still not working. I disabled most all the Apps on firefox and now they are all running. Never turned them back on but they are all on.
The download page is still blank after something is downloaded. Cant click it to "run". Sounds like i have some registry errors after the fact.
The download page is still blank after something is downloaded. Cant click it to "run". Sounds like i have some registry errors after the fact.
In Topic: Wont Let Me Upload Or Update. Computer Has STD : (
21 June 2012 - 05:27 PM
I think I got a steal on my thumb drive. $9.88 for a 8gb scandisk. I was able to dl combofix and it did its updates and scan. Here is the report.
ComboFix 12-06-21.02 - Owner 06/21/2012 16:24:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2205 [GMT -5:00]
Running from: G:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\84udjxyy.default\searchplugins\bing-zugo.xml
c:\documents and settings\Owner\WINDOWS
c:\program files\Internet Explorer\SETC7.tmp
c:\program files\Internet Explorer\SETC8.tmp
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\jestertb.dll
c:\windows\system32\avisynth.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\05db629bdde6a6b6.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3a4d6d49ec2bbd36.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5a7267a69acc6712.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\671783e106894d3c.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\8acd07389880188f.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\devil.dll
c:\windows\system32\SET4EC.tmp
c:\windows\system32\SET4F0.tmp
c:\windows\system32\SET4F1.tmp
c:\windows\system32\SET4F8.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD2.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\SETD4.tmp
c:\windows\system32\SETD5.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETD9.tmp
c:\windows\system32\SETDA.tmp
c:\windows\system32\SETDB.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETDF.tmp
c:\windows\system32\SETE0.tmp
c:\windows\system32\SETE1.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETE3.tmp
c:\windows\system32\SETE4.tmp
c:\windows\system32\SETE5.tmp
c:\windows\system32\SETE6.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETE8.tmp
c:\windows\system32\SETE9.tmp
c:\windows\system32\SETEA.tmp
c:\windows\system32\SETEB.tmp
c:\windows\system32\SETEC.tmp
c:\windows\system32\SETED.tmp
c:\windows\system32\SETEE.tmp
c:\windows\system32\SETEF.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\SETF1.tmp
c:\windows\system32\SETF2.tmp
c:\windows\system32\SETF3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 10:56 . 2012-06-21 10:56 -------- d-----w- c:\windows\LastGood
2012-06-19 22:34 . 2012-06-19 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-19 22:34 . 2012-06-19 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-19 22:34 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 21:31 . 2012-06-19 21:31 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-06-19 21:31 . 2012-06-19 21:31 -------- d-----w- c:\program files\HitmanPro
2012-06-19 21:30 . 2012-06-19 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-06-19 20:13 . 2012-06-19 20:13 -------- d-----w- c:\documents and settings\Administrator
2012-06-13 23:45 . 2012-06-13 23:45 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-13 16:35 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 08:47 . 2012-06-12 08:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-06-06 18:11 . 2012-06-06 18:11 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-06 18:11 . 2012-06-06 18:11 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 23:45 . 2012-04-05 03:19 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 23:45 . 2011-05-30 23:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 20:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-12-03 06:50 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-12-03 06:50 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2009-12-03 06:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-12-03 06:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-12-03 06:50 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-12-03 06:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2009-12-05 17:35 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2009-12-05 17:35 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18 . 2009-12-05 17:35 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ------w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 17:26 . 2009-05-22 02:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-12 17:26 . 2009-05-22 00:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-12-03 06:48 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-16 19:35 . 2011-03-24 14:07 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 08:47 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2009-02-14 5634560]
"ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2011-03-16 293392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-12 296056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 1:13 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 11:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 11:44 AM 74480]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/13/2011 5:39 PM 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/19/2012 5:34 PM 654408]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [6/12/2012 3:47 AM 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 12:30 PM 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 12:30 PM 10448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/19/2012 5:34 PM 22344]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 11:44 AM 7408]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 10:19 PM 257696]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [6/19/2012 4:31 PM 27424]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 2:00 PM 113120]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\drivers\SWUSBFLT.SYS [12/22/2009 7:39 PM 3968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:45]
.
2012-06-17 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-05 23:29]
.
2012-06-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-1409082233-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]
.
2012-06-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-1409082233-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\Superfish\Window Shopper\SuperfishIEAddon.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\84udjxyy.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1b577661-d4bf-43e8-89bf-ed26edf098fa%7D&mid=39f2aa3e2573e9131b881e97531e8a2a-5e74b46db955cce663847f1f854a63d5128a3926&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-05-11%2019%3A46%3A51&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-21 16:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-06-21 16:28:46
ComboFix-quarantined-files.txt 2012-06-21 21:28
.
Pre-Run: 133,475,987,456 bytes free
Post-Run: 133,691,707,392 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - AF1EE25A98E3535574A344C99DBC00DA
ComboFix 12-06-21.02 - Owner 06/21/2012 16:24:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2205 [GMT -5:00]
Running from: G:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\84udjxyy.default\searchplugins\bing-zugo.xml
c:\documents and settings\Owner\WINDOWS
c:\program files\Internet Explorer\SETC7.tmp
c:\program files\Internet Explorer\SETC8.tmp
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\jestertb.dll
c:\windows\system32\avisynth.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\05db629bdde6a6b6.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3a4d6d49ec2bbd36.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5a7267a69acc6712.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\671783e106894d3c.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\8acd07389880188f.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\devil.dll
c:\windows\system32\SET4EC.tmp
c:\windows\system32\SET4F0.tmp
c:\windows\system32\SET4F1.tmp
c:\windows\system32\SET4F8.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD2.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\SETD4.tmp
c:\windows\system32\SETD5.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETD9.tmp
c:\windows\system32\SETDA.tmp
c:\windows\system32\SETDB.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETDF.tmp
c:\windows\system32\SETE0.tmp
c:\windows\system32\SETE1.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETE3.tmp
c:\windows\system32\SETE4.tmp
c:\windows\system32\SETE5.tmp
c:\windows\system32\SETE6.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETE8.tmp
c:\windows\system32\SETE9.tmp
c:\windows\system32\SETEA.tmp
c:\windows\system32\SETEB.tmp
c:\windows\system32\SETEC.tmp
c:\windows\system32\SETED.tmp
c:\windows\system32\SETEE.tmp
c:\windows\system32\SETEF.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\SETF1.tmp
c:\windows\system32\SETF2.tmp
c:\windows\system32\SETF3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 10:56 . 2012-06-21 10:56 -------- d-----w- c:\windows\LastGood
2012-06-19 22:34 . 2012-06-19 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-19 22:34 . 2012-06-19 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-19 22:34 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 21:31 . 2012-06-19 21:31 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-06-19 21:31 . 2012-06-19 21:31 -------- d-----w- c:\program files\HitmanPro
2012-06-19 21:30 . 2012-06-19 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-06-19 20:13 . 2012-06-19 20:13 -------- d-----w- c:\documents and settings\Administrator
2012-06-13 23:45 . 2012-06-13 23:45 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-13 16:35 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 08:47 . 2012-06-12 08:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-06-06 18:11 . 2012-06-06 18:11 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-06 18:11 . 2012-06-06 18:11 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 23:45 . 2012-04-05 03:19 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 23:45 . 2011-05-30 23:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 20:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-12-03 06:50 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-12-03 06:50 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2009-12-03 06:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-12-03 06:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-12-03 06:50 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-12-03 06:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2009-12-05 17:35 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2009-12-05 17:35 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18 . 2009-12-05 17:35 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ------w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 17:26 . 2009-05-22 02:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-12 17:26 . 2009-05-22 00:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-12-03 06:48 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-16 19:35 . 2011-03-24 14:07 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 08:47 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2009-02-14 5634560]
"ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2011-03-16 293392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-12 296056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 1:13 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 11:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 11:44 AM 74480]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/13/2011 5:39 PM 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/19/2012 5:34 PM 654408]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [6/12/2012 3:47 AM 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 12:30 PM 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 12:30 PM 10448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/19/2012 5:34 PM 22344]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 11:44 AM 7408]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 10:19 PM 257696]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [6/19/2012 4:31 PM 27424]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 2:00 PM 113120]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\drivers\SWUSBFLT.SYS [12/22/2009 7:39 PM 3968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:45]
.
2012-06-17 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-05 23:29]
.
2012-06-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-1409082233-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]
.
2012-06-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-1409082233-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\Superfish\Window Shopper\SuperfishIEAddon.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\84udjxyy.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1b577661-d4bf-43e8-89bf-ed26edf098fa%7D&mid=39f2aa3e2573e9131b881e97531e8a2a-5e74b46db955cce663847f1f854a63d5128a3926&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-05-11%2019%3A46%3A51&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-21 16:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-06-21 16:28:46
ComboFix-quarantined-files.txt 2012-06-21 21:28
.
Pre-Run: 133,475,987,456 bytes free
Post-Run: 133,691,707,392 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - AF1EE25A98E3535574A344C99DBC00DA
In Topic: Wont Let Me Upload Or Update. Computer Has STD : (
20 June 2012 - 05:43 PM
Okay. Thank you very much for all the help. I am totally computer dumb and so far I have not had any trouble with your help. Here is a more detailed description of the files that where quarantined and deleted.
Files Detected: 2
C:\Documents and Settings\Owner\My Documents\Downloads\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Files Detected: 2
C:\Documents and Settings\Owner\My Documents\Downloads\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
- Malwarebytes Forum
- → Viewing Profile: Striker911
