Jump to content

tadavis

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. How can i do this when I cant access the internet? I'm thinking reformatting is going to be alot easier.
  2. Seems to be fine. Still no internet but I can access task manager.
  3. ComboFix 10-08-03.02 - tad 08/08/2010 23:19:51.3.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2790 [GMT -6:00] Running from: c:\documents and settings\tad.KWADEPC\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\tad.KWADEPC\Desktop\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 100712-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point FILE :: "c:\windows.1\dclims.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\1271906281 c:\program files\1271906281\tad1271906281L.exe J:\autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_.1271906281 -------\Service_.1271906281 ((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 ))))))))))))))))))))))))))))))) . 2010-07-15 02:42 . 2010-07-15 04:43 -------- d-----w- c:\documents and settings\Administrator.KWADEPC\Local Settings\Application Data\Adobe 2010-07-15 02:37 . 2010-07-15 02:37 -------- d-sh--w- c:\documents and settings\Administrator.KWADEPC\PrivacIE 2010-07-14 03:55 . 2010-07-14 03:55 -------- d-sh--w- c:\documents and settings\Administrator.KWADEPC\IECompatCache 2010-07-13 12:58 . 2010-07-13 12:58 -------- d-----w- c:\documents and settings\Administrator.KWADEPC\Application Data\Malwarebytes 2010-07-13 02:23 . 2010-07-13 02:23 -------- d-sh--w- c:\windows.1\system32\config\systemprofile\PrivacIE 2010-07-12 04:13 . 2010-07-12 04:13 -------- d-----w- c:\documents and settings\tad.KWADEPC\Application Data\Imagenomic 2010-07-12 03:37 . 2010-07-24 04:13 -------- d-----w- c:\program files\Imagenomic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-09 05:19 . 2009-07-24 00:30 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-08-09 05:16 . 2010-05-07 01:05 -------- d-----w- c:\documents and settings\tad.KWADEPC\Application Data\Vso 2010-08-07 21:09 . 2010-05-08 19:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Vso 2010-07-31 03:03 . 2009-12-11 02:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-01 03:49 . 2010-07-01 03:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\FLEXnet 2010-06-28 13:47 . 2010-06-09 03:31 -------- d-----w- c:\program files\Virtual PDF Printer 2010-06-18 06:05 . 2010-04-22 03:26 22464 ----a-w- c:\documents and settings\tad.KWADEPC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-12 04:50 . 2010-06-12 02:01 -------- d-----w- c:\documents and settings\tad.KWADEPC\Application Data\TeamViewer 2010-06-12 04:49 . 2010-06-12 02:02 -------- d-----w- c:\program files\TeamViewer 2010-06-11 04:56 . 2010-06-11 04:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Pure Networks 2010-06-11 04:55 . 2010-06-11 04:55 -------- d-----w- c:\program files\WebEx 2010-06-11 04:54 . 2010-06-11 04:05 8892928 ----a-w- c:\documents and settings\All Users.WINDOWS.1\Application Data\atscie.msi 2010-06-11 04:54 . 2010-06-11 04:54 -------- d-----w- c:\program files\Common Files\Pure Networks Shared 2010-06-11 04:13 . 2010-06-11 04:13 -------- d-----w- c:\program files\Linksys 2010-06-11 04:05 . 2010-06-11 04:05 -------- d-----w- c:\program files\Pure Networks 2010-06-10 04:10 . 2010-06-10 04:10 503808 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-259e55cc-n\msvcp71.dll 2010-06-10 04:10 . 2010-06-10 04:10 499712 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-259e55cc-n\jmc.dll 2010-06-10 04:10 . 2010-06-10 04:10 348160 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-259e55cc-n\msvcr71.dll 2010-06-10 04:10 . 2010-06-10 04:10 61440 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d8bf161-n\decora-sse.dll 2010-06-10 04:10 . 2010-06-10 04:10 12800 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d8bf161-n\decora-d3d.dll 2010-06-10 04:09 . 2010-06-10 04:10 411368 ----a-w- c:\windows.1\system32\deployJava1.dll . ((((((((((((((((((((((((((((( SnapShot@2010-08-04_03.04.12 ))))))))))))))))))))))))))))))))))))))))) . + 2010-08-09 05:25 . 2010-08-09 05:25 16384 c:\windows.1\Temp\Perflib_Perfdata_44c.dat - 2010-07-31 20:20 . 2010-07-31 20:20 16384 c:\windows.1\Temp\Perflib_Perfdata_44c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows.1\system32\igfxtray.exe" [2008-09-11 143360] "HotKeysCmds"="c:\windows.1\system32\hkcmd.exe" [2008-09-11 172032] "Persistence"="c:\windows.1\system32\igfxpers.exe" [2008-09-11 143360] "RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 22:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\adobearm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 13:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Documents and Settings\\tad.KWADEPC\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\WINDOWS.1\\system32\\spoolsv.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 aswSP;avast! Self Protection;c:\windows.1\system32\drivers\aswSP.sys [4/30/2010 3:27 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows.1\system32\drivers\aswFsBlk.sys [4/30/2010 3:27 PM 20560] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096] . Contents of the 'Scheduled Tasks' folder 2010-08-08 c:\windows.1\Tasks\AdobeAAMUpdater-1.0-KWADEPC-tad.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-02 09:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://blackle.com/ uInternet Settings,ProxyServer = 221.130.162.249:80 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-Virtual PDF Printer - c:\program files\Virtual PDF Printer\VirtualPDFPrinter.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-08 23:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(552) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(3540) c:\windows.1\system32\WININET.dll c:\windows.1\system32\ieframe.dll c:\windows.1\system32\webcheck.dll c:\windows.1\system32\WPDShServiceObj.dll c:\windows.1\system32\PortableDeviceTypes.dll c:\windows.1\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows.1\system32\igfxsrvc.exe c:\windows.1\RTHDCPL.EXE c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows.1\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-08-08 23:28:55 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-09 05:28 ComboFix2.txt 2010-08-06 02:44 Pre-Run: 97,189,588,992 bytes free Post-Run: 97,110,290,432 bytes free - - End Of File - - AB6C3F30B25A0D5CEB706CCF2DB3387D
  4. File tad1271906281L.exe received on 2010.08.07 04:43:04 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 25/42 (59.53%) Loading server information... Your file is queued in position: 1. Estimated start time is between 46 and 66 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2010.08.07.00 2010.08.06 - AntiVir 8.2.4.34 2010.08.06 DR/Kiser.FB Antiy-AVL 2.0.3.7 2010.08.06 - Authentium 5.2.0.5 2010.08.07 - Avast 4.8.1351.0 2010.08.06 - Avast5 5.0.332.0 2010.08.06 - AVG 9.0.0.851 2010.08.06 - BitDefender 7.2 2010.08.07 Trojan.Generic.4313735 CAT-QuickHeal 11.00 2010.08.06 - ClamAV 0.96.0.3-git 2010.08.07 PUA.Script.Packed-3 Comodo 5671 2010.08.06 UnclassifiedMalware DrWeb 5.0.2.03300 2010.08.07 - Emsisoft 5.0.0.36 2010.08.06 Downloader.Kiser!IK eSafe 7.0.17.0 2010.08.05 - eTrust-Vet 36.1.7773 2010.08.07 Win32/Orsam.J F-Prot 4.6.1.107 2010.08.07 - F-Secure 9.0.15370.0 2010.08.07 Trojan.Generic.4313735 Fortinet 4.1.143.0 2010.08.06 - GData 21 2010.08.07 Trojan.Generic.4313735 Ikarus T3.1.1.84.0 2010.08.06 Downloader.Kiser Jiangmin 13.0.900 2010.08.03 - Kaspersky 7.0.0.125 2010.08.07 - McAfee 5.400.0.1158 2010.08.07 Artemis!84CB8691AA81 McAfee-GW-Edition 2010.1 2010.08.06 Artemis!84CB8691AA81 Microsoft 1.6004 2010.08.06 Worm:Win32/Orbina!rts NOD32 5348 2010.08.06 Win32/HackAV.EX Norman 6.05.11 2010.08.06 AutoRun.AGUK nProtect 2010-08-06.01 2010.08.06 Trojan.Generic.4313735 Panda 10.0.2.7 2010.08.06 Trj/CI.A PCTools 7.0.3.5 2010.08.07 - Prevx 3.0 2010.08.07 High Risk Worm Rising 22.59.05.01 2010.08.07 AdWare.Win32.Autoit.x Sophos 4.56.0 2010.08.07 Mal/Generic-A Sunbelt 6698 2010.08.07 Trojan.Win32.Generic!BT SUPERAntiSpyware 4.40.0.1006 2010.08.07 Trojan.Agent/Gen Symantec 20101.1.1.7 2010.08.07 - TheHacker 6.5.2.1.335 2010.08.07 - TrendMicro 9.120.0.1004 2010.08.07 TROJ_IMAGE.MCL TrendMicro-HouseCall 9.120.0.1004 2010.08.07 TROJ_IMAGE.MCL VBA32 3.12.12.8 2010.08.04 Trojan.Autoit.F ViRobot 2010.7.29.3961 2010.08.06 - VirusBuster 5.0.27.0 2010.08.06 Worm.Autoit.Gen Additional information File size: 423016 bytes MD5...: 84cb8691aa81b9c39d5b0de8f280170b SHA1..: 9de7715b0112bdce5bfdd17895ee8209f1b789c7 SHA256: 3651f87f9a5d6c41ee8c80ac9ac6c57b0b6d0ca3d3552aebcca90ec6fdeafd63 ssdeep: 6144:5lZ/zUMu4pDSxsCMRzf7x3SfS1JAzXBtL76lCUuEUJYZxoXUbMA+FK:5HLU Muiv9RgfSjAzRtyRuyL0vA+M PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xaf1e0 timedatestamp.....: 0x4951fa17 (Wed Dec 24 09:00:07 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x6f000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x70000 0x40000 0x3f400 7.93 08b3eaa2b794bef186a3a4bb4377144d .rsrc 0xb0000 0x8000 0x8000 4.88 ff919d5108d999ce9e2338ad5d9bbd94 ( 16 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > ADVAPI32.dll: AddAce > COMCTL32.dll: ImageList_Remove > COMDLG32.dll: GetSaveFileNameW > GDI32.dll: BitBlt > MPR.dll: WNetGetConnectionW > ole32.dll: CoInitialize > OLEAUT32.dll: - > PSAPI.DLL: EnumProcesses > SHELL32.dll: DragFinish > USER32.dll: GetDC > USERENV.dll: LoadUserProfileW > VERSION.dll: VerQueryValueW > WININET.dll: FtpOpenFileW > WINMM.dll: timeGetTime > WSOCK32.dll: - ( 0 exports ) RDS...: NSRL Reference Data Set - trid..: UPX compressed Win32 Executable (43.8%) Win32 EXE Yoda's Crypter (38.1%) Win32 Executable Generic (12.2%) Generic Win/DOS Executable (2.8%) DOS Executable Generic (2.8%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=042C75EA68B0BD4174F906A3D7478800B83D9FA4' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=042C75EA68B0BD4174F906A3D7478800B83D9FA4</a> pdfid.: - sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: BOX _NTR2010s original name: n/a internal name: n/a file version.: 1.4.0.0 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned packers (Kaspersky): PE_Patch.UPX, UPX packers (F-Prot): UPX
  5. K did that, it worked. Here's the log. ComboFix 10-08-03.02 - tad 08/05/2010 20:40:15.2.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2898 [GMT -6:00] Running from: c:\documents and settings\tad.KWADEPC\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\tad.KWADEPC\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe AV: avast! antivirus 4.8.1368 [VPS 100712-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows.1\system32\ActNAV_cltDynam.dat . ((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 ))))))))))))))))))))))))))))))) . 2010-07-15 02:42 . 2010-07-15 04:43 -------- d-----w- c:\documents and settings\Administrator.KWADEPC\Local Settings\Application Data\Adobe 2010-07-15 02:37 . 2010-07-15 02:37 -------- d-sh--w- c:\documents and settings\Administrator.KWADEPC\PrivacIE 2010-07-14 03:55 . 2010-07-14 03:55 -------- d-sh--w- c:\documents and settings\Administrator.KWADEPC\IECompatCache 2010-07-13 12:58 . 2010-07-13 12:58 -------- d-----w- c:\documents and settings\Administrator.KWADEPC\Application Data\Malwarebytes 2010-07-13 02:23 . 2010-07-13 02:23 -------- d-sh--w- c:\windows.1\system32\config\systemprofile\PrivacIE 2010-07-12 04:13 . 2010-07-12 04:13 -------- d-----w- c:\documents and settings\tad.KWADEPC\Application Data\Imagenomic 2010-07-12 03:37 . 2010-07-24 04:13 -------- d-----w- c:\program files\Imagenomic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-31 03:03 . 2009-12-11 02:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-12 13:47 . 2010-04-30 22:34 -------- d-----w- c:\documents and settings\tad.KWADEPC\Application Data\uTorrent 2010-07-11 16:05 . 2010-05-07 01:05 -------- d-----w- c:\documents and settings\tad.KWADEPC\Application Data\Vso 2010-07-01 03:49 . 2010-07-01 03:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\FLEXnet 2010-06-28 13:47 . 2010-06-09 03:31 -------- d-----w- c:\program files\Virtual PDF Printer 2010-06-18 06:05 . 2010-04-22 03:26 22464 ----a-w- c:\documents and settings\tad.KWADEPC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-17 03:39 . 2010-05-08 19:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Vso 2010-06-12 04:50 . 2010-06-12 02:01 -------- d-----w- c:\documents and settings\tad.KWADEPC\Application Data\TeamViewer 2010-06-12 04:49 . 2010-06-12 02:02 -------- d-----w- c:\program files\TeamViewer 2010-06-11 04:56 . 2010-06-11 04:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Pure Networks 2010-06-11 04:55 . 2010-06-11 04:55 -------- d-----w- c:\program files\WebEx 2010-06-11 04:54 . 2010-06-11 04:05 8892928 ----a-w- c:\documents and settings\All Users.WINDOWS.1\Application Data\atscie.msi 2010-06-11 04:54 . 2010-06-11 04:54 -------- d-----w- c:\program files\Common Files\Pure Networks Shared 2010-06-11 04:13 . 2010-06-11 04:13 -------- d-----w- c:\program files\Linksys 2010-06-11 04:05 . 2010-06-11 04:05 -------- d-----w- c:\program files\Pure Networks 2010-06-10 04:10 . 2010-06-10 04:10 503808 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-259e55cc-n\msvcp71.dll 2010-06-10 04:10 . 2010-06-10 04:10 499712 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-259e55cc-n\jmc.dll 2010-06-10 04:10 . 2010-06-10 04:10 348160 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-259e55cc-n\msvcr71.dll 2010-06-10 04:10 . 2010-06-10 04:10 61440 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d8bf161-n\decora-sse.dll 2010-06-10 04:10 . 2010-06-10 04:10 12800 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d8bf161-n\decora-d3d.dll 2010-06-10 04:09 . 2010-06-10 04:10 411368 ----a-w- c:\windows.1\system32\deployJava1.dll . <pre> c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe c:\program files\Common Files\Symantec Shared\ccapp .exe </pre> ((((((((((((((((((((((((((((( SnapShot@2010-08-04_03.04.12 ))))))))))))))))))))))))))))))))))))))))) . + 2010-08-06 02:27 . 2010-08-06 02:27 16384 c:\windows.1\Temp\Perflib_Perfdata_44c.dat - 2010-07-31 20:20 . 2010-07-31 20:20 16384 c:\windows.1\Temp\Perflib_Perfdata_44c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows.1\system32\igfxtray.exe" [2008-09-11 143360] "HotKeysCmds"="c:\windows.1\system32\hkcmd.exe" [2008-09-11 172032] "Persistence"="c:\windows.1\system32\igfxpers.exe" [2008-09-11 143360] "RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Afogadavakule"="c:\windows.1\dclims.dll" [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 13:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virtual PDF Printer] c:\program files\Virtual PDF Printer\VirtualPDFPrinter.exe [N/A] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Documents and Settings\\tad.KWADEPC\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\WINDOWS.1\\system32\\spoolsv.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 aswSP;avast! Self Protection;c:\windows.1\system32\drivers\aswSP.sys [4/30/2010 3:27 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows.1\system32\drivers\aswFsBlk.sys [4/30/2010 3:27 PM 20560] S2 .1271906281;1271906281;c:\program files\1271906281\tad1271906281L.exe [9/9/2009 10:44 PM 423016] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096] . Contents of the 'Scheduled Tasks' folder 2010-08-05 c:\windows.1\Tasks\AdobeAAMUpdater-1.0-KWADEPC-tad.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-02 09:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://blackle.com/ uInternet Settings,ProxyServer = 221.130.162.249:80 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-05 20:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(548) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Completion time: 2010-08-05 20:44:17 ComboFix-quarantined-files.txt 2010-08-06 02:44 Pre-Run: 101,518,680,064 bytes free Post-Run: 101,500,432,384 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS.1 [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS.1="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - FFD4671521726A8DB294E49BDB1DA050
  6. When running combofix it mentioned that i did not have the windows recovery system installed and could install it from the internet. I am unable to connect so i could do that but still ran it and here is the log. ComboFix 10-08-03.02 - tad 08/03/2010 20:54:03.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2769 [GMT -6:00] Running from: D:\Combo-Fix.exe AV: avast! antivirus 4.8.1368 [VPS 100712-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\tad.KWADEPC\Application Data\713a98c2.exe c:\documents and settings\tad.KWADEPC\Application Data\inst.exe c:\program files\Defense Center c:\program files\Defense Center\def.db c:\program files\Defense Center\defcnt.exe c:\program files\Defense Center\defext.dll c:\program files\Defense Center\defhook.dll c:\program files\Defense Center\Uninstall.exe c:\windows.1\dclims.dll c:\windows.1\system32\ActNAV_cltDynam.dat c:\windows.1\system32\ernel32.dll . ((((((((((((((((((((((((( Files Created from 2010-07-04 to 2010-08-04 ))))))))))))))))))))))))))))))) . 2010-07-15 02:42 . 2010-07-15 04:43 -------- d-----w- c:\documents and settings\Administrator.KWADEPC\Local Settings\Application Data\Adobe 2010-07-15 02:37 . 2010-07-15 02:37 -------- d-sh--w- c:\documents and settings\Administrator.KWADEPC\PrivacIE 2010-07-14 03:55 . 2010-07-14 03:55 -------- d-sh--w- c:\documents and settings\Administrator.KWADEPC\IECompatCache 2010-07-13 12:58 . 2010-07-13 12:58 -------- d-----w- c:\documents and settings\Administrator.KWADEPC\Application Data\Malwarebytes 2010-07-13 02:23 . 2010-07-13 02:23 -------- d-sh--w- c:\windows.1\system32\config\systemprofile\PrivacIE 2010-07-12 04:13 . 2010-07-12 04:13 -------- d-----w- c:\documents and settings\tad.KWADEPC\Application Data\Imagenomic 2010-07-12 03:37 . 2010-07-24 04:13 -------- d-----w- c:\program files\Imagenomic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-31 03:03 . 2009-12-11 02:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-12 13:47 . 2010-04-30 22:34 -------- d-----w- c:\documents and settings\tad.KWADEPC\Application Data\uTorrent 2010-07-11 16:05 . 2010-05-07 01:05 -------- d-----w- c:\documents and settings\tad.KWADEPC\Application Data\Vso 2010-07-01 03:49 . 2010-07-01 03:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\FLEXnet 2010-06-28 13:47 . 2010-06-09 03:31 -------- d-----w- c:\program files\Virtual PDF Printer 2010-06-18 06:05 . 2010-04-22 03:26 22464 ----a-w- c:\documents and settings\tad.KWADEPC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-17 03:39 . 2010-05-08 19:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Vso 2010-06-12 04:50 . 2010-06-12 02:01 -------- d-----w- c:\documents and settings\tad.KWADEPC\Application Data\TeamViewer 2010-06-12 04:49 . 2010-06-12 02:02 -------- d-----w- c:\program files\TeamViewer 2010-06-11 04:56 . 2010-06-11 04:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Pure Networks 2010-06-11 04:55 . 2010-06-11 04:55 -------- d-----w- c:\program files\WebEx 2010-06-11 04:54 . 2010-06-11 04:05 8892928 ----a-w- c:\documents and settings\All Users.WINDOWS.1\Application Data\atscie.msi 2010-06-11 04:54 . 2010-06-11 04:54 -------- d-----w- c:\program files\Common Files\Pure Networks Shared 2010-06-11 04:13 . 2010-06-11 04:13 -------- d-----w- c:\program files\Linksys 2010-06-11 04:05 . 2010-06-11 04:05 -------- d-----w- c:\program files\Pure Networks 2010-06-10 04:10 . 2010-06-10 04:10 503808 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-259e55cc-n\msvcp71.dll 2010-06-10 04:10 . 2010-06-10 04:10 499712 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-259e55cc-n\jmc.dll 2010-06-10 04:10 . 2010-06-10 04:10 348160 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-259e55cc-n\msvcr71.dll 2010-06-10 04:10 . 2010-06-10 04:10 61440 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d8bf161-n\decora-sse.dll 2010-06-10 04:10 . 2010-06-10 04:10 12800 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d8bf161-n\decora-d3d.dll 2010-06-10 04:09 . 2010-06-10 04:10 411368 ----a-w- c:\windows.1\system32\deployJava1.dll 2010-05-07 01:05 . 2010-05-07 01:05 47360 ----a-w- c:\windows.1\system32\drivers\pcouffin.sys 2010-05-07 01:05 . 2010-05-07 01:05 47360 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\pcouffin.sys 2010-05-07 01:05 . 2010-05-07 01:05 47360 ----a-w- c:\documents and settings\tad.KWADEPC\Application Data\pcouffin.sys 2010-05-06 10:41 . 2008-04-14 04:42 916480 ----a-w- c:\windows.1\system32\wininet.dll . <pre> c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe c:\program files\Common Files\Symantec Shared\ccapp .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows.1\system32\igfxtray.exe" [2008-09-11 143360] "HotKeysCmds"="c:\windows.1\system32\hkcmd.exe" [2008-09-11 172032] "Persistence"="c:\windows.1\system32\igfxpers.exe" [2008-09-11 143360] "RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Afogadavakule"="c:\windows.1\dclims.dll" [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 13:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virtual PDF Printer] c:\program files\Virtual PDF Printer\VirtualPDFPrinter.exe [N/A] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Documents and Settings\\tad.KWADEPC\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\WINDOWS.1\\system32\\spoolsv.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 aswSP;avast! Self Protection;c:\windows.1\system32\drivers\aswSP.sys [4/30/2010 3:27 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows.1\system32\drivers\aswFsBlk.sys [4/30/2010 3:27 PM 20560] S2 .1271906281;1271906281;c:\program files\1271906281\tad1271906281L.exe [9/9/2009 10:44 PM 423016] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096] . Contents of the 'Scheduled Tasks' folder 2010-08-03 c:\windows.1\Tasks\AdobeAAMUpdater-1.0-KWADEPC-tad.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-02 09:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://blackle.com/ uInternet Settings,ProxyServer = 221.130.162.249:80 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-03 21:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(552) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Completion time: 2010-08-03 21:05:16 ComboFix-quarantined-files.txt 2010-08-04 03:05 Pre-Run: 98,980,868,096 bytes free Post-Run: 101,398,802,432 bytes free - - End Of File - - D6047B98C80AEB3F45CE5F4A89EA85F7
  7. That mbam link didnt work for me but changed mbam exe to firefox and it opened. Fresh Mbam log Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4024 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/30/2010 10:06:24 PM mbam-log-2010-07-30 (22-06-24).txt Scan type: Full scan (C:\|) Objects scanned: 283041 Time elapsed: 1 hour(s), 2 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) JavaRa Log JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Jul 28 07:17:08 2010 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip ------------------------------------ Finished reporting. And fresh DDS log DDS (Ver_10-03-17.01) - NTFSx86 Run by tad at 14:23:43.18 on Sat 07/31/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2866 [GMT -6:00] AV: avast! antivirus 4.8.1368 [VPS 100712-1] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS.1\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS.1\System32\svchost.exe -k netsvcs svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS.1\Explorer.EXE C:\WINDOWS.1\system32\igfxtray.exe C:\WINDOWS.1\system32\igfxpers.exe C:\WINDOWS.1\system32\igfxsrvc.exe C:\WINDOWS.1\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\WINDOWS.1\system32\ctfmon.exe C:\WINDOWS.1\system32\spoolsv.exe svchost.exe C:\WINDOWS.1\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS.1\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS.1\system32\wscntfy.exe D:\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://blackle.com/ uInternet Settings,ProxyServer = 221.130.162.249:80 uRun: [ctfmon.exe] c:\windows.1\system32\ctfmon.exe mRun: [igfxTray] c:\windows.1\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows.1\system32\hkcmd.exe mRun: [Persistence] c:\windows.1\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash dRun: [JDK5SWFMZY] c:\windows.1\temp\Arh.exe dRun: [Afogadavakule] rundll32.exe "c:\windows.1\dclims.dll",Startup mPolicies-system: EnableLUA = 0 (0x0) dPolicies-system: DisableTaskMgr = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.1\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows.1\system32\drivers\aswSP.sys [2010-4-30 114768] R2 aswFsBlk;aswFsBlk;c:\windows.1\system32\drivers\aswFsBlk.sys [2010-4-30 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-4-30 138680] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-4-30 254040] S2 .1271906281;1271906281;c:\program files\1271906281\tad1271906281L.exe [2009-9-9 423016] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-4-30 352920] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] =============== Created Last 30 ================ 2010-07-13 02:46:15 0 d-----w- c:\program files\Defense Center 2010-07-12 04:01:44 1506 ----a-w- c:\windows.1\Sandboxie.ini 2010-07-12 03:37:34 0 d-----w- c:\program files\Imagenomic ==================== Find3M ==================== 2010-06-10 04:09:48 411368 ----a-w- c:\windows.1\system32\deployJava1.dll 2010-05-07 01:05:28 87608 ----a-w- c:\docume~1\tad~1.kwa\applic~1\inst.exe 2010-05-07 01:05:28 47360 ----a-w- c:\docume~1\tad~1.kwa\applic~1\pcouffin.sys 2010-05-06 10:41:53 916480 ----a-w- c:\windows.1\system32\wininet.dll 2003-09-16 07:19:48 99544 ----a-w- c:\windows.1\inf\virprn.exe 2003-09-16 07:19:48 18950 ----a-w- c:\windows.1\inf\virpntd.dll 2003-09-16 07:19:48 10240 ----a-w- c:\windows.1\inf\virport.dll 2003-09-16 07:19:46 90624 ----a-w- c:\windows.1\inf\prtproc.dll ============= FINISH: 14:25:37.65 =============== Thank you
  8. Was able to remove reader, java and run JavaRa. But since i have no internet I cant update mbam. And mbam wont even open in regular mode
  9. Oh and is all of this stuff to be done in regular or safe mode? Didnt see it stated anywhere.
  10. DDS.txt info - DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL Run by Administrator at 14:46:25.37 on Sat 07/24/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.3074 [GMT -6:00] AV: avast! antivirus 4.8.1368 [VPS 100712-1] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS.1\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS.1\system32\svchost.exe -k netsvcs C:\WINDOWS.1\system32\userinit.exe C:\WINDOWS.1\Explorer.EXE D:\dds.scr ============== Pseudo HJT Report =============== BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows.1\system32\ctfmon.exe mRun: [igfxTray] c:\windows.1\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows.1\system32\hkcmd.exe mRun: [Persistence] c:\windows.1\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash dRun: [JDK5SWFMZY] c:\windows.1\temp\Arh.exe dRun: [Afogadavakule] rundll32.exe "c:\windows.1\dclims.dll",Startup mPolicies-system: EnableLUA = 0 (0x0) dPolicies-system: DisableTaskMgr = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.1\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== S1 aswSP;avast! Self Protection;c:\windows.1\system32\drivers\aswSP.sys [2010-4-30 114768] S2 .1271906281;1271906281;c:\program files\1271906281\tad1271906281L.exe [2009-9-9 423016] S2 aswFsBlk;aswFsBlk;c:\windows.1\system32\drivers\aswFsBlk.sys [2010-4-30 20560] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-4-30 138680] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-4-30 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-4-30 352920] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] =============== Created Last 30 ================ 2010-07-24 20:44:19 0 ----a-w- c:\documents and settings\administrator.kwadepc\defogger_reenable 2010-07-15 02:37:21 0 d-sh--w- c:\documents and settings\administrator.kwadepc\PrivacIE 2010-07-14 03:55:30 0 d-sh--w- c:\documents and settings\administrator.kwadepc\IECompatCache 2010-07-13 12:58:34 0 d-----w- c:\docume~1\admini~1.kwa\applic~1\Malwarebytes 2010-07-13 02:46:15 0 d-----w- c:\program files\Defense Center 2010-07-12 04:02:46 0 d-----r- C:\Sandbox 2010-07-12 04:01:44 1506 ----a-w- c:\windows.1\Sandboxie.ini 2010-07-12 03:37:34 0 d-----w- c:\program files\Imagenomic ==================== Find3M ==================== 2010-06-10 04:09:48 411368 ----a-w- c:\windows.1\system32\deployJava1.dll 2010-05-06 10:41:53 916480 ----a-w- c:\windows.1\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows.1\system32\win32k.sys 2003-09-16 07:19:48 99544 ----a-w- c:\windows.1\inf\virprn.exe 2003-09-16 07:19:48 18950 ----a-w- c:\windows.1\inf\virpntd.dll 2003-09-16 07:19:48 10240 ----a-w- c:\windows.1\inf\virport.dll 2003-09-16 07:19:46 90624 ----a-w- c:\windows.1\inf\prtproc.dll ============= FINISH: 14:46:41.25 =============== Now when i run the GMER rootkit scanner in safe mode it gets to a point and just restarts. In regular mode, it finishes but freezes when i hit save. What do i do? Attach.txt is attached Attach.zip
  11. Can't access internet, cant access task manager Win XP SP3 Ran malwarebytes in safe mode and got this Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4024 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 7/13/2010 9:40:59 PM mbam-log-2010-07-13 (21-40-59).txt Scan type: Full scan (C:\|) Objects scanned: 291303 Time elapsed: 1 hour(s), 29 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.226,93.188.166.206 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.226,93.188.166.206 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7917ba4f-aee5-4d5e-b7a6-5951815a2589}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.226,93.188.166.206 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7917ba4f-aee5-4d5e-b7a6-5951815a2589}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.226,93.188.166.206 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\All Users.WINDOWS.1\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS.1\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\tad.KWADEPC\Local Settings\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS.1\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. And i had malwarebytes delete it but that didnt seem to work. My HJT Log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:57:15 PM, on 7/14/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS.1\System32\smss.exe C:\WINDOWS.1\system32\winlogon.exe C:\WINDOWS.1\system32\services.exe C:\WINDOWS.1\system32\lsass.exe C:\WINDOWS.1\system32\svchost.exe C:\WINDOWS.1\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS.1\Explorer.EXE C:\WINDOWS.1\system32\igfxtray.exe C:\WINDOWS.1\system32\hkcmd.exe C:\WINDOWS.1\system32\igfxpers.exe C:\WINDOWS.1\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS.1\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\WINDOWS.1\system32\ctfmon.exe C:\WINDOWS.1\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS.1\system32\svchost.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS.1\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blackle.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 221.130.162.249:80 O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java
  12. My HJT Log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:57:15 PM, on 7/14/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS.1\System32\smss.exe C:\WINDOWS.1\system32\winlogon.exe C:\WINDOWS.1\system32\services.exe C:\WINDOWS.1\system32\lsass.exe C:\WINDOWS.1\system32\svchost.exe C:\WINDOWS.1\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS.1\Explorer.EXE C:\WINDOWS.1\system32\igfxtray.exe C:\WINDOWS.1\system32\hkcmd.exe C:\WINDOWS.1\system32\igfxpers.exe C:\WINDOWS.1\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS.1\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\WINDOWS.1\system32\ctfmon.exe C:\WINDOWS.1\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS.1\system32\svchost.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS.1\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blackle.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 221.130.162.249:80 O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS.1\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.1\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS.1\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.1\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [JDK5SWFMZY] C:\WINDOWS.1\TEMP\Arh.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Afogadavakule] rundll32.exe "C:\WINDOWS.1\dclims.dll",Startup (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [JDK5SWFMZY] C:\WINDOWS.1\TEMP\Arh.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.1\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.1\system32\browseui.dll O23 - Service: 1271906281 (.1271906281) - Unknown owner - C:\Program Files\1271906281\tad1271906281L.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 6101 bytes
  13. And i had malwarebytes delete it but that didnt seem to work.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.