Jump to content

justinsousa

Honorary Members
  • Posts

    28
  • Joined

  • Last visited

Reputation

0 Neutral
  1. thank you for the reply. i was in a very serious situation and had to do something fast because it was spreading out of control around my office. at the advice of a local computer tech, i ran combox fix and tdsskiller in safemode on all the pcs, then followed it up by malewarebytes and superantispyware scans in regular mode. i was very careful to keep computers from becoming instantly re-infected by whichever ones were spreading trojans on the network, and the situation is back to manageable. none of the pcs had any trouble or errors running combofix. should i re-post a new DDS file for this machine, or start a new post? I'll need a couple days to reply as it is now the weekend and worked about 70 hours this week already!
  2. busy weekend, please give me a couple more days. also my office got hammered by multiple infections this week so i've been on overdrive trying to get this crap back off of my network :/
  3. A real malware fest. :/ I have about 8 computers that I was forced to run ComboFix (safemode), TDSS Killer (safemode), MBAM, SUPERAntiSpyware, and BitDefender on (2 of them still have AVG, just switched over a couple days ago. I believe the original infection is some kind of worm base on how fast it spread around the office, but I haven't seen any in the logs yet. I have the office back up to a basic working state, went after the PCs that I thought might have been the source first, but have 3 left that are turned off until I can safely focus on them. They are all Windows XP SP3 and I need help cleaning every single one of them, and they all seem to have unique trojan infections, including one that is reporting over 1,000 password protected files that BitDefender can't scan. I am including the DDS logs for that machine. Your help is most appreciated This machine had PUP.Dealio.TB and Adware.Hotbar detected by Malwarebytes as the first recognition of a problem. Let me know if you need more information other than the DDS logs posted here DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2 Run by Trever at 8:55:07 on 2012-12-12 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.440 [GMT -8:00] . AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: Bitdefender Firewall *Enabled* . ============== Running Processes ================ . C:\Program Files\Bitdefender\Bitdefender Small Business Security\vsserv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Bitdefender\Bitdefender Small Business Security\updatesrv.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Bitdefender\Bitdefender Small Business Security\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Bitdefender\Bitdefender Small Business Security\downloader.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: <No Name>: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [DW6] <no file> mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe" mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe" mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [bdagent] c:\program files\bitdefender\bitdefender small business security\bdagent.exe mRun: [sunJavaUpdateSched] c:\program files\java\jre7\bin\jusched.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - <orphaned> IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355308694015 DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://streampc.dyndns.org/MLWebCacheCleaner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {DD5E6739-FDD6-4542-8940-4A4B8AB5276E} - hxxps://streampc.dyndns.org/NGVPNTunnel.cab TCP: Interfaces\{E8050BE9-D7F6-4D69-A4B5-B6F5F44AA9B9} : NameServer = 68.94.156.1,68.94.156.2 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-12-10 622616] R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2012-12-10 161312] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2012-12-10 72704] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608] R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender small business security\updatesrv.exe [2012-12-10 55544] R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-12-10 481464] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2012-12-10 116248] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-12 22856] R3 NGSSLDrv;VPN Tunnel NGSSLDrv Adapter;c:\windows\system32\drivers\NGSSLDrv.sys [2007-12-19 17632] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-12 399432] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-12 676936] S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-12-10 66392] S3 DIRECTIO;DIRECTIO;c:\program files\performancetest\DirectIo32.sys [2012-12-7 22120] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-12-12 16:53:19 -------- d-----w- c:\documents and settings\trever\application data\SUPERAntiSpyware.com 2012-12-12 09:21:16 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-12-12 09:21:16 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2012-12-12 08:32:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 08:32:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-12 06:33:32 -------- d-sha-r- C:\cmdcons 2012-12-11 17:03:12 -------- d-----w- c:\documents and settings\trever\application data\Malwarebytes 2012-12-11 17:02:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-12-11 03:31:13 242504 ----a-w- c:\windows\system32\drivers\avchv.sys 2012-12-11 02:55:13 -------- d-----w- c:\documents and settings\all users\application data\BDLogging 2012-12-11 02:55:00 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys 2012-12-11 02:54:45 116248 ----a-w- c:\windows\system32\drivers\bdfndisf.sys 2012-12-11 02:54:08 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys 2012-12-11 02:54:08 511328 ----a-w- c:\windows\capicom.dll 2012-12-11 02:53:54 481464 ----a-w- c:\windows\system32\drivers\avckf.sys 2012-12-11 02:53:52 622616 ----a-w- c:\windows\system32\drivers\avc3.sys 2012-12-11 02:30:40 -------- d-----w- c:\documents and settings\trever\application data\Bitdefender 2012-12-11 02:30:37 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender 2012-12-11 02:26:10 -------- d-----w- c:\documents and settings\trever\application data\QuickScan 2012-12-11 02:24:36 343456 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-12-11 02:24:36 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys 2012-12-11 02:24:36 -------- d-----w- c:\program files\Bitdefender 2012-12-11 01:52:19 -------- d-----w- c:\program files\common files\Bitdefender 2012-12-07 23:08:22 -------- d-----w- c:\documents and settings\trever\local settings\application data\PassMark 2012-12-07 23:07:51 -------- d-----w- c:\documents and settings\all users\application data\Passmark 2012-12-07 23:07:44 -------- d-----w- c:\program files\PerformanceTest 2012-12-06 22:04:22 -------- d-----w- c:\program files\Citrix 2012-12-04 18:04:00 -------- d-----w- c:\documents and settings\trever\application data\webex 2012-12-04 17:59:01 -------- d-----w- c:\documents and settings\trever\local settings\application data\Sun 2012-12-04 17:57:02 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-04 17:56:29 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . ==================== Find3M ==================== . 2012-12-12 07:26:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 07:26:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-04 17:55:48 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-12-04 17:55:46 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll . ============= FINISH: 8:56:33.81 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/29/2006 9:51:03 AM System Uptime: 12/12/2012 4:30:51 AM (4 hours ago) . Motherboard: Dell Inc. | | 0HJ054 Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 145 GiB total, 108.165 GiB free. D: is CDROM () R: is NetworkDisk (UDF) - 0 GiB total, 0 GiB free. Z: is NetworkDisk (NTFS) - 2081 GiB total, 1028.36 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Acrobat 7.0 Professional Adobe Bridge 1.0 Adobe Common File Installer Adobe Creative Suite 2 Adobe Flash Player 11 ActiveX Adobe GoLive CS2 Adobe Help Center 1.0 Adobe Illustrator CS2 Adobe InDesign CS2 Adobe Photoshop CS2 Adobe Reader XI Adobe Stock Photos 1.0 Adobe SVG Viewer 3.0 Adobe Version Cue CS2 Amazon MP3 Downloader 1.0.3 Apple Application Support Apple Software Update ATI Control Panel ATI Display Driver Bitdefender Small Business Security Compatibility Pack for the 2007 Office system Corel Photo Album 6 Critical Update for Windows Media Player 11 (KB959772) Dell CinePlayer Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Support Center Dell System Restore DellSupport Digital Content Portal Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 5.3.0.1009 High Definition Audio Driver Package - KB835221 Hotfix 2055 for SQL Server 2000 ENU (KB960082) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) ICS Viewer 6.0 Intel® PRO Network Connections Drivers Intel® PROSet for Wired Connections Java 7 Update 9 Java Auto Updater Learn2 Player (Uninstall Only) Macromedia Flash Player Malwarebytes Anti-Malware version 1.65.1.1000 MCU Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft Office File Validation Add-In Microsoft Office Small Business Accounting 2006 Microsoft Office Small Business Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Musicmatch for Windows Media Player Musicmatch® Jukebox NCSS - PASS ParcelQuest 4.1 PerformanceTest v8.0 Picasa 3 Qualxserve Service Agreement QuickBooks Simple Start Special Edition QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Roxio DLA Roxio MyDVD LE Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data Roxio Update Manager SBA Search Assist Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SHARP MX/DX Series PCL/PS Printer Driver Sibelius Scorch (ActiveX Only) SketchUp 8 Sonic Activation Module SoulSeek Client 156c SpeechRedist Spybot - Search & Destroy 1.4 Suite Specific SUPERAntiSpyware The Weather Channel Desktop 6 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB2632503) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Viewpoint Media Player WebEx WebFldrs XP Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix - KB895316 Windows Media Player 11 Windows Media Player Firefox Plugin Windows XP Service Pack 3 Zimbra Desktop . ==== Event Viewer Messages From Past Week ======== . 12/11/2012 11:54:43 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s). 12/11/2012 11:54:09 PM, error: Service Control Manager [7034] - The Adobe Version Cue CS2 service terminated unexpectedly. It has done this 1 time(s). 12/11/2012 11:09:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 12/11/2012 11:09:56 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/11/2012 10:28:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 bdselfpr BDVEDISK Fips gzflt intelppm trufos 12/11/2012 10:27:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 12/11/2012 10:27:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} . ==== End Of File ===========================
  4. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:46:02 AM, on 12/12/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Bitdefender\Bitdefender Small Business Security\vsserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Bitdefender\Bitdefender Small Business Security\updatesrv.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bitdefender\Bitdefender Small Business Security\bdagent.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\IT\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090130 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090130 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender Small Business Security\bdagent.exe O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUlTTUItSjRMVVMtSkpRN0wtTUxNVkEtWjRDRFUtR0hYQUc"&"inst=NzYtNzQ1NTg5MDg5LVQyLVU5MCsxLVRQKzEtWE8zNisxLVBMKzktTjFEKzEtQ0lQKzItRERUKzEzMDAtVFVHKzMtU1QxMEFQUCsxLUREMTArMS1QMTBUQisy"&"prod=97"&"ver=10.0.1427 O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355304886578 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354902928921 O17 - HKLM\System\CCS\Services\Tcpip\..\{F0CD1790-B9CA-43F1-B67D-83AC7A37FA47}: NameServer = 68.94.156.1,68.94.156.2 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing) O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9c75e6d835903) (gupdate1c9c75e6d835903) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Small Business Security\updatesrv.exe O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Small Business Security\vsserv.exe O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- End of file - 10799 bytes
  5. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.12.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 IT :: 090209-1 [administrator] 12/12/2012 12:18:56 AM mbam-log-2012-12-12 (00-18-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 246451 Time elapsed: 11 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. ComboFix 12-12-10.01 - Trever 12/11/2012 10:11:12.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1360 [GMT -8:00] Running from: c:\documents and settings\Trever\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Trever\Desktop\CFScript.txt AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: Bitdefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\1355189664.bdinstall.bin . c:\windows\system32\drivers\i8042prt.sys . . . is missing!! . . ((((((((((((((((((((((((( Files Created from 2012-11-11 to 2012-12-11 ))))))))))))))))))))))))))))))) . . 2012-12-11 02:21 . 2012-12-11 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging 2012-12-11 02:21 . 2012-04-17 21:40 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys 2012-12-11 02:20 . 2012-07-06 22:13 116248 ----a-w- c:\windows\system32\drivers\bdfndisf.sys 2012-12-11 02:20 . 2012-09-22 01:16 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys 2012-12-11 02:20 . 2007-04-11 18:11 511328 ----a-w- c:\windows\capicom.dll 2012-12-11 02:20 . 2012-10-10 22:00 481464 ----a-w- c:\windows\system32\drivers\avckf.sys 2012-12-11 02:20 . 2012-10-10 22:00 622616 ----a-w- c:\windows\system32\drivers\avc3.sys 2012-12-11 02:07 . 2012-12-11 02:21 -------- d-----w- c:\documents and settings\Trever\Application Data\Bitdefender 2012-12-11 02:07 . 2012-12-11 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender 2012-12-11 02:05 . 2012-12-11 02:05 -------- d-----w- c:\documents and settings\Trever\Application Data\QuickScan 2012-12-11 01:55 . 2012-08-30 01:24 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys 2012-12-11 01:55 . 2012-12-11 02:07 -------- d-----w- c:\program files\Bitdefender 2012-12-11 01:55 . 2012-10-31 20:13 343456 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-12-11 01:00 . 2012-12-11 01:55 -------- d-----w- c:\program files\Common Files\Bitdefender 2012-12-07 17:38 . 2012-12-07 17:38 -------- d-----w- c:\documents and settings\Trever\Local Settings\Application Data\PassMark 2012-12-07 17:38 . 2012-12-07 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Passmark 2012-12-07 17:37 . 2012-12-07 17:38 -------- d-----w- c:\program files\PerformanceTest 2012-12-07 16:58 . 2012-12-07 16:58 -------- d-----w- c:\windows\ERUNT 2012-12-07 16:58 . 2012-12-07 16:58 -------- d-----w- C:\JRT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-11 16:58 . 2012-12-11 16:58 242504 ----a-w- c:\windows\system32\drivers\avchv.sys.upd 2012-11-09 00:27 . 2012-04-13 16:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-09 00:27 . 2011-05-31 16:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-08 14:09 . 2012-11-08 14:09 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-10-22 08:43 . 2008-04-25 16:16 1875328 ----a-w- c:\windows\system32\win32k.sys 2012-10-12 21:20 . 2012-09-06 16:21 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-10-12 21:20 . 2010-05-18 20:45 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-02 18:04 . 2008-04-25 16:16 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-30 03:54 . 2011-03-18 22:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 07:16 . 2012-11-09 00:25 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-04-12 18:32 . 2012-12-05 16:31 289592 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2012-04-12 18:33 . 2012-12-05 16:31 151040 ----a-w- c:\program files\mozilla firefox\plugins\ptexmeet.dll 2012-12-05 16:32 . 2012-12-05 16:31 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-30 39408] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "updateMgr"="c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472] "DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-11-26 13105848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-16 1044480] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 141848] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-30 30192] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064] "Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Bdagent"="c:\program files\Bitdefender\Bitdefender Small Business Security\bdagent.exe" [2012-11-08 1612856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUlTTUItSjRMVVMtSkpRN0wtTUxNVkEtWjRDRFUtR0hYQUc&inst=NzYtNzQ1NTg5MDg5LVQyLVU5MCsxLVRQKzEtWE8zNisxLVBMKzktTjFEKzEtQ0lQKzItRERUKzEzMDAtVFVHKzMtU1QxMEFQUCsxLUREMTArMS1QMTBUQisy∏=97&ver=10.0.1427" [?] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-4-8 25214] Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [12/10/2012 6:20 PM 622616] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [1/30/2009 1:44 PM 24064] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [11/8/2012 6:09 AM 26984] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [12/10/2012 6:21 PM 72704] R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender Small Business Security\updatesrv.exe [12/10/2012 6:20 PM 55544] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 6:09 AM 711112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [12/10/2012 6:20 PM 116248] R3 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [12/10/2012 5:55 PM 161312] R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [1/30/2009 1:44 PM 176640] S2 gupdate1c9c75e6d835903;Google Update Service (gupdate1c9c75e6d835903);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2009 9:34 AM 133104] S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [12/10/2012 6:20 PM 481464] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?] S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [12/10/2012 6:20 PM 66392] S3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo32.sys [12/7/2012 9:37 AM 22120] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/30/2009 11:12 AM 30192] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 21653918 *Deregistered* - 21653918 . Contents of the 'Scheduled Tasks' folder c:\windows\Tasks\Adobe Flash Player Updater.job c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = about:blank mSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: Interfaces\{F0CD1790-B9CA-43F1-B67D-83AC7A37FA47}: NameServer = 68.94.156.1,68.94.156.2 FF - ProfilePath - c:\documents and settings\Trever\Application Data\Mozilla\Firefox\Profiles\y459zgd9.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - ExtSQL: !HIDDEN! 2009-08-01 17:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} - c:\program files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll ShellIconOverlayIdentifiers-{342DAA0B-D796-460D-8566-901E08A1CCAD} - c:\program files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll ShellIconOverlayIdentifiers-{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} - c:\program files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll ShellIconOverlayIdentifiers-{33816773-98AE-4723-ADE0-EBE54C8B5A67} - c:\program files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll SafeBoot-89083084.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-11 10:19 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2012-12-11 10:20:52 ComboFix-quarantined-files.txt 2012-12-11 18:20 ComboFix2.txt 2012-12-10 20:25 . Pre-Run: 123,348,295,680 bytes free Post-Run: 123,743,522,816 bytes free . - - End Of File - - 4F17E8FD538D6EA55B2C6A211BAC2CB6 running fine. there is a worm in my office though, so i think i am screwed today
  7. Post Merged We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped. Please be patient, someone will assist you as soon as possible. My office is being overrun and I think it started on this computer. I have about 6 computers that need cleaning and I need to do this now! DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2 Run by Sam at 9:30:49 on 2012-12-11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1303 [GMT -8:00] . AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: Bitdefender Firewall *Enabled* . ============== Running Processes ================ . C:\Program Files\Bitdefender\Bitdefender Small Business Security\vsserv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe C:\Program Files\Bitdefender\Bitdefender Small Business Security\updatesrv.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Bitdefender\Bitdefender Small Business Security\bdagent.exe C:\Documents and Settings\Sam\Local Settings\Application Data\Akamai\netsession_win.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Documents and Settings\Sam\Local Settings\Application Data\Akamai\netsession_win.exe C:\Documents and Settings\Sam\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k Akamai C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.special-toolbar-first-run-tlbrc-v2 BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files\startnow toolbar\Toolbar32.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files\startnow toolbar\Toolbar32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [Akamai NetSession Interface] "c:\documents and settings\sam\local settings\application data\akamai\netsession_win.exe" uRun: [startNow Search Protect] "c:\program files\startnow toolbar\search_protect.exe" /RELAY /REPORT /PROTECT mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [DLPSP] "c:\program files\dell printers\additional color laser software\status monitor\DLPSP.EXE" mRun: [DLUPDR] "c:\program files\dell printers\additional color laser software\updater\DLUPDR.EXE" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [bdagent] c:\program files\bitdefender\bitdefender small business security\bdagent.exe mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\sam\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\sam\application data\dropbox\bin\Dropbox.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {03A89EFD-E023-B100-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInst11.dll DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1354911305156 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251150393015 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://hslda.webex.com/client/T26L10NSP49EP26/nbr/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{3761BF18-7467-42F5-8DA9-5A7B07B4E268} : NameServer = 68.94.156.1,68.94.156.2 Hosts: 192.162.1.101 mail.streamlineplanning.net . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\sam\application data\mozilla\firefox\profiles\0xubmonx.default\ FF - prefs.js: browser.search.defaulturl - Bing FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z128&ocid=zdhp&install_date=20111221 FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\documents and settings\sam\application data\mozilla\firefox\profiles\0xubmonx.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\NPSWF32.dll FF - ExtSQL: 2012-10-23 08:13; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext FF - ExtSQL: 2012-12-10 17:53; toolbar@ask.com; c:\documents and settings\sam\application data\mozilla\firefox\profiles\0xubmonx.default\extensions\toolbar@ask.com FF - ExtSQL: !HIDDEN! 2009-08-25 10:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-12-10 622616] R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2012-12-10 161312] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2012-12-10 72704] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336] R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2009-8-24 140184] R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2012-6-22 265952] R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender small business security\updatesrv.exe [2012-12-10 55544] R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-12-10 481464] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2012-12-10 116248] S2 gupdate1ca251d6ec8b1ea;Google Update Service (gupdate1ca251d6ec8b1ea);c:\program files\google\update\GoogleUpdate.exe [2009-8-24 133104] S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-12-10 66392] S3 DIRECTIO;DIRECTIO;c:\program files\performancetest\DirectIo32.sys [2012-12-7 22120] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] . =============== File Associations =============== . FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-12-11 03:25:03 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-11 02:29:32 -------- d-----w- c:\documents and settings\sam\application data\Malwarebytes 2012-12-11 02:29:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-12-11 02:29:19 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-11 02:29:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-11 01:58:28 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-12-11 01:58:27 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-12-11 01:58:27 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-12-11 01:58:25 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe 2012-12-11 01:58:25 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe 2012-12-11 01:52:03 242504 ----a-w- c:\windows\system32\drivers\avchv.sys 2012-12-11 01:26:19 906228 ----a-w- c:\documents and settings\all users\application data\1355187317.bdinstall.bin 2012-12-11 01:13:40 -------- d-----w- c:\documents and settings\all users\application data\BDLogging 2012-12-11 01:13:30 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys 2012-12-11 01:13:19 116248 ----a-w- c:\windows\system32\drivers\bdfndisf.sys 2012-12-11 01:13:08 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys 2012-12-11 01:13:08 511328 ----a-w- c:\windows\capicom.dll 2012-12-11 01:12:55 481464 ----a-w- c:\windows\system32\drivers\avckf.sys 2012-12-11 01:12:54 622616 ----a-w- c:\windows\system32\drivers\avc3.sys 2012-12-11 01:01:12 -------- d-----w- c:\documents and settings\sam\application data\Bitdefender 2012-12-11 01:01:10 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender 2012-12-11 01:00:36 -------- d-----w- c:\documents and settings\sam\application data\QuickScan 2012-12-11 00:56:20 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys 2012-12-11 00:56:19 343456 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-12-11 00:56:19 -------- d-----w- c:\program files\Bitdefender 2012-12-11 00:39:33 -------- d-----w- c:\program files\common files\Bitdefender 2012-12-11 00:34:15 -------- d-----w- c:\program files\CPUID 2012-12-07 17:39:08 -------- d-----w- c:\documents and settings\sam\local settings\application data\PassMark 2012-12-07 17:38:37 -------- d-----w- c:\documents and settings\all users\application data\Passmark 2012-12-07 17:38:21 -------- d-----w- c:\program files\PerformanceTest . ==================== Find3M ==================== . 2012-12-11 03:24:42 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-12-11 03:24:41 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-12-11 03:24:41 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-07 18:19:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-07 18:19:33 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-23 15:12:27 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-10-23 15:12:27 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll . ============= FINISH: 9:31:12.82 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 8/24/2009 1:27:57 PM System Uptime: 12/10/2012 6:07:38 PM (15 hours ago) . Motherboard: Dell Inc. | | 0RN474 Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2327/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 108.854 GiB free. D: is CDROM (CDFS) Z: is NetworkDisk (NTFS) - 2081 GiB total, 1043.562 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1050: 9/13/2012 3:00:18 AM - Software Distribution Service 3.0 RP1051: 9/14/2012 3:42:05 AM - System Checkpoint RP1052: 9/15/2012 5:12:08 AM - System Checkpoint RP1053: 9/16/2012 6:42:05 AM - System Checkpoint RP1054: 9/17/2012 8:19:33 AM - System Checkpoint RP1055: 9/18/2012 10:12:15 AM - System Checkpoint RP1056: 9/19/2012 11:12:05 AM - System Checkpoint RP1057: 9/20/2012 12:54:12 AM - Avg Update RP1058: 9/21/2012 2:12:20 AM - System Checkpoint RP1059: 9/22/2012 2:12:42 AM - System Checkpoint RP1060: 9/22/2012 3:00:15 AM - Software Distribution Service 3.0 RP1061: 9/23/2012 3:42:43 AM - System Checkpoint RP1062: 9/24/2012 6:13:43 AM - System Checkpoint RP1063: 9/25/2012 6:42:43 AM - System Checkpoint RP1064: 9/26/2012 7:32:22 AM - System Checkpoint RP1065: 9/27/2012 9:02:07 AM - System Checkpoint RP1066: 9/28/2012 9:02:20 AM - System Checkpoint RP1067: 9/29/2012 10:32:20 AM - System Checkpoint RP1068: 9/30/2012 12:02:20 PM - System Checkpoint RP1069: 10/1/2012 2:39:09 PM - System Checkpoint RP1070: 10/2/2012 4:40:04 PM - System Checkpoint RP1071: 10/3/2012 6:14:47 PM - System Checkpoint RP1072: 10/4/2012 7:32:56 PM - System Checkpoint RP1073: 10/5/2012 9:02:56 PM - System Checkpoint RP1074: 10/6/2012 10:32:56 PM - System Checkpoint RP1075: 10/8/2012 12:02:56 AM - System Checkpoint RP1076: 10/9/2012 1:32:56 AM - System Checkpoint RP1077: 10/10/2012 1:33:16 AM - System Checkpoint RP1078: 10/11/2012 3:00:20 AM - Software Distribution Service 3.0 RP1079: 10/12/2012 3:25:08 AM - System Checkpoint RP1080: 10/13/2012 4:55:08 AM - System Checkpoint RP1081: 10/14/2012 6:25:09 AM - System Checkpoint RP1082: 10/15/2012 7:55:10 AM - System Checkpoint RP1083: 10/16/2012 9:25:10 AM - System Checkpoint RP1084: 10/17/2012 10:55:11 AM - System Checkpoint RP1085: 10/18/2012 12:25:11 PM - System Checkpoint RP1086: 10/19/2012 1:55:11 PM - System Checkpoint RP1087: 10/20/2012 3:25:11 PM - System Checkpoint RP1088: 10/21/2012 4:55:11 PM - System Checkpoint RP1089: 10/23/2012 10:00:25 AM - System Checkpoint RP1090: 10/24/2012 2:20:11 PM - Unsigned driver install RP1091: 10/25/2012 2:12:21 PM - Unsigned driver install RP1092: 10/26/2012 2:12:39 PM - System Checkpoint RP1093: 10/27/2012 3:42:39 PM - System Checkpoint RP1094: 10/28/2012 3:42:47 PM - System Checkpoint RP1095: 10/29/2012 5:12:39 PM - System Checkpoint RP1096: 10/30/2012 5:13:09 PM - System Checkpoint RP1097: 10/31/2012 5:13:15 PM - System Checkpoint RP1098: 11/1/2012 6:42:24 PM - System Checkpoint RP1099: 11/2/2012 6:43:15 PM - System Checkpoint RP1100: 11/3/2012 7:13:15 PM - System Checkpoint RP1101: 11/4/2012 8:43:15 PM - System Checkpoint RP1102: 11/5/2012 10:13:15 PM - System Checkpoint RP1103: 11/6/2012 10:13:40 PM - System Checkpoint RP1104: 11/7/2012 11:43:52 PM - System Checkpoint RP1105: 11/9/2012 1:13:40 AM - System Checkpoint RP1106: 11/10/2012 2:43:40 AM - System Checkpoint RP1107: 11/11/2012 4:13:40 AM - System Checkpoint RP1108: 11/12/2012 5:43:50 AM - System Checkpoint RP1109: 11/13/2012 7:13:40 AM - System Checkpoint RP1110: 11/14/2012 7:14:01 AM - System Checkpoint RP1111: 11/15/2012 3:00:18 AM - Software Distribution Service 3.0 RP1112: 11/16/2012 3:28:37 AM - System Checkpoint RP1113: 11/17/2012 4:58:36 AM - System Checkpoint RP1114: 11/18/2012 6:28:38 AM - System Checkpoint RP1115: 11/19/2012 7:58:36 AM - System Checkpoint RP1116: 11/20/2012 9:28:37 AM - System Checkpoint RP1117: 11/21/2012 12:26:30 PM - System Checkpoint RP1118: 11/22/2012 8:53:59 AM - Avg Update RP1119: 11/23/2012 9:28:37 AM - System Checkpoint RP1120: 11/24/2012 10:58:37 AM - System Checkpoint RP1121: 11/25/2012 12:28:37 PM - System Checkpoint RP1122: 11/26/2012 2:32:48 PM - System Checkpoint RP1123: 11/27/2012 5:56:24 PM - System Checkpoint RP1124: 11/28/2012 6:29:12 PM - System Checkpoint RP1125: 11/29/2012 7:00:18 PM - System Checkpoint RP1126: 11/30/2012 7:59:13 PM - System Checkpoint RP1127: 12/1/2012 9:29:13 PM - System Checkpoint RP1128: 12/2/2012 10:59:13 PM - System Checkpoint RP1129: 12/4/2012 12:29:12 AM - System Checkpoint RP1130: 12/5/2012 12:29:36 AM - System Checkpoint RP1131: 12/6/2012 1:59:38 AM - System Checkpoint RP1132: 12/7/2012 3:29:36 AM - System Checkpoint RP1133: 12/7/2012 10:06:07 AM - Software Distribution Service 3.0 RP1134: 12/8/2012 10:17:09 AM - System Checkpoint RP1135: 12/9/2012 11:47:09 AM - System Checkpoint RP1136: 12/10/2012 11:56:17 AM - System Checkpoint RP1137: 12/10/2012 4:40:38 PM - Removed AVG 9.0 RP1138: 12/10/2012 4:52:23 PM - Installed AVG 9.0 RP1139: 12/10/2012 6:20:31 PM - Removed Ask Toolbar. RP1140: 12/10/2012 7:24:29 PM - Installed Java 7 Update 9 RP1141: 12/10/2012 7:28:05 PM - Removed Java™ 6 Update 33 . ==== Installed Programs ====================== . Add or Remove Adobe Creative Suite 3 Web Premium Adobe Acrobat 8 Professional Adobe Acrobat 8.3.1 - CPSID_83708 Adobe Acrobat 8.3.1 Professional Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Community Help Adobe Contribute CS3 Adobe Creative Suite 3 Web Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Fireworks CS3 Adobe Flash CS3 Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe Linguistics CS3 Adobe Media Player Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server {ko_KR} Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AHV content for Acrobat and Flash Akamai NetSession Interface Akamai NetSession Interface Service Apple Application Support Apple Software Update AutoCAD Map 2000 Bitdefender Small Business Security Canon MX870 series MP Drivers CPUID CPU-Z 1.62 Dell Driver Download Manager Dell Printer Software Dell Resource CD Designjet Software & Driver Installation Wizard Dropbox EPSON Printer Software FileZilla Client 3.3.4.1 Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater GoToMeeting 5.1.0.880 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) iLinc 11 Client Intel® PRO Network Connections 12.1.12.0 Java 7 Update 9 Java Auto Updater Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service NVIDIA Drivers OGA Notifier 2.0.0048.0 OpenOffice.org 3.2 PDF Settings PDF Settings CS5 PerformanceTest v8.0 PowerDVD QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Update Manager SAT10 California North Data Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SHARP MX/DX Series PCL/PS Printer Driver Sonic Activation Module StartNow Toolbar The Weather Channel Desktop 6 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows Internet Explorer 8 (KB2362765) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebEx WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows XP Service Pack 3 WinTR-55, Version 1.00.09 XMap 3.5 Yahoo! Install Manager Yahoo! Software Update Yahoo! Toolbar Zimbra Desktop . ==== End Of File =========================== BitDefender reports 3 password protected files that cannot be scanned. I am freaking out, please respond as soon as possible :/
  8. .... 09:15:13.0734 2368 ============================================================ 09:15:13.0734 2368 Scan finished 09:15:13.0734 2368 ============================================================ 09:15:13.0828 0760 Detected object count: 4 09:15:13.0828 0760 Actual detected object count: 4 09:15:53.0171 0760 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user 09:15:53.0171 0760 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:15:53.0171 0760 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - skipped by user 09:15:53.0171 0760 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:15:53.0171 0760 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user 09:15:53.0171 0760 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:15:53.0265 0760 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 09:15:53.0359 0760 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 09:15:53.0875 0760 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 09:15:54.0390 0760 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 09:15:55.0031 0760 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 09:15:55.0781 0760 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 09:15:56.0421 0760 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 09:15:56.0906 0760 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 09:15:57.0093 0760 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 09:15:57.0093 0760 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 09:15:57.0343 0760 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 09:15:58.0046 0760 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 09:15:58.0500 0760 \Device\Harddisk0\DR0\TDLFS - deleted 09:15:58.0500 0760 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 09:16:35.0046 0372 Deinitialize success
  9. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-10 19:07:06 ----------------------------- 19:07:06.281 OS Version: Windows 5.1.2600 Service Pack 3 19:07:06.281 Number of processors: 2 586 0x1706 19:07:06.281 ComputerName: 090209-1 UserName: Trever 19:07:06.968 Initialize success 19:15:26.984 AVAST engine defs: 12121000 19:15:59.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 19:15:59.640 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3 19:15:59.671 Disk 0 MBR read successfully 19:15:59.671 Disk 0 MBR scan 19:15:59.734 Disk 0 Windows VISTA default MBR code 19:15:59.734 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63 19:15:59.781 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152531 MB offset 112455 19:15:59.796 Disk 0 scanning sectors +312496380 19:15:59.875 Disk 0 scanning C:\WINDOWS\system32\drivers 19:16:08.468 Service scanning 19:16:10.843 Service Bdfndisf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys **LOCKED** 5 19:16:10.890 Service bdftdif C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys **LOCKED** 5 19:16:11.187 Service bdselfpr C:\Program Files\Bitdefender\Bitdefender Small Business Security\bdselfpr.sys **LOCKED** 5 19:16:26.281 Modules scanning 19:16:37.234 Disk 0 trace - called modules: 19:16:37.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 19:16:37.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89db9ab8] 19:16:37.250 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89e10868] 19:16:37.656 AVAST engine scan C:\WINDOWS 19:16:51.843 AVAST engine scan C:\WINDOWS\system32 19:19:30.921 AVAST engine scan C:\WINDOWS\system32\drivers 19:19:45.312 AVAST engine scan C:\Documents and Settings\Trever 19:44:28.968 AVAST engine scan C:\Documents and Settings\All Users 19:44:58.843 Scan finished successfully 19:56:00.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Trever\Desktop\MBR.dat" 19:56:00.500 The log file has been saved successfully to "C:\Documents and Settings\Trever\Desktop\aswMBR.txt"
  10. TDSS log too long to paste, so attaching. let me know if i have to paste multiple segments TDSSKiller.2.8.15.0_10.12.2012_18.58.37_log.txt
  11. ComboFix 12-12-10.01 - Trever 12/10/2012 12:12:22.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1343 [GMT -8:00] Running from: c:\documents and settings\Trever\Desktop\ComboFix.exe AV: AVG Internet Security Business Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\278748p3n660b523w120l3byy0n2 c:\documents and settings\Trever\g2mdlhlpx.exe c:\windows\system32\Cache c:\windows\system32\Cache\23354139800c9ccb.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\29aa1657b636da8c.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\62ce985b0bd3374e.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\dcf32715c29bded7.fb c:\windows\system32\Cache\dfb5b53420cd4b68.fb c:\windows\system32\Cache\e0de16f883bea794.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\wininit.ini D:\Autorun.inf D:\Setup.exe . c:\windows\system32\drivers\i8042prt.sys . . . is missing!! . . ((((((((((((((((((((((((( Files Created from 2012-11-10 to 2012-12-10 ))))))))))))))))))))))))))))))) . . 2012-12-07 17:38 . 2012-12-07 17:38 -------- d-----w- c:\documents and settings\Trever\Local Settings\Application Data\PassMark 2012-12-07 17:38 . 2012-12-07 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Passmark 2012-12-07 17:37 . 2012-12-07 17:38 -------- d-----w- c:\program files\PerformanceTest 2012-12-07 16:58 . 2012-12-07 16:58 -------- d-----w- c:\windows\ERUNT 2012-12-07 16:58 . 2012-12-07 16:58 -------- d-----w- C:\JRT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-09 00:27 . 2012-04-13 16:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-09 00:27 . 2011-05-31 16:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-08 14:09 . 2012-11-08 14:09 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-10-22 08:43 . 2008-04-25 16:16 1875328 ----a-w- c:\windows\system32\win32k.sys 2012-10-12 21:20 . 2012-09-06 16:21 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-10-12 21:20 . 2010-05-18 20:45 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-02 18:04 . 2008-04-25 16:16 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-30 03:54 . 2011-03-18 22:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 07:16 . 2012-11-09 00:25 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-04-12 18:32 . 2012-12-05 16:31 289592 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2012-04-12 18:33 . 2012-12-05 16:31 151040 ----a-w- c:\program files\mozilla firefox\plugins\ptexmeet.dll 2012-12-05 16:32 . 2012-12-05 16:31 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-30 39408] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "updateMgr"="c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472] "DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-11-26 13105848] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-16 1044480] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 141848] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-30 30192] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064] "Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-4-8 25214] Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"= "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgam.exe"= "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 3:03 PM 32592] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [1/30/2009 1:44 PM 24064] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 248656] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/4/2011 11:59 PM 297168] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [11/8/2012 6:09 AM 26984] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 4:33 AM 269520] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 6:09 AM 711112] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 8:28 PM 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 27216] R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [1/30/2009 1:44 PM 176640] S2 gupdate1c9c75e6d835903;Google Update Service (gupdate1c9c75e6d835903);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2009 9:34 AM 133104] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [8/1/2011 11:59 AM 167264] S3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo32.sys [12/7/2012 9:37 AM 22120] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/30/2009 11:12 AM 30192] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 00:27] . 2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 17:34] . 2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 17:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: Interfaces\{F0CD1790-B9CA-43F1-B67D-83AC7A37FA47}: NameServer = 68.94.156.1,68.94.156.2 FF - ProfilePath - c:\documents and settings\Trever\Application Data\Mozilla\Firefox\Profiles\y459zgd9.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - ExtSQL: !HIDDEN! 2009-08-01 17:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe HKLM-Run-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe AddRemove-SearchAssist - c:\dell\SearchAssist\UninstSA.bat AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-10 12:20 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3896) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG10\avgchsvx.exe c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe c:\program files\AVG\AVG10\avgnsx.exe c:\program files\AVG\AVG10\avgcsrvx.exe c:\windows\system32\igfxsrvc.exe c:\program files\AVG\AVG10\avgcsrvx.exe c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe c:\progra~1\AVG\AVG10\avgrsx.exe c:\program files\AVG\AVG10\avgcsrvx.exe . ************************************************************************** . Completion time: 2012-12-10 12:25:47 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-10 20:25 . Pre-Run: 125,259,177,984 bytes free Post-Run: 126,031,798,272 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 787EA8DC7F32E658DE4BB5AB3AF9D19F
  12. sorry, accidentally reposted RogueKiller log Everything went smooth with ComboFix, everything seems to be running fine
  13. <p> </p> <div>ComboFix 12-12-10.01 - Trever 12/10/2012 12:12:22.1.2 - x86</div> <div>Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1343 [GMT -8:00]</div> <div>Running from: c:\documents and settings\Trever\Desktop\ComboFix.exe</div> <div>AV: AVG Internet Security Business Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\documents and settings\All Users\Application Data\278748p3n660b523w120l3byy0n2</div> <div>c:\documents and settings\Trever\g2mdlhlpx.exe</div> <div>c:\windows\system32\Cache</div> <div>c:\windows\system32\Cache\23354139800c9ccb.fb</div> <div>c:\windows\system32\Cache\272512937d9e61a4.fb</div> <div>c:\windows\system32\Cache\287204568329e189.fb</div> <div>c:\windows\system32\Cache\28bc8f716fd76a47.fb</div> <div>c:\windows\system32\Cache\29aa1657b636da8c.fb</div> <div>c:\windows\system32\Cache\2c53092c95605355.fb</div> <div>c:\windows\system32\Cache\31a0997e9a5b5eb3.fb</div> <div>c:\windows\system32\Cache\32c84fe32bb74d60.fb</div> <div>c:\windows\system32\Cache\3917078cb68ec657.fb</div> <div>c:\windows\system32\Cache\590ba23ce359fd0c.fb</div> <div>c:\windows\system32\Cache\610289e025a3ee9a.fb</div> <div>c:\windows\system32\Cache\62ce985b0bd3374e.fb</div> <div>c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb</div> <div>c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb</div> <div>c:\windows\system32\Cache\6d03dad1035885d3.fb</div> <div>c:\windows\system32\Cache\a8556537add6dfc5.fb</div> <div>c:\windows\system32\Cache\ad10a52aff5e038d.fb</div> <div>c:\windows\system32\Cache\c1fa887b03019701.fb</div> <div>c:\windows\system32\Cache\c4d28dca2e7648be.fb</div> <div>c:\windows\system32\Cache\d201ef9910cd39de.fb</div> <div>c:\windows\system32\Cache\d2e94710a5708128.fb</div> <div>c:\windows\system32\Cache\d79b9dfe81484ec4.fb</div> <div>c:\windows\system32\Cache\dcf32715c29bded7.fb</div> <div>c:\windows\system32\Cache\dfb5b53420cd4b68.fb</div> <div>c:\windows\system32\Cache\e0de16f883bea794.fb</div> <div>c:\windows\system32\Cache\f998975c9cc711ee.fb</div> <div>c:\windows\system32\URTTemp</div> <div>c:\windows\system32\URTTemp\fusion.dll</div> <div>c:\windows\system32\URTTemp\mscoree.dll</div> <div>c:\windows\system32\URTTemp\mscoree.dll.local</div> <div>c:\windows\system32\URTTemp\mscorsn.dll</div> <div>c:\windows\system32\URTTemp\mscorwks.dll</div> <div>c:\windows\system32\URTTemp\msvcr71.dll</div> <div>c:\windows\system32\URTTemp\regtlib.exe</div> <div>c:\windows\wininit.ini</div> <div>D:\Autorun.inf</div> <div>D:\Setup.exe</div> <div>.</div> <div>c:\windows\system32\drivers\i8042prt.sys . . . is missing!!</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2012-11-10 to 2012-12-10 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2012-12-07 17:38 . 2012-12-07 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Trever\Local Settings\Application Data\PassMark</div> <div>2012-12-07 17:38 . 2012-12-07 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\Passmark</div> <div>2012-12-07 17:37 . 2012-12-07 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\PerformanceTest</div> <div>2012-12-07 16:58 . 2012-12-07 16:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\ERUNT</div> <div>2012-12-07 16:58 . 2012-12-07 16:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\JRT</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2012-11-09 00:27 . 2012-04-13 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>697272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerApp.exe</div> <div>2012-11-09 00:27 . 2011-05-31 16:01<span class="Apple-tab-span" style="white-space:pre"> </span>73656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div> <div>2012-11-08 14:09 . 2012-11-08 14:09<span class="Apple-tab-span" style="white-space:pre"> </span>26984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgtpx86.sys</div> <div>2012-10-22 08:43 . 2008-04-25 16:16<span class="Apple-tab-span" style="white-space:pre"> </span>1875328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div> <div>2012-10-12 21:20 . 2012-09-06 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>821736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\npdeployJava1.dll</div> <div>2012-10-12 21:20 . 2010-05-18 20:45<span class="Apple-tab-span" style="white-space:pre"> </span>746984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div> <div>2012-10-02 18:04 . 2008-04-25 16:16<span class="Apple-tab-span" style="white-space:pre"> </span>58368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\synceng.dll</div> <div>2012-09-30 03:54 . 2011-03-18 22:57<span class="Apple-tab-span" style="white-space:pre"> </span>22856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-09-25 07:16 . 2012-11-09 00:25<span class="Apple-tab-span" style="white-space:pre"> </span>93672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAccessBridge.dll</div> <div>2012-04-12 18:32 . 2012-12-05 16:31<span class="Apple-tab-span" style="white-space:pre"> </span>289592<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\plugins\ieatgpc.dll</div> <div>2012-04-12 18:33 . 2012-12-05 16:31<span class="Apple-tab-span" style="white-space:pre"> </span>151040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\plugins\ptexmeet.dll</div> <div>2012-12-05 16:32 . 2012-12-05 16:31<span class="Apple-tab-span" style="white-space:pre"> </span>262112<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\components\browsercomps.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]</div> <div>"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-30 39408]</div> <div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]</div> <div>"updateMgr"="c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]</div> <div>"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-11-26 13105848]</div> <div>"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-16 1044480]</div> <div>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]</div> <div>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]</div> <div>"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 141848]</div> <div>"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-30 30192]</div> <div>"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]</div> <div>"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]</div> <div>"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]</div> <div>"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]</div> <div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]</div> <div>"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]</div> <div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]</div> <div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</div> <div>.</div> <div>c:\documents and settings\All Users\Start Menu\Programs\Startup\</div> <div>Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-4-8 25214]</div> <div>Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div> <div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\security center]</div> <div>"AntiVirusOverride"=dword:00000001</div> <div>"FirewallOverride"=dword:00000001</div> <div>.</div> <div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]</div> <div>"EnableFirewall"= 0 (0x0)</div> <div>"DisableNotifications"= 1 (0x1)</div> <div>.</div> <div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</div> <div>"%windir%\\Network Diagnostic\\xpnetdiag.exe"=</div> <div>"%windir%\\system32\\sessmgr.exe"=</div> <div>"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=</div> <div>"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=</div> <div>.</div> <div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]</div> <div>"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009</div> <div>.</div> <div>R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 22992]</div> <div>R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 3:03 PM 32592]</div> <div>R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [1/30/2009 1:44 PM 24064]</div> <div>R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 248656]</div> <div>R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/4/2011 11:59 PM 297168]</div> <div>R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [11/8/2012 6:09 AM 26984]</div> <div>R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]</div> <div>R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 4:33 AM 269520]</div> <div>R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 6:09 AM 711112]</div> <div>R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 8:28 PM 134480]</div> <div>R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24144]</div> <div>R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 27216]</div> <div>R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [1/30/2009 1:44 PM 176640]</div> <div>S2 gupdate1c9c75e6d835903;Google Update Service (gupdate1c9c75e6d835903);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2009 9:34 AM 133104]</div> <div>S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [8/1/2011 11:59 AM 167264]</div> <div>S3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo32.sys [12/7/2012 9:37 AM 22120]</div> <div>S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/30/2009 11:12 AM 30192]</div> <div>.</div> <div>--- Other Services/Drivers In Memory ---</div> <div>.</div> <div>*NewlyCreated* - WS2IFSL</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2012-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job</div> <div>- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 00:27]</div> <div>.</div> <div>2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 17:34]</div> <div>.</div> <div>2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 17:34]</div> <div>.</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uStart Page = hxxp://www.google.com/</div> <div>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8</div> <div>mSearch Bar = hxxp://www.google.com/ie</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>uSearchAssistant = hxxp://www.google.com/ie</div> <div>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s</div> <div>IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html</div> <div>IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html</div> <div>IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html</div> <div>IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html</div> <div>IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html</div> <div>IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html</div> <div>IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html</div> <div>IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html</div> <div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000</div> <div>TCP: Interfaces\{F0CD1790-B9CA-43F1-B67D-83AC7A37FA47}: NameServer = 68.94.156.1,68.94.156.2</div> <div>FF - ProfilePath - c:\documents and settings\Trever\Application Data\Mozilla\Firefox\Profiles\y459zgd9.default\</div> <div>FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/</div> <div>FF - ExtSQL: !HIDDEN! 2009-08-01 17:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)</div> <div>WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)</div> <div>HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe</div> <div>HKLM-Run-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe</div> <div>HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe</div> <div>HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe</div> <div>HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe</div> <div>AddRemove-SearchAssist - c:\dell\SearchAssist\UninstSA.bat</div> <div>AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe</div> <div>.</div> <div>.</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div> <div>Rootkit scan 2012-12-10 12:20</div> <div>Windows 5.1.2600 Service Pack 3 NTFS</div> <div>.</div> <div>scanning hidden processes ... </div> <div>.</div> <div>scanning hidden autostart entries ... </div> <div>.</div> <div>scanning hidden files ... </div> <div>.</div> <div>scan completed successfully</div> <div>hidden files: 0</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div> <div>@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker5"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>--------------------- DLLs Loaded Under Running Processes ---------------------</div> <div>.</div> <div>- - - - - - - > 'explorer.exe'(3896)</div> <div>c:\windows\system32\WININET.dll</div> <div>c:\progra~1\WINDOW~2\wmpband.dll</div> <div>c:\windows\system32\ieframe.dll</div> <div>c:\windows\system32\webcheck.dll</div> <div>c:\windows\system32\WPDShServiceObj.dll</div> <div>c:\windows\system32\PortableDeviceTypes.dll</div> <div>c:\windows\system32\PortableDeviceApi.dll</div> <div>.</div> <div>------------------------ Other Running Processes ------------------------</div> <div>.</div> <div>c:\progra~1\AVG\AVG10\avgchsvx.exe</div> <div>c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe</div> <div>c:\program files\Java\jre7\bin\jqs.exe</div> <div>c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE</div> <div>c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe</div> <div>c:\program files\AVG\AVG10\avgnsx.exe</div> <div>c:\program files\AVG\AVG10\avgcsrvx.exe</div> <div>c:\windows\system32\igfxsrvc.exe</div> <div>c:\program files\AVG\AVG10\avgcsrvx.exe</div> <div>c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe</div> <div>c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe</div> <div>c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe</div> <div>c:\progra~1\AVG\AVG10\avgrsx.exe</div> <div>c:\program files\AVG\AVG10\avgcsrvx.exe</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>Completion time: 2012-12-10 12:25:47 - machine was rebooted</div> <div>ComboFix-quarantined-files.txt 2012-12-10 20:25</div> <div>.</div> <div>Pre-Run: 125,259,177,984 bytes free</div> <div>Post-Run: 126,031,798,272 bytes free</div> <div>.</div> <div>WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe</div> <div>[boot loader]</div> <div>timeout=2</div> <div>default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS</div> <div>[operating systems]</div> <div>c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons</div> <div>UnsupportedDebug="do not select this" /debug</div> <div>multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect</div> <div>.</div> <div>- - End Of File - - 787EA8DC7F32E658DE4BB5AB3AF9D19F</div> <div> </div>
  14. <p> </p> <div>RogueKiller V8.3.2 [Dec 10 2012] by Tigzy</div> <div>mail : tigzyRK<at>gmail<dot>com</div> <div>Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/</div> <div>Website : http://tigzy.geekstogo.com/roguekiller.php</div> <div>Blog : http://tigzyrk.blogspot.com/</div> <div> </div> <div>Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version</div> <div>Started in : Normal mode</div> <div>User : Trever [Admin rights]</div> <div>Mode : Remove -- Date : 12/10/2012 10:34:07</div> <div> </div> <div>¤¤¤ Bad processes : 0 ¤¤¤</div> <div> </div> <div>¤¤¤ Registry Entries : 7 ¤¤¤</div> <div>[RUN][sUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe") -> NOT SELECTED</div> <div>[RUN][sUSP PATH] HKUS\S-1-5-21-1198985783-2064903472-3376527418-1009[...]\Run : DW6 ("C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe") -> NOT SELECTED</div> <div>[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{F0CD1790-B9CA-43F1-B67D-83AC7A37FA47} : NameServer (68.94.156.1,68.94.156.2) -> NOT REMOVED, USE DNSFIX</div> <div>[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{F0CD1790-B9CA-43F1-B67D-83AC7A37FA47} : NameServer (68.94.156.1,68.94.156.2) -> NOT REMOVED, USE DNSFIX</div> <div>[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED</div> <div>[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED</div> <div>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</div> <div> </div> <div>¤¤¤ Particular Files / Folders: ¤¤¤</div> <div> </div> <div>¤¤¤ Driver : [LOADED] ¤¤¤</div> <div> </div> <div>¤¤¤ HOSTS File: ¤¤¤</div> <div>--> C:\WINDOWS\system32\drivers\etc\hosts</div> <div> </div> <div>127.0.0.1 localhost</div> <div>192.162.1.101 mail.streamlineplanning.net</div> <div> </div> <div> </div> <div>¤¤¤ MBR Check: ¤¤¤</div> <div> </div> <div>+++++ PhysicalDrive0: ST3160815AS +++++</div> <div>--- User ---</div> <div>[MBR] 67233919a35bde2b729d19b979dd8050</div> <div>[bSP] 33011a5e6af84273cc2c64e92fc9f6b2 : Windows Vista MBR Code</div> <div>Partition table:</div> <div>0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo</div> <div>1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 152531 Mo</div> <div>User = LL1 ... OK!</div> <div>User = LL2 ... OK!</div> <div> </div> <div>+++++ PhysicalDrive1: Seagate FreeAgent USB Device +++++</div> <div>--- User ---</div> <div>[MBR] 77f831d9d15abfa57da59a4cce1ee445</div> <div>[bSP] 82fe28914a85383e040a5bd3b8bb5c88 : Windows XP MBR Code</div> <div>Partition table:</div> <div>0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1430796 Mo</div> <div>User = LL1 ... OK!</div> <div>Error reading LL2 MBR!</div> <div> </div> <div>Finished : << RKreport[2]_D_12102012_02d1034.txt >></div> <div>RKreport[1]_S_12102012_02d1032.txt ; RKreport[2]_D_12102012_02d1034.txt</div> <div> </div> <div> </div> <div> </div>
  15. The user really likes their Weather Channel Desktop app, so I left those in for now. RogueKiller found 2 suspicious paths related to the app, I'll definitely remove it if it's a concern!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.