Jump to content


Photo
- - - - -

Malwarebytes successfully blocked access to a potentially malicious website.


  • This topic is locked This topic is locked
49 replies to this topic

#1 XLR8

XLR8

    New Member

  • Members
  • Pip
  • 25 posts

Posted 21 April 2012 - 07:48 PM

Hello,

For the past month or so, my current antivirus (BitDefender) always blocked certain IPs, claiming it was a virus of some sorts. I scanned the computer, and it didn't detect anything. But the message kept popping up. So I download Malwarebytes and ran that because many people recommended it (and I've used it before on another computer). It didn't detect anything either. However, the message "Malwarebytes successfully blocked access to a potentially malicious website" appears every so often, and many different IPs — just like my antivirus, with the application it's trying to connect through. I'm sure it wasn't the application itself, but I deleted it anyways because I never use it (AVG linkscanner). However the message kept popping up, this time through firefox. I search the forum/googled some answers and most posters said to download and run a few programs (Combofix, etc) but it wasn't recommended unless someone specifically said to do so, so I didn't run it. (Combofix was the one I downloaded, if interested).

I bought the PRO version of Malwarebytes and scanned, but the message still pops up. I've pasted the requested DDS.txt & Attach.txt files below:

Attach.txt

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 21/09/2009 19:40:47
System Uptime: 22/04/2012 01:05:39 (0 hours ago)
.
Motherboard: Dell Inc. | | 0655KV
Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 2401/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 314.21 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 6.621 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP574: 13/03/2012 21:05:51 - Scheduled Checkpoint
RP575: 13/03/2012 22:42:03 - Windows Update
RP576: 14/03/2012 18:02:37 - Windows Update
RP577: 16/03/2012 19:02:52 - Windows Update
RP578: 19/03/2012 20:06:39 - Scheduled Checkpoint
RP579: 20/03/2012 17:42:22 - Windows Update
RP580: 23/03/2012 18:39:20 - Windows Update
RP581: 27/03/2012 18:52:36 - Windows Update
RP582: 30/03/2012 17:04:41 - Windows Update
RP583: 31/03/2012 20:18:44 - Scheduled Checkpoint
RP584: 03/04/2012 10:07:36 - Windows Update
RP585: 06/04/2012 11:00:45 - Windows Update
RP586: 10/04/2012 12:47:01 - Windows Update
RP587: 11/04/2012 17:13:21 - Scheduled Checkpoint
RP588: 13/04/2012 12:22:43 - Windows Update
RP589: 13/04/2012 13:27:40 - Windows Update
RP590: 13/04/2012 13:39:36 - Installed Java™ 6 Update 31
RP591: 15/04/2012 16:20:08 - Windows Live Essentials
RP592: 15/04/2012 16:22:28 - Installed DirectX
RP593: 15/04/2012 16:23:46 - Installed DirectX
RP594: 17/04/2012 12:47:36 - Windows Update
RP595: 20/04/2012 11:45:53 - Windows Update
RP596: 21/04/2012 17:00:07 - Removed AVG LinkScanner® 8.5
RP597: 21/04/2012 17:02:26 - Installed AVG LinkScanner® 8.5
RP598: 21/04/2012 17:16:48 - Removed BitDefender Total Security 2010
RP599: 21/04/2012 17:57:31 - Device Driver Package Install: BITDEFENDER S.R.L. System devices
RP600: 21/04/2012 18:48:04 - Device Driver Package Install: BitDefender LLC Network Service
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Action Replay Code Manager
Action Replay DSi Code Manager
Adobe AIR
Adobe Community Help
Adobe Media Player
Adobe Reader 9.3.3
Advanced Audio FX Engine
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
Audacity 1.2.6
Audacity 1.3.14 (Unicode)
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Online
Dell Getting Started Guide
Dell Video Chat
Dell Webcam Central
Deus Ex: Game of the Year Edition
DiskAid 5.09
DivX Setup
Facebook Plug-In
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
intelliScore Polyphonic MP3 to MIDI Converter Demo
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.61.0.1400
MediaWidget 6.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MorphVOX Junior
Mozilla Firefox 11.0 (x86 en-GB)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton Security Scan
Notepad++
PowerDVD DX
Quick PDF Converter v4.1
QuickTime
Ralink RT2870 Wireless LAN Card
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Segoe UI
Skins
Skype Click to Call
Skype™ 5.5
Spelling Dictionaries Support For Adobe Reader 9
Steam
SwiftKit
Switch Sound File Converter
Synthesia (remove only)
Team Fortress 2
Uniblue RegistryBooster 2010
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.1.4
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Xilisoft iPod Video Converter 6
Yahoo! Toolbar
YouTube Downloader 3.5
YouTube Video Downloader 2.7.1
.
==== Event Viewer Messages From Past Week ========
.
22/04/2012 01:14:42, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
22/04/2012 01:12:04, Error: Service Control Manager [7024] - The KtmRm for Distributed Transaction Coordinator service terminated with service-specific error 2147942438 (0x80070026).
22/04/2012 01:11:20, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/04/2012 01:11:16, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
22/04/2012 00:25:52, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
21/04/2012 23:49:26, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
21/04/2012 18:39:43, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdftdif
21/04/2012 18:18:19, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
21/04/2012 17:47:48, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): 'SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
21/04/2012 17:46:51, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
21/04/2012 13:52:09, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
21/04/2012 13:39:12, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.66 for the Network Card with network address 0C6076050406 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
20/04/2012 17:09:31, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
20/04/2012 17:09:31, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/04/2012 17:07:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
18/04/2012 14:53:56, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
18/04/2012 14:53:56, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/04/2012 15:48:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
16/04/2012 15:48:58, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/04/2012 15:48:27, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
15/04/2012 16:22:23, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
15/04/2012 16:22:23, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/04/2012 16:22:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by XLR8 at 1:38:29 on 2012-04-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4091.1526 [GMT 1:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\XLR8\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehmsas.exe
C:\Users\XLR8\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\XLR8\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Users\XLR8\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Bitdefender\Bitdefender 2012\antispam32\bdimguiaux.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\SwiftKit-RS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Bitdefender\Bitdefender 2012\downloader.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\osk.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVGLS\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\XLR8\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [KeyMapperStarup] C:\Users\XLR8\Downloads\kr_free\KeyRemapper.exe /background
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\XLR8\AppData\Local\Akamai\netsession_win.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BSDAppUpdater] "C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRunOnce: [<NO NAME>] OSK.exe
StartupFolder: C:\Users\XLR8\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download Video on This Page - C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: Download Video This Links To - C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/212
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{12BE45FF-D7C4-47ED-BA6C-EF3E7037FA4F} : DhcpNameServer = 172.168.1.161
TCP: Interfaces\{A2CBE3C9-DCCC-4EA3-B6B9-C40CDB4AA8A6} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVGLS\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BSDAppUpdater] "C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\XLR8\AppData\Roaming\Mozilla\Firefox\Profiles\hfw5513s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1b650dc5-1bb6-434d-b15a-03d8a2e77959%7D&mid=85c0193d7cd9b3d8d52964610ed4c1d8-93cd5f6c99ff30966b8fcfa185b37fd07afaf0b6&ds=AVG&v=9.0.0.18.3&lang=us&pr=&d=2012-02-23%2010%3A36%3A05&sap=ku&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\XLR8\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\XLR8\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\Bitdefender Firewall\bdfndisf6.sys [2011-11-14 90192]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-21 21504]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-16 654408]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\BitDefender\Bitdefender 2012\updatesrv.exe [2012-3-13 66096]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2008-1-21 21504]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA013Ufd.sys --> C:\Windows\system32\DRIVERS\OA013Ufd.sys [?]
R3 OA013Vid;Creative Camera OA013 Function Driver;C:\Windows\system32\DRIVERS\OA013Vid.sys --> C:\Windows\system32\DRIVERS\OA013Vid.sys [?]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]
S3 ActionReplayDS;ActionReplayDS;C:\Windows\system32\Drivers\ActionReplayDS_x64.sys --> C:\Windows\system32\Drivers\ActionReplayDS_x64.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-21 253088]
S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\rt2870.sys --> C:\Windows\system32\DRIVERS\rt2870.sys [?]
S3 SafeBox;SafeBox;C:\Program Files\BitDefender\Bitdefender Safebox\safeboxservice.exe [2012-2-21 75384]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-22 00:04:15 711240 ----a-w- C:\Windows\isRS-000.tmp
2012-04-21 22:50:19 98816 ----a-w- C:\Windows\sed.exe
2012-04-21 22:50:19 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-21 22:50:19 256000 ----a-w- C:\Windows\PEV.exe
2012-04-21 22:50:19 208896 ----a-w- C:\Windows\MBR.exe
2012-04-21 22:50:06 -------- d-s---w- C:\ComboFix
2012-04-21 17:53:04 245113 ----a-w- C:\ProgramData\1335030144.bdinstall.bin
2012-04-21 17:49:51 -------- d-----w- C:\Windows\LastGood.Tmp
2012-04-21 17:46:47 -------- d-----w- C:\Users\XLR8\AppData\Roaming\Bitdefender
2012-04-21 17:46:31 -------- d-----w- C:\ProgramData\Bitdefender
2012-04-21 17:42:41 442088 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2012-04-21 17:42:40 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2012-04-21 17:36:29 22638 ----a-w- C:\ProgramData\1335029787.bdinstall.bin
2012-04-21 17:35:54 104594 ----a-w- C:\ProgramData\1335029638.bdinstall.bin
2012-04-21 17:17:50 178583 ----a-w- C:\ProgramData\1335027244.bdinstall.bin
2012-04-21 17:04:57 -------- d-----w- C:\ProgramData\BDLogging
2012-04-21 17:00:21 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-04-21 17:00:20 42064 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-04-21 17:00:19 654928 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-04-21 16:44:11 22632 ----a-w- C:\ProgramData\1335026645.bdinstall.bin
2012-04-21 16:43:39 217745 ----a-w- C:\ProgramData\1335025918.bdinstall.bin
2012-04-21 16:36:51 -------- d-----w- C:\Users\XLR8\AppData\Roaming\QuickScan
2012-04-21 13:44:33 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-21 12:55:30 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-21 12:47:48 -------- d-----w- C:\Users\XLR8\AppData\Local\{A9098E9F-B018-46FE-B911-4DEE784E64C6}
2012-04-21 12:47:36 -------- d-----w- C:\Users\XLR8\AppData\Local\{876608F2-18A5-4309-B83F-F148C4588308}
2012-04-20 22:41:43 -------- d-----w- C:\Users\XLR8\AppData\Local\{E4ACDA7A-CB67-4E14-AFC9-6B828898A9A5}
2012-04-20 22:41:32 -------- d-----w- C:\Users\XLR8\AppData\Local\{E6A037D7-3D68-4C23-A503-87844A0D2B52}
2012-04-20 10:49:53 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9B519FED-0F75-41C3-A1A6-75D639C51419}\mpengine.dll
2012-04-20 10:41:00 -------- d-----w- C:\Users\XLR8\AppData\Local\{07B16678-BDE3-4F00-BBD0-F22D02DAA4CA}
2012-04-20 10:40:38 -------- d-----w- C:\Users\XLR8\AppData\Local\{7F80CD39-2244-465E-8774-C246410E0889}
2012-04-19 13:44:03 -------- d-----w- C:\Users\XLR8\AppData\Local\{122A47FD-5DB3-4AC4-9521-346D695F07B2}
2012-04-19 13:43:49 -------- d-----w- C:\Users\XLR8\AppData\Local\{A5BDCF36-AD9B-4DDC-9506-0F131ED8471B}
2012-04-19 01:43:11 -------- d-----w- C:\Users\XLR8\AppData\Local\{71307137-CF16-4A81-9E95-61395A53BE8E}
2012-04-19 01:42:58 -------- d-----w- C:\Users\XLR8\AppData\Local\{F0966A4D-A583-4EB3-985C-3DDE39BCD16B}
2012-04-18 14:17:37 -------- d-----w- C:\Users\XLR8\vocab n questions
2012-04-18 13:42:23 -------- d-----w- C:\Users\XLR8\AppData\Local\{063E9E7C-C099-47DA-A779-70F0105ABA79}
2012-04-18 13:42:11 -------- d-----w- C:\Users\XLR8\AppData\Local\{F0070B79-FA3A-4454-8504-A17A2C0CC713}
2012-04-18 11:29:17 -------- d-----w- C:\Users\XLR8\jagexcache1
2012-04-17 23:43:02 -------- d-----w- C:\Users\XLR8\AppData\Local\{E4B30CC0-D11A-4252-85E7-E67EF3802197}
2012-04-17 11:42:22 -------- d-----w- C:\Users\XLR8\AppData\Local\{8CC01C42-F8CA-4E65-9EA0-26A0E2527673}
2012-04-17 11:41:30 -------- d-----w- C:\Users\XLR8\AppData\Local\{BFE854A0-1F82-4846-A819-E0AC1404A3C0}
2012-04-16 23:34:57 -------- d-----w- C:\Users\XLR8\AppData\Local\{91DB3918-A206-4E12-A01C-A2B6363FD15F}
2012-04-16 23:34:45 -------- d-----w- C:\Users\XLR8\AppData\Local\{ACA2F2C7-D0DC-4DA5-8278-39670763693D}
2012-04-16 23:32:03 -------- d-----w- C:\Users\XLR8\AppData\Local\{9B22DC68-6506-4F1E-B742-A2326836245D}
2012-04-16 23:30:17 -------- d-----w- C:\Users\XLR8\AppData\Local\{79A0D392-7BE1-444C-B2F0-FA05F8478CE5}
2012-04-16 12:20:41 -------- d-----w- C:\Users\XLR8\AppData\Roaming\Malwarebytes
2012-04-16 12:20:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-16 12:20:34 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-16 12:20:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-16 11:29:33 -------- d-----w- C:\Users\XLR8\AppData\Local\{E0C0A9B5-2EB6-4570-9CB7-18AF3B34C650}
2012-04-16 11:29:18 -------- d-----w- C:\Users\XLR8\AppData\Local\{7B54AA2C-D645-4FEF-8F93-F96840C8D8BD}
2012-04-15 15:33:47 -------- d-----w- C:\Users\XLR8\AppData\Local\{9C6C72AD-9715-4344-BC0D-6AF3F0F54A3A}
2012-04-15 15:33:35 -------- d-----w- C:\Users\XLR8\AppData\Local\{C1BCF9BA-5B91-40E6-89A2-96672F58A148}
2012-04-15 15:32:45 -------- d-----w- C:\Windows\en
2012-04-15 15:20:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\406b8dd61cd1b1b01\DSETUP.dll
2012-04-15 15:20:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\406b8dd61cd1b1b01\DXSETUP.exe
2012-04-15 15:20:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\406b8dd61cd1b1b01\dsetup32.dll
2012-04-15 11:45:15 -------- d-----w- C:\Users\XLR8\AppData\Local\{6DF2B946-7FAF-427D-A226-629E1CFB6562}
2012-04-15 11:44:54 -------- d-----w- C:\Users\XLR8\AppData\Local\{8E0CF3F8-49C3-4DCD-86B6-0F23C68C2F15}
2012-04-14 12:57:41 -------- d-----w- C:\Users\XLR8\AppData\Local\{5CDC5E71-4FB1-463D-BD60-F29306D64C83}
2012-04-14 12:57:12 -------- d-----w- C:\Users\XLR8\AppData\Local\{3B0278AF-16C2-4D77-8382-0EDD92171973}
2012-04-13 23:03:45 -------- d-----w- C:\Users\XLR8\AppData\Local\{6C3F4F2E-F458-4F10-9904-1335693C1BC9}
2012-04-13 23:02:35 -------- d-----w- C:\Users\XLR8\AppData\Local\{64C124C1-7D6C-4670-A582-9A633CB09EF5}
2012-04-13 12:58:09 -------- d-----w- C:\Users\XLR8\AppData\Local\{0DF598DA-EA66-4ACE-B255-97C2BE4617D6}
2012-04-13 12:57:49 -------- d-----w- C:\Users\XLR8\AppData\Local\{4D20BF6D-B6E7-4826-A4D2-85658BE2D1E0}
2012-04-13 11:49:59 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-04-13 11:49:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-04-13 11:49:57 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-04-13 11:43:10 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-13 11:41:38 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-13 11:41:38 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-04-13 11:41:38 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-13 11:41:38 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-13 11:41:37 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-13 11:41:36 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-13 11:41:32 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-13 11:31:05 -------- d-----w- C:\Users\XLR8\AppData\Local\{72814770-D4DC-4E22-9EDE-09337A36A8FA}
2012-04-12 23:30:29 -------- d-----w- C:\Users\XLR8\AppData\Local\{A968B1CD-8998-4DED-B704-ADCCDA895D08}
2012-04-12 11:41:25 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-04-12 11:41:25 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-04-12 11:30:04 -------- d-----w- C:\Users\XLR8\AppData\Local\{1CF5C446-9AAB-434E-8532-5F3232ED5E9C}
2012-04-11 12:08:54 -------- d-----w- C:\Users\XLR8\AppData\Local\{350B7571-7CA2-4D9F-A258-906082DB2B07}
2012-04-11 00:06:25 -------- d-----w- C:\Users\XLR8\AppData\Local\{AFB84F7B-D515-4FE4-AB2B-E105914B9133}
2012-04-10 12:05:56 -------- d-----w- C:\Users\XLR8\AppData\Local\{70555140-E934-428E-B381-5A2628896CC7}
2012-04-10 00:05:31 -------- d-----w- C:\Users\XLR8\AppData\Local\{953DF9F5-0B7D-4859-A43F-B69CD461C21D}
2012-04-09 12:05:20 -------- d-----w- C:\Users\XLR8\AppData\Local\{7EB9368C-34D1-4A1F-AA78-C7C1553E6AE4}
2012-04-09 00:02:57 -------- d-----w- C:\Users\XLR8\AppData\Local\{E281B1E8-3437-4E08-9FC8-3284D21199CA}
2012-04-08 12:02:33 -------- d-----w- C:\Users\XLR8\AppData\Local\{3084543A-C53B-42B1-9E99-F71D9058ED96}
2012-04-08 00:01:34 -------- d-----w- C:\Users\XLR8\AppData\Local\{1108E181-43A9-4FBE-B394-28AC88DA2EBD}
2012-04-07 12:01:07 -------- d-----w- C:\Users\XLR8\AppData\Local\{F1FC0606-B3F8-4487-BF40-697E1D504325}
2012-04-06 10:13:09 -------- d-----w- C:\Users\XLR8\AppData\Local\{CBF30B67-49F8-4053-A1FA-8625ACB565B9}
2012-04-05 10:12:35 -------- d-----w- C:\Users\XLR8\AppData\Local\{0EEA8435-E304-4B55-8033-3C2F8E2CE7F8}
2012-04-04 22:12:11 -------- d-----w- C:\Users\XLR8\AppData\Local\{E10A0064-A31F-42E8-8DD4-7EDE2789B5C5}
2012-04-04 10:11:59 -------- d-----w- C:\Users\XLR8\AppData\Local\{779CBA27-6ED6-4BD2-9110-CF8196358537}
2012-04-03 09:00:14 -------- d-----w- C:\Users\XLR8\AppData\Local\{C9E2F281-401C-4915-9128-FE3BA3D0F713}
2012-04-02 22:33:15 -------- d-----w- C:\Users\XLR8\AppData\Local\{116F18CB-3EE9-4570-9598-4A2AECC16903}
2012-04-02 14:21:13 -------- d-----w- C:\Users\XLR8\Biology Exams
2012-04-02 10:32:51 -------- d-----w- C:\Users\XLR8\AppData\Local\{5509FA4D-DEAE-4A6A-AD3F-6419703856CE}
2012-04-01 10:08:17 -------- d-----w- C:\Users\XLR8\AppData\Local\{4BBB8838-EA5F-4945-8639-1070D6AB322D}
2012-03-31 21:49:54 -------- d-----w- C:\Users\XLR8\AppData\Local\{3646BAFF-7C20-41D7-80A7-D849E1C5735A}
2012-03-31 09:49:29 -------- d-----w- C:\Users\XLR8\AppData\Local\{43CF4385-EF04-4AC3-AD1C-6768EC40C6D2}
2012-03-30 15:58:06 -------- d-----w- C:\Users\XLR8\AppData\Local\{FEBA05B3-2204-4C14-971A-9C8FBE1AA7D1}
2012-03-29 16:31:11 -------- d-----w- C:\Users\XLR8\AppData\Local\{CE760D95-3FEA-46B3-912D-32CE9FE25C96}
2012-03-28 15:14:27 -------- d-----w- C:\Users\XLR8\AppData\Local\{CF5566D7-3686-4DFC-8EAC-42AB5133712E}
2012-03-28 15:14:11 -------- d-----w- C:\Users\XLR8\AppData\Local\{F5F6C9F3-6BE5-40AE-8B0B-70FB61CE0396}
2012-03-27 17:35:08 -------- d-----w- C:\Users\XLR8\AppData\Local\{31F65262-7EB8-434A-80C6-E6DF3C25A963}
2012-03-27 17:33:01 -------- d-----w- C:\Users\XLR8\AppData\Local\{245324A9-1B70-4039-B64E-0D830591BE31}
2012-03-26 17:19:13 -------- d-----w- C:\Users\XLR8\AppData\Local\{1C04E2D0-B004-4AD3-AE01-8341966974EF}
2012-03-26 17:18:55 -------- d-----w- C:\Users\XLR8\AppData\Local\{B195D31C-DC11-4696-B2BA-5723CB559AB4}
2012-03-25 19:36:59 139264 ----a-w- C:\Windows\SysWow64\gswin32c.exe
2012-03-25 19:36:58 438976 ----a-w- C:\Windows\SysWow64\Mshflxgd.ocx
2012-03-25 19:36:58 244024 ----a-w- C:\Windows\SysWow64\Msflxgrd.ocx
2012-03-25 19:36:57 196608 ----a-w- C:\Windows\SysWow64\Utility.dll
2012-03-25 19:36:57 -------- d--h--w- C:\ProgramData\QPOCRTemp
2012-03-25 19:36:57 -------- d-----w- C:\Windows\SysWow64\gs
2012-03-25 19:36:53 368912 ----a-w- C:\Windows\SysWow64\vbar332.dll
2012-03-25 19:36:53 -------- d--h--w- C:\ProgramData\QuickPDF
2012-03-25 19:34:53 -------- d-----w- C:\QuickPDFConverter
2012-03-25 12:06:49 -------- d-----w- C:\Users\XLR8\AppData\Local\{606ABA3E-5740-422D-AC99-A0244F6128AA}
2012-03-25 12:05:39 -------- d-----w- C:\Users\XLR8\AppData\Local\{7C06F2BD-B922-4CC3-914B-090F86ABD9BE}
2012-03-25 00:05:14 -------- d-----w- C:\Users\XLR8\AppData\Local\{1AD274E4-5F10-464F-AD32-6CF2B55CD125}
2012-03-24 12:04:31 -------- d-----w- C:\Users\XLR8\AppData\Local\{3B9B6448-AA2E-4511-96A4-A95C686AA742}
2012-03-24 12:03:27 -------- d-----w- C:\Users\XLR8\AppData\Local\{848491AD-11E9-4217-8765-7DCD56FA9CFB}
2012-03-23 18:33:44 -------- d-----w- C:\Users\XLR8\AppData\Local\{5744E42F-B43C-4CFF-A704-4895E7CB739A}
2012-03-23 18:33:20 -------- d-----w- C:\Users\XLR8\AppData\Local\{CB58E7AD-A657-479F-9EEE-232767596DF1}
.
==================== Find3M ====================
.
2012-04-21 13:44:42 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 12:41:05 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-23 18:39:53 3715072 ----a-w- C:\Program Files\SwiftKit-RS.exe
2012-03-20 19:22:46 691896 ----a-w- C:\Windows\System32\drivers\avc3.sys
2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 17:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 15:45:56 545064 ----a-w- C:\Windows\System32\drivers\avckf.sys
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 10:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 21:22:14 401408 ----a-w- C:\Program Files\SwiftKit.exe
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-01-08 14:09:07 1228892 ----a-w- C:\Program Files\swiftirc.ocx
2011-07-21 14:09:34 83863 ----a-w- C:\Program Files\Uninstall.exe
2011-02-17 09:14:55 585728 ----a-w- C:\Program Files\LaVolpeAlphaImg.ocx
2009-10-09 13:05:15 74240 ----a-w- C:\Program Files\zlib.dll
2009-10-09 13:05:15 24576 ----a-w- C:\Program Files\ExePatcher.exe
2009-10-09 13:05:15 15416 ----a-w- C:\Program Files\basswma.dll
2009-10-09 13:05:13 89144 ----a-w- C:\Program Files\bass.dll
.
============= FINISH: 1:39:23.77 ===============

I appreciate any assistance. Thanks a lot!

- XLR8

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 22 April 2012 - 05:35 PM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)
Post back the report.

MrC


------->Logs will be closed if you haven't replied within 3 days!<--------


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 XLR8

XLR8

    New Member

  • Members
  • Pip
  • 25 posts

Posted 23 April 2012 - 02:00 PM

Thank you for your reply, MrCharlie.

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: XLR8 [Admin rights]
Mode: Scan -- Date: 04/23/2012 19:59:29

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM500JI +++++
--- User ---
[MBR] fcb4481e19d53dcf372f4acfc4f29676
[BSP] c6b9090b1b39f3797358b1cb44c2188c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 23 April 2012 - 02:16 PM

Looks Good so far.

-----------------------

Please make sure system restore is running and create a new restore point before continuing.

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:


If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 XLR8

XLR8

    New Member

  • Members
  • Pip
  • 25 posts

Posted 23 April 2012 - 04:58 PM

Thanks again for your reply! Unfortunately, the log is rather large and the forum won't let me subit the C+P version because it's too long, so they only way you could view it would be to send it as an attachment. Is that alright?

Oh, and for some reason 'reboot' didn't come up when I scanned, and my the results of my scan appear a tad different to the layout of yours.

I appreciate the assistance.

Attached Files



#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 23 April 2012 - 05:04 PM

It's OK to attach it.

The scan was clean.

--------------------------------

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 XLR8

XLR8

    New Member

  • Members
  • Pip
  • 25 posts

Posted 24 April 2012 - 01:46 PM

Ok I followed the instructions and here is the log!

ComboFix 12-04-24.02 - XLR8 24/04/2012 19:05:05.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4091.2197 [GMT 1:00]
Running from: c:\users\XLR8\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Uninstall.exe
c:\users\XLR8\AppData\Roaming\Microsoft\Windows\Recent\DeSmuME.com.URL
c:\users\XLR8\AppData\Roaming\mIRC\logs\status.log
c:\users\XLR8\Desktop\Documents\~WRL0001.tmp
c:\users\XLR8\Desktop\Documents\~WRL0003.tmp
c:\users\XLR8\Desktop\Documents\~WRL0004.tmp
c:\users\XLR8\Desktop\Documents\~WRL0742.tmp
c:\users\XLR8\Desktop\Documents\~WRL0901.tmp
c:\users\XLR8\Desktop\Documents\~WRL1235.tmp
c:\users\XLR8\Desktop\Documents\~WRL2337.tmp
c:\users\XLR8\Desktop\Documents\~WRL2888.tmp
c:\users\XLR8\Desktop\Documents\~WRL3280.tmp
c:\users\XLR8\Desktop\Documents\~WRL3372.tmp
c:\users\XLR8\Desktop\Documents\~WRL3985.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\urttemp
c:\windows\SysWow64\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 18:22 . 2012-04-24 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 17:34 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B129FC8-6E5A-4B2F-B942-7B101E336E36}\mpengine.dll
2012-04-21 17:53 . 2012-04-21 17:53 245113 ----a-w- c:\programdata\1335030144.bdinstall.bin
2012-04-21 17:46 . 2012-04-21 17:46 -------- d-----w- c:\users\XLR8\AppData\Roaming\Bitdefender
2012-04-21 17:46 . 2012-04-21 17:51 -------- d-----w- c:\programdata\Bitdefender
2012-04-21 17:42 . 2011-08-16 13:59 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-04-21 17:42 . 2011-10-27 14:07 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-04-21 17:36 . 2012-04-21 17:36 22638 ----a-w- c:\programdata\1335029787.bdinstall.bin
2012-04-21 17:35 . 2012-04-21 17:35 104594 ----a-w- c:\programdata\1335029638.bdinstall.bin
2012-04-21 17:17 . 2012-04-21 17:17 178583 ----a-w- c:\programdata\1335027244.bdinstall.bin
2012-04-21 17:04 . 2012-04-21 17:04 -------- d-----w- c:\programdata\BDLogging
2012-04-21 17:00 . 2009-07-14 18:31 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-04-21 17:00 . 2009-07-14 18:18 42064 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-04-21 17:00 . 2009-07-14 18:18 654928 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-04-21 16:44 . 2012-04-21 16:44 22632 ----a-w- c:\programdata\1335026645.bdinstall.bin
2012-04-21 16:43 . 2012-04-21 16:43 217745 ----a-w- c:\programdata\1335025918.bdinstall.bin
2012-04-21 16:36 . 2012-04-21 16:36 -------- d-----w- c:\users\XLR8\AppData\Roaming\QuickScan
2012-04-21 13:44 . 2012-04-21 13:44 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-21 12:55 . 2012-04-21 13:44 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-18 14:17 . 2012-04-21 15:59 -------- d-----w- c:\users\XLR8\vocab n questions
2012-04-18 11:29 . 2012-04-18 11:29 -------- d-----w- c:\users\XLR8\jagexcache1
2012-04-16 12:20 . 2012-04-16 12:20 -------- d-----w- c:\users\XLR8\AppData\Roaming\Malwarebytes
2012-04-16 12:20 . 2012-04-16 12:20 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 12:20 . 2012-04-22 00:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-16 12:20 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 15:32 . 2012-04-15 15:32 -------- d-----w- c:\windows\en
2012-04-15 15:24 . 2012-04-15 15:24 -------- d-----w- c:\program files\Windows Live
2012-04-15 15:20 . 2012-04-15 15:20 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\406b8dd61cd1b1b01\DSETUP.dll
2012-04-15 15:20 . 2012-04-15 15:20 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\406b8dd61cd1b1b01\DXSETUP.exe
2012-04-15 15:20 . 2012-04-15 15:20 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\406b8dd61cd1b1b01\dsetup32.dll
2012-04-13 12:41 . 2012-04-13 12:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-13 11:49 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-13 11:49 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-13 11:49 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-13 11:43 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 11:41 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 11:41 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 11:41 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-13 11:41 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 11:41 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 11:41 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 11:41 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 11:41 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-04-12 11:41 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-02 14:21 . 2012-04-02 14:21 -------- d-----w- c:\users\XLR8\Biology Exams
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-25 19:36 . 2011-09-05 13:37 438976 ----a-w- c:\windows\SysWow64\Mshflxgd.ocx
2012-03-25 19:36 . 2011-09-05 13:37 244024 ----a-w- c:\windows\SysWow64\Msflxgrd.ocx
2012-03-25 19:36 . 2012-03-25 19:37 -------- d-----w- c:\windows\SysWow64\gs
2012-03-25 19:36 . 2012-03-25 19:36 -------- d--h--w- c:\programdata\QPOCRTemp
2012-03-25 19:36 . 2011-09-05 13:37 196608 ----a-w- c:\windows\SysWow64\Utility.dll
2012-03-25 19:36 . 2012-03-25 19:56 -------- d--h--w- c:\programdata\QuickPDF
2012-03-25 19:36 . 1998-04-23 23:00 368912 ----a-w- c:\windows\SysWow64\vbar332.dll
2012-03-25 19:34 . 2012-03-25 19:38 -------- d-----w- C:\QuickPDFConverter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 13:44 . 2011-06-08 09:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 12:41 . 2010-06-13 10:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-23 18:39 . 2011-07-21 14:10 3715072 ----a-w- c:\program files\SwiftKit-RS.exe
2012-03-20 19:22 . 2012-03-20 19:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 09:18 . 2009-10-31 11:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 15:45 . 2012-02-17 15:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-02-14 16:49 . 2012-03-13 22:51 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-13 22:51 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-13 22:51 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 22:51 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-13 22:51 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-13 22:51 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-13 22:51 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-13 22:51 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-13 22:51 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-13 22:51 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 21:22 . 2009-10-09 13:05 401408 ----a-w- c:\program files\SwiftKit.exe
2012-02-02 15:34 . 2012-03-13 22:51 2765824 ----a-w- c:\windows\system32\win32k.sys
2012-01-08 14:09 . 2009-10-09 13:05 1228892 ----a-w- c:\program files\swiftirc.ocx
2011-02-17 09:14 . 2010-11-21 07:20 585728 ----a-w- c:\program files\LaVolpeAlphaImg.ocx
2009-10-09 13:05 . 2009-10-09 13:05 74240 ----a-w- c:\program files\zlib.dll
2009-10-09 13:05 . 2009-10-09 13:05 24576 ----a-w- c:\program files\ExePatcher.exe
2009-10-09 13:05 . 2009-10-09 13:05 15416 ----a-w- c:\program files\basswma.dll
2009-10-09 13:05 . 2009-10-09 13:05 89144 ----a-w- c:\program files\bass.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-06 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-09-04 1242448]
"Akamai NetSession Interface"="c:\users\XLR8\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-13 61440]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"BSDAppUpdater"="c:\program files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe" [2012-01-15 1660232]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\XLR8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS_x64.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 253088]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 13:44]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 23:18]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 23:18]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2493765699-2932754121-1517478223-1000Core.job
- c:\users\XLR8\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 11:33]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2493765699-2932754121-1517478223-1000UA.job
- c:\users\XLR8\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 11:33]
.
2012-04-19 c:\windows\Tasks\Norton Security Scan for XLR8.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-18 09:06]
.
2012-04-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-04-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-04-24 17:51 266952 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-04-24 17:51 266952 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-04-24 17:51 266952 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-04-24 17:51 266952 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-08 1780520]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-04-23 3236432]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 172032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-04-24 1067768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
IE: Download Video on This Page - c:\program files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: Download Video This Links To - c:\program files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/212
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - res://c:\program files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\XLR8\AppData\Roaming\Mozilla\Firefox\Profiles\hfw5513s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1b650dc5-1bb6-434d-b15a-03d8a2e77959%7D&mid=85c0193d7cd9b3d8d52964610ed4c1d8-93cd5f6c99ff30966b8fcfa185b37fd07afaf0b6&ds=AVG&v=9.0.0.18.3&lang=us&pr=&d=2012-02-23%2010%3A36%3A05&sap=ku&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-KeyMapperStarup - c:\users\XLR8\Downloads\kr_free\KeyRemapper.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-SwiftKit - c:\program files\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-04-24 19:40:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-24 18:40
.
Pre-Run: 334,756,241,408 bytes free
Post-Run: 336,496,758,784 bytes free
.
- - End Of File - - 509D378026141C8BBEB6B3B304C8D01A

#8 XLR8

XLR8

    New Member

  • Members
  • Pip
  • 25 posts

Posted 24 April 2012 - 01:51 PM

Ah, unfortunately the malwarebytes message STILL pops up. I was convinced ComboFix would get rid of it.

#9 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 24 April 2012 - 01:56 PM

Did you set up this proxy??

uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;


-----------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 24 April 2012 - 01:58 PM

Can you take a screen shot of the message that comes up?

If not tell me exactly what it says.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 XLR8

XLR8

    New Member

  • Members
  • Pip
  • 25 posts

Posted 24 April 2012 - 01:59 PM

Nope — I have never set up a proxy on this computer. I'm guessing that's a problem?

#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 24 April 2012 - 02:25 PM

It doesn't appear to be enabled but lets get rid of it anyway, they link below contains info on how to delete it (about 1/3 the way down)

http://www.bleepingc...ormance-advisor

--------------------------------

See if you can take a screen shot of the pop-up warning or just tell me exactly what it says.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 XLR8

XLR8

    New Member

  • Members
  • Pip
  • 25 posts

Posted 25 April 2012 - 08:35 AM

Thanks - I went to firefox and removed a system proxy that was apparently in place.

Strangely, even after scanning ComboFix, it was appearing a lot, but as soon as you asked me to post a screenie, it's stopped. However, from what I remember...

It'd give the message 'malwarebytes successfully..." and it'd give a port which changes every time. The IP changes often, but a common one that pops up is '173.192.183.194'. It connects through either firefox.exe or svchost.exe. If it comes up again I'll be sure to take a screenshot of it.

#14 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 25 April 2012 - 08:47 AM

That proxy was in Internet Explorer, are you using any P2P programs?

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15 XLR8

XLR8

    New Member

  • Members
  • Pip
  • 25 posts

Posted 25 April 2012 - 09:48 AM

I went into internet explorer but there was no proxy being used, so I checked firefox. P2P programs? You means things like BitTorrent? None that I know of... unless you count MSN & Skype.

#16 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 25 April 2012 - 10:01 AM

Yes I do.....Take a look at the links below:

http://forums.malwar...howtopic=109053
http://forums.malwar...howtopic=108627

http://forums.malwar...48

Let me know....MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#17 XLR8

XLR8

    New Member

  • Members
  • Pip
  • 25 posts

Posted 25 April 2012 - 11:03 AM

That's a tad puzzling. I've had skype installed on this laptop for the past 2½ years, BitDefender for the past 2½ years, and MBAW for the past few months, yet this message started popping up about 1-2 months ago. Furthermore, wouldn't the program that it connects through be Skype, as opposed to svschost.exe/firefox.exe/avgnsa.exe?

In order to combat this problem, would my only solution be to uninstall Skype? Because it's not really in my interest to do so... I haven't seen any of my data/personal details become hijacked since the message popped up, so perhaps it isn't too harmful — but I just need to make sure.

Thanks.

#18 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 25 April 2012 - 11:18 AM

I would like to run a couple of more scans:

Download aswMBR to your desktop.
http://public.avast....erek/aswMBR.exe
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#19 XLR8

XLR8

    New Member

  • Members
  • Pip
  • 25 posts

Posted 25 April 2012 - 03:20 PM

I scanned it once and oddly, I got the BSOD... That's a tad worrying. Scanned it again and here's the log -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-25 20:08:00
-----------------------------
20:08:00.928 OS Version: Windows x64 6.0.6002 Service Pack 2
20:08:00.929 Number of processors: 2 586 0x170A
20:08:00.930 ComputerName: XYZ-XTREMESPEED UserName: XLR8
20:08:03.359 Initialize success
20:08:18.386 AVAST engine defs: 12042500
20:08:21.133 The log file has been saved successfully to "C:\Users\XLR8\Desktop\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-25 20:08:00
-----------------------------
20:08:00.928 OS Version: Windows x64 6.0.6002 Service Pack 2
20:08:00.929 Number of processors: 2 586 0x170A
20:08:00.930 ComputerName: XYZ-XTREMESPEED UserName: XLR8
20:08:03.359 Initialize success
20:08:18.386 AVAST engine defs: 12042500
20:08:21.133 The log file has been saved successfully to "C:\Users\XLR8\Desktop\Documents\aswMBR.txt"
20:09:04.274 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:09:04.276 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
20:09:04.291 Disk 0 MBR read successfully
20:09:04.298 Disk 0 MBR scan
20:09:04.354 Disk 0 Windows VISTA default MBR code
20:09:04.362 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:09:04.411 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
20:09:04.437 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
20:09:04.476 Disk 0 scanning C:\Windows\system32\drivers
20:09:19.465 Service scanning
20:09:55.682 Modules scanning
20:09:55.688 Disk 0 trace - called modules:
20:09:55.712 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
20:09:55.716 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800659b1c0]
20:09:55.721 3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045de050]
20:09:58.256 AVAST engine scan C:\Windows
20:10:10.087 AVAST engine scan C:\Windows\system32
20:17:25.325 AVAST engine scan C:\Windows\system32\drivers
20:18:08.836 AVAST engine scan C:\Users\XLR8
20:45:09.482 AVAST engine scan C:\ProgramData
20:55:07.425 Scan finished successfully
21:04:33.107 Disk 0 MBR has been saved successfully to "C:\Users\XLR8\Desktop\Documents\MBR.dat"
21:04:33.119 The log file has been saved successfully to "C:\Users\XLR8\Desktop\Documents\aswMBR.txt"

Thanks.

#20 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 25 April 2012 - 03:32 PM

That scan looks OK.

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
http://www.eset.eu/online-scanner
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users