BleepingComputer.com: Cloud Protection - no internet connection

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Cloud Protection - no internet connection

#1 User is offline   js1701 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-November 11

Posted 02 November 2011 - 05:40 PM

I have a Windows XP computer that was infected with "Cloud Protection". I used Malwarebytes and I believe the infection is cured, but I still can't access the internet, either wired or wireless. I'm not sure how to proceed now. I've gone to LAN Settings and unchecked the box for using a proxy server.

#2 User is offline   Orange Blossom 

  • OBleepin Investigator
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 29,827
  • Joined: 14-July 06
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 03 November 2011 - 05:28 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 User is offline   js1701 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-November 11

Posted 06 November 2011 - 01:49 PM

Here are the log files. Attached File  GMER.log (13.41K)
Number of downloads: 0

Attached File(s)

  • Attached File  dds.txt (21.8K)
    Number of downloads: 2
  • Attached File  attach.txt (51.23K)
    Number of downloads: 2

#4 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,524
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 07 November 2011 - 02:32 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   js1701 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-November 11

Posted 07 November 2011 - 02:14 PM

Here is the ComboFix log.

I got a blue screen the first time I tried running it, but it worked the second time. It couldn't do System Restore, and it said I had AVG Antivirus running, but I couldn't figure out any way to turn it off.




ComboFix 11-11-07.02 - DTStrain 11/07/2011 11:47:25.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2557.1673 [GMT -6:00]
Running from: c:\documents and settings\DTStrain\Desktop\Logs\ComboFix.exe
AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\IntelUpdateService.dll
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{09aa8add-885a-4b9d-aab7-db3bc3605fb7}
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{09aa8add-885a-4b9d-aab7-db3bc3605fb7}\chrome.manifest
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{09aa8add-885a-4b9d-aab7-db3bc3605fb7}\chrome\xulcache.jar
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{09aa8add-885a-4b9d-aab7-db3bc3605fb7}\defaults\preferences\xulcache.js
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{09aa8add-885a-4b9d-aab7-db3bc3605fb7}\install.rdf
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{3107d4fd-10cc-420f-9340-3b5b9cde3f6c}
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{3107d4fd-10cc-420f-9340-3b5b9cde3f6c}\chrome.manifest
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{3107d4fd-10cc-420f-9340-3b5b9cde3f6c}\chrome\xulcache.jar
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{3107d4fd-10cc-420f-9340-3b5b9cde3f6c}\defaults\preferences\xulcache.js
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{3107d4fd-10cc-420f-9340-3b5b9cde3f6c}\install.rdf
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{5a67dc09-ab3a-4d6a-85a4-805403fa69a3}
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{5a67dc09-ab3a-4d6a-85a4-805403fa69a3}\chrome.manifest
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{5a67dc09-ab3a-4d6a-85a4-805403fa69a3}\chrome\xulcache.jar
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{5a67dc09-ab3a-4d6a-85a4-805403fa69a3}\defaults\preferences\xulcache.js
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{5a67dc09-ab3a-4d6a-85a4-805403fa69a3}\install.rdf
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{60fc59f7-e42f-466d-b722-d22b6d6cdddb}
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{60fc59f7-e42f-466d-b722-d22b6d6cdddb}\chrome.manifest
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{60fc59f7-e42f-466d-b722-d22b6d6cdddb}\chrome\xulcache.jar
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{60fc59f7-e42f-466d-b722-d22b6d6cdddb}\defaults\preferences\xulcache.js
c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\extensions\{60fc59f7-e42f-466d-b722-d22b6d6cdddb}\install.rdf
c:\documents and settings\DTStrain\Local Settings\Application Data\Apple\AppleUpdate\Appleupdt32.dll
c:\documents and settings\DTStrain\myxaxfbeug.tmp
c:\documents and settings\DTStrain\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.netbt
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-06 11:39 . 2011-11-06 11:39 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsla3062892.sys
2011-10-22 16:11 . 2011-10-22 16:11 -------- d-----w- c:\windows\USBdevice
2011-10-22 16:10 . 2011-10-22 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-10-22 16:10 . 2011-10-22 16:10 -------- d-----w- c:\documents and settings\DTStrain\Application Data\zZ9hYXwkUe
2011-10-22 16:10 . 2011-10-22 16:10 -------- d-----w- c:\documents and settings\DTStrain\Application Data\sNyxA1uvDoFpHs
2011-10-22 16:10 . 2011-10-22 16:10 -------- d-----w- c:\documents and settings\DTStrain\Application Data\cqhYXwkUV
2011-10-22 16:10 . 2011-10-22 16:10 -------- d-----w- c:\documents and settings\DTStrain\Application Data\bqjYCekIBzNx1v
2011-10-22 15:56 . 2011-10-22 15:56 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl26a8fe5a.sys
2011-10-22 15:24 . 2011-10-22 16:11 -------- d-----w- c:\program files\D-Link
2011-10-22 15:24 . 2006-11-27 04:38 499328 ----a-w- c:\windows\system32\drivers\MRVW245.sys
2011-10-22 15:23 . 2011-10-22 15:23 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-10-22 15:23 . 2011-10-22 15:23 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-10-22 15:23 . 2005-11-14 04:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-10-22 15:23 . 2005-11-14 04:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-10-22 15:23 . 2005-11-14 04:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-10-22 15:23 . 2005-11-14 04:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-10-22 15:23 . 2005-11-14 04:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-10-22 14:57 . 2011-10-22 14:57 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsle1939825.sys
2011-10-22 14:45 . 2011-10-22 14:45 -------- d-----w- C:\temp
2011-10-22 13:37 . 2009-01-25 18:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-10-22 13:37 . 2011-10-22 16:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-10-21 02:14 . 2011-10-22 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-10-21 02:14 . 2011-10-22 16:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-21 01:58 . 2011-10-21 01:58 104448 ----a-w- c:\program files\Internet Explorer\A733\F.tmp
2011-10-21 01:55 . 2011-10-21 01:55 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl18248997.sys
2011-10-21 01:48 . 2011-10-21 01:48 104448 ----a-w- c:\program files\Internet Explorer\A733\18.tmp
2011-10-21 01:48 . 2011-10-21 00:32 1008092 ----a-w- C:\Rkill.exe
2011-10-21 01:46 . 2011-10-21 01:46 104448 ----a-w- c:\program files\Internet Explorer\A733\15.tmp
2011-10-21 01:43 . 2011-10-21 01:43 104448 ----a-w- c:\program files\Internet Explorer\A733\E.tmp
2011-10-21 01:39 . 2011-10-21 01:39 104448 ----a-w- c:\program files\Internet Explorer\A733\1E.tmp
2011-10-21 01:34 . 2011-10-21 01:34 104448 ----a-w- c:\program files\Internet Explorer\A733\D.tmp
2011-10-21 00:46 . 2011-10-21 00:46 104448 ----a-w- c:\program files\Internet Explorer\A733\C.tmp
2011-10-21 00:38 . 2011-10-21 00:38 104448 ----a-w- c:\program files\Internet Explorer\A733\B.tmp
2011-10-21 00:36 . 2011-10-21 00:36 104448 ----a-w- c:\program files\Internet Explorer\A733\A.tmp
2011-10-18 23:41 . 2011-10-18 23:41 104448 ----a-w- c:\program files\Internet Explorer\A733\2.tmp
2011-10-18 23:28 . 2011-10-18 23:28 104448 ----a-w- c:\program files\Internet Explorer\A733\9.tmp
2011-10-18 23:24 . 2011-10-18 23:24 104448 ----a-w- c:\program files\Internet Explorer\A733\8.tmp
2011-10-18 23:23 . 2011-10-18 23:23 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl90a2c153.sys
2011-10-18 23:17 . 2011-10-18 23:17 104448 ----a-w- c:\program files\Internet Explorer\A733\7.tmp
2011-10-18 23:17 . 2011-10-18 23:17 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKslb8a58d3f.sys
2011-10-18 23:14 . 2011-10-18 23:14 104448 ----a-w- c:\program files\Internet Explorer\A733\1.tmp
2011-10-18 23:07 . 2011-10-18 23:07 104448 ----a-w- c:\program files\Internet Explorer\A733\6.tmp
2011-10-18 13:15 . 2011-10-18 13:15 104448 ----a-w- c:\program files\Internet Explorer\A733\13.tmp
2011-10-18 12:58 . 2011-10-18 12:58 -------- d-----w- c:\documents and settings\DTStrain\Application Data\Malwarebytes
2011-10-18 12:58 . 2011-10-18 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-18 12:57 . 2011-10-18 12:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-18 12:57 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 12:47 . 2011-10-18 12:47 104448 ----a-w- c:\program files\Internet Explorer\A733\5.tmp
2011-10-18 12:12 . 2011-10-18 12:12 104448 ----a-w- c:\program files\Internet Explorer\A733\4.tmp
2011-10-17 03:58 . 2011-10-17 03:58 104448 ----a-w- c:\program files\Internet Explorer\A733\3.tmp
2011-10-17 03:58 . 2011-10-17 03:58 -------- d-----w- c:\documents and settings\DTStrain\Application Data\JdWK8fRZ9TwUeIt
2011-10-17 03:58 . 2011-10-17 03:58 -------- d-----w- c:\documents and settings\DTStrain\Application Data\gvD2onF4pHs
2011-10-17 03:53 . 2011-10-17 03:53 -------- d-----w- c:\documents and settings\DTStrain\Application Data\ZLL88gTZqjYCkIr
2011-10-17 03:53 . 2011-10-17 03:53 -------- d-----w- c:\documents and settings\DTStrain\Application Data\S55ssWJ7fE
2011-10-17 03:53 . 2011-10-17 03:53 -------- d-----w- c:\documents and settings\DTStrain\Application Data\XqjjYCCwkIVzO
2011-10-17 03:53 . 2011-10-17 03:53 -------- d-----w- c:\documents and settings\DTStrain\Application Data\ZoonnF4am
2011-10-17 03:53 . 2011-10-17 03:53 104448 ----a-w- c:\program files\Internet Explorer\A733\EA.tmp
2011-10-17 03:52 . 2011-10-17 03:53 -------- d-----w- c:\program files\380A2
2011-10-17 03:52 . 2011-10-17 03:52 -------- d-----w- c:\documents and settings\DTStrain\Application Data\34F38
2011-10-17 03:52 . 2011-10-17 03:52 176640 ----a-w- c:\program files\Internet Explorer\A733\C9F.exe
2011-10-16 08:32 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\mpengine.dll
2011-10-13 08:25 . 2011-10-13 08:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-12 23:14 . 2010-04-11 08:05 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2004-08-11 22:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-11 22:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-11 22:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-11 22:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-03 19:40 . 2011-07-20 12:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-02-04 106496]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-18 68856]
"Spyware Doctor"="c:\documents and settings\DTStrain\Desktop\sdsetup.exe" [2011-10-21 512992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-11 13541376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\DTStrain\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\DTStrain\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe [2011-10-22 14020608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-18 13:28 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2004-02-19 11:23 61440 ----a-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C9F.exe]
2011-10-17 03:52 176640 ----a-w- c:\program files\Internet Explorer\A733\C9F.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2008-06-29 21:16 19456 ----a-w- c:\windows\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2008-06-29 21:16 19968 ----a-w- c:\windows\system32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 16:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-28 18:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-10-18 13:23 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Rockstar Games\\EFLC\\EFLC.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\DTStrain\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"57223:TCP"= 57223:TCP:Pando Media Booster
"57223:UDP"= 57223:UDP:Pando Media Booster
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2011 6:58 AM 366152]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [10/22/2011 7:37 AM 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [10/22/2011 7:37 AM 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [10/22/2011 7:37 AM 955816]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [11/9/2008 4:31 PM 1373480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2011 6:57 AM 22216]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [11/9/2008 4:19 PM 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [11/9/2008 4:19 PM 14336]
S1 MpKsl04dd8b05;MpKsl04dd8b05;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02CC6DC4-DAB5-461F-869B-B5847F99ECE3}\MpKsl04dd8b05.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02CC6DC4-DAB5-461F-869B-B5847F99ECE3}\MpKsl04dd8b05.sys [?]
S1 MpKsl262de312;MpKsl262de312;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F95768B-1230-4997-B3C7-B04347C69E4A}\MpKsl262de312.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F95768B-1230-4997-B3C7-B04347C69E4A}\MpKsl262de312.sys [?]
S1 MpKsl361bb0f1;MpKsl361bb0f1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl361bb0f1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl361bb0f1.sys [?]
S1 MpKsl7fc7224d;MpKsl7fc7224d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl7fc7224d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl7fc7224d.sys [?]
S1 MpKsla3062892;MpKsla3062892;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsla3062892.sys [11/6/2011 5:39 AM 28752]
S1 MpKslda379f59;MpKslda379f59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF7BAF6-3BAD-4FB7-BEEC-3070DFF964BE}\MpKslda379f59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF7BAF6-3BAD-4FB7-BEEC-3070DFF964BE}\MpKslda379f59.sys [?]
S1 MpKsle0eac522;MpKsle0eac522;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACCD6354-9B38-4455-9647-F57E571EB427}\MpKsle0eac522.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACCD6354-9B38-4455-9647-F57E571EB427}\MpKsle0eac522.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 9:09 AM 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 Bropor;Bropor;c:\windows\system32\eventvwr.exe [8/11/2004 4:00 PM 8704]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 9:09 AM 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/30/2010 3:22 PM 24576]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-11-07 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-22 20:46]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 15:09]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 15:09]
.
2011-11-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2011-11-03 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-22 20:46]
.
2011-10-22 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-10-22 20:46]
.
2011-11-07 c:\windows\Tasks\User_Feed_Synchronization-{C5D9E121-DAD6-4D5D-9F3B-77E6EFE62E2A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0081018
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:58364
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-DOBtxP0yc1b3n4Q8234A - c:\windows\system32\SHHH6ssWJ7fL9.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-07 12:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3964981781-3752073502-2909569246-1005\Software\SecuROM\License information*]
"datasecu"=hex:4b,4f,7b,01,75,d1,59,b9,96,23,a2,48,8a,5e,4e,45,39,23,f1,96,5e,
ff,d4,cf,df,ac,49,f7,89,7f,45,a1,ae,17,ae,e9,17,36,c1,c0,f0,a0,dd,8b,bc,74,\
"rkeysecu"=hex:57,c2,d9,00,f6,c8,64,c8,a7,d7,12,6e,e3,d4,43,a4
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(460)
c:\windows\system32\WININET.dll
c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-11-07 12:03:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-07 18:03
.
Pre-Run: 314,986,643,456 bytes free
Post-Run: 315,991,212,032 bytes free
.
- - End Of File - - 829A4371AB1CD381CBF9489CE90F9D18

#6 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,524
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 07 November 2011 - 02:53 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\documents and settings\DTStrain\Application Data\zZ9hYXwkUe
c:\documents and settings\DTStrain\Application Data\sNyxA1uvDoFpHs
c:\documents and settings\DTStrain\Application Data\cqhYXwkUV
c:\documents and settings\DTStrain\Application Data\bqjYCekIBzNx1v
c:\program files\Internet Explorer\A733
c:\documents and settings\DTStrain\Application Data\JdWK8fRZ9TwUeIt
c:\documents and settings\DTStrain\Application Data\gvD2onF4pHs
c:\documents and settings\DTStrain\Application Data\ZLL88gTZqjYCkIr
c:\documents and settings\DTStrain\Application Data\S55ssWJ7fE
c:\documents and settings\DTStrain\Application Data\XqjjYCCwkIVzO
c:\documents and settings\DTStrain\Application Data\ZoonnF4am
c:\program files\380A2
c:\documents and settings\DTStrain\Application Data\34F38

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:58364


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

    In your next post I need the following

    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7 User is offline   js1701 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-November 11

Posted 07 November 2011 - 04:03 PM

Here is the new log file. The internet is still not working.


ComboFix 11-11-07.02 - DTStrain 11/07/2011 13:40:42.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2557.1708 [GMT -6:00]
Running from: c:\documents and settings\DTStrain\Desktop\Logs\ComboFix.exe
Command switches used :: c:\documents and settings\DTStrain\Desktop\Logs\CFScript.txt
AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\DTStrain\Application Data\34F38
c:\documents and settings\DTStrain\Application Data\34F38\716A7.exe
c:\documents and settings\DTStrain\Application Data\34F38\80A2.4F3
c:\documents and settings\DTStrain\Application Data\bqjYCekIBzNx1v
c:\documents and settings\DTStrain\Application Data\cqhYXwkUV
c:\documents and settings\DTStrain\Application Data\cqhYXwkUV\Cloud Protection.ico
c:\documents and settings\DTStrain\Application Data\cqhYXwkUV\libclamav.dll
c:\documents and settings\DTStrain\Application Data\gvD2onF4pHs
c:\documents and settings\DTStrain\Application Data\JdWK8fRZ9TwUeIt
c:\documents and settings\DTStrain\Application Data\JdWK8fRZ9TwUeIt\Cloud Protection.ico
c:\documents and settings\DTStrain\Application Data\S55ssWJ7fE
c:\documents and settings\DTStrain\Application Data\sNyxA1uvDoFpHs
c:\documents and settings\DTStrain\Application Data\sNyxA1uvDoFpHs\Cloud Protection.ico
c:\documents and settings\DTStrain\Application Data\XqjjYCCwkIVzO
c:\documents and settings\DTStrain\Application Data\ZLL88gTZqjYCkIr
c:\documents and settings\DTStrain\Application Data\ZLL88gTZqjYCkIr\Cloud Protection.ico
c:\documents and settings\DTStrain\Application Data\ZoonnF4am
c:\documents and settings\DTStrain\Application Data\zZ9hYXwkUe
c:\program files\380A2
c:\program files\380A2\lvvm.exe
c:\program files\Internet Explorer\A733
c:\program files\Internet Explorer\A733\1.tmp
c:\program files\Internet Explorer\A733\13.tmp
c:\program files\Internet Explorer\A733\15.tmp
c:\program files\Internet Explorer\A733\18.tmp
c:\program files\Internet Explorer\A733\1E.tmp
c:\program files\Internet Explorer\A733\2.tmp
c:\program files\Internet Explorer\A733\3.tmp
c:\program files\Internet Explorer\A733\4.tmp
c:\program files\Internet Explorer\A733\5.tmp
c:\program files\Internet Explorer\A733\6.tmp
c:\program files\Internet Explorer\A733\7.tmp
c:\program files\Internet Explorer\A733\8.tmp
c:\program files\Internet Explorer\A733\9.tmp
c:\program files\Internet Explorer\A733\A.tmp
c:\program files\Internet Explorer\A733\B.tmp
c:\program files\Internet Explorer\A733\C.tmp
c:\program files\Internet Explorer\A733\C9F.exe
c:\program files\Internet Explorer\A733\D.tmp
c:\program files\Internet Explorer\A733\E.tmp
c:\program files\Internet Explorer\A733\EA.tmp
c:\program files\Internet Explorer\A733\F.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 17:58 . 2011-11-07 17:58 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\offreg.dll
2011-11-06 11:39 . 2011-11-06 11:39 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsla3062892.sys
2011-10-22 16:11 . 2011-10-22 16:11 -------- d-----w- c:\windows\USBdevice
2011-10-22 16:10 . 2011-10-22 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-10-22 15:56 . 2011-10-22 15:56 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl26a8fe5a.sys
2011-10-22 15:24 . 2011-10-22 16:11 -------- d-----w- c:\program files\D-Link
2011-10-22 15:24 . 2006-11-27 04:38 499328 ----a-w- c:\windows\system32\drivers\MRVW245.sys
2011-10-22 15:23 . 2011-10-22 15:23 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-10-22 15:23 . 2011-10-22 15:23 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-10-22 15:23 . 2005-11-14 04:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-10-22 15:23 . 2005-11-14 04:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-10-22 15:23 . 2005-11-14 04:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-10-22 15:23 . 2005-11-14 04:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-10-22 15:23 . 2005-11-14 04:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-10-22 14:57 . 2011-10-22 14:57 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsle1939825.sys
2011-10-22 14:45 . 2011-10-22 14:45 -------- d-----w- C:\temp
2011-10-22 13:37 . 2009-01-25 18:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-10-22 13:37 . 2011-10-22 16:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-10-21 02:14 . 2011-10-22 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-10-21 02:14 . 2011-10-22 16:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-21 01:55 . 2011-10-21 01:55 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl18248997.sys
2011-10-21 01:48 . 2011-10-21 00:32 1008092 ----a-w- C:\Rkill.exe
2011-10-18 23:23 . 2011-10-18 23:23 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl90a2c153.sys
2011-10-18 23:17 . 2011-10-18 23:17 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKslb8a58d3f.sys
2011-10-18 12:58 . 2011-10-18 12:58 -------- d-----w- c:\documents and settings\DTStrain\Application Data\Malwarebytes
2011-10-18 12:58 . 2011-10-18 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-18 12:57 . 2011-10-18 12:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-18 12:57 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-16 08:32 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\mpengine.dll
2011-10-13 08:25 . 2011-10-13 08:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-12 23:14 . 2010-04-11 08:05 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2004-08-11 22:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-11 22:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-11 22:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-11 22:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-03 19:40 . 2011-07-20 12:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-07_17.58.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-07 18:01 . 2011-11-07 18:01 16384 c:\windows\Temp\Perflib_Perfdata_8a0.dat
+ 2004-08-11 22:00 . 2011-11-07 18:04 73216 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2011-11-07 12:16 73216 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2011-11-07 18:04 446136 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2011-11-07 12:16 446136 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-02-04 106496]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-18 68856]
"Spyware Doctor"="c:\documents and settings\DTStrain\Desktop\sdsetup.exe" [2011-10-21 512992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-11 13541376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\DTStrain\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\DTStrain\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe [2011-10-22 14020608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-18 13:28 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2004-02-19 11:23 61440 ----a-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2008-06-29 21:16 19456 ----a-w- c:\windows\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2008-06-29 21:16 19968 ----a-w- c:\windows\system32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 16:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-28 18:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-10-18 13:23 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Rockstar Games\\EFLC\\EFLC.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\DTStrain\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"57223:TCP"= 57223:TCP:Pando Media Booster
"57223:UDP"= 57223:UDP:Pando Media Booster
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2011 6:58 AM 366152]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [10/22/2011 7:37 AM 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [10/22/2011 7:37 AM 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [10/22/2011 7:37 AM 955816]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [11/9/2008 4:31 PM 1373480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2011 6:57 AM 22216]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [11/9/2008 4:19 PM 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [11/9/2008 4:19 PM 14336]
S1 MpKsl04dd8b05;MpKsl04dd8b05;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02CC6DC4-DAB5-461F-869B-B5847F99ECE3}\MpKsl04dd8b05.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02CC6DC4-DAB5-461F-869B-B5847F99ECE3}\MpKsl04dd8b05.sys [?]
S1 MpKsl262de312;MpKsl262de312;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F95768B-1230-4997-B3C7-B04347C69E4A}\MpKsl262de312.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F95768B-1230-4997-B3C7-B04347C69E4A}\MpKsl262de312.sys [?]
S1 MpKsl361bb0f1;MpKsl361bb0f1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl361bb0f1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl361bb0f1.sys [?]
S1 MpKsl7fc7224d;MpKsl7fc7224d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl7fc7224d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl7fc7224d.sys [?]
S1 MpKsla3062892;MpKsla3062892;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsla3062892.sys [11/6/2011 5:39 AM 28752]
S1 MpKslda379f59;MpKslda379f59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF7BAF6-3BAD-4FB7-BEEC-3070DFF964BE}\MpKslda379f59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF7BAF6-3BAD-4FB7-BEEC-3070DFF964BE}\MpKslda379f59.sys [?]
S1 MpKsle0eac522;MpKsle0eac522;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACCD6354-9B38-4455-9647-F57E571EB427}\MpKsle0eac522.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACCD6354-9B38-4455-9647-F57E571EB427}\MpKsle0eac522.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 9:09 AM 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 Bropor;Bropor;c:\windows\system32\eventvwr.exe [8/11/2004 4:00 PM 8704]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 9:09 AM 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/30/2010 3:22 PM 24576]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-11-07 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-22 20:46]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 15:09]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 15:09]
.
2011-11-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2011-11-03 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-22 20:46]
.
2011-10-22 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-10-22 20:46]
.
2011-11-07 c:\windows\Tasks\User_Feed_Synchronization-{C5D9E121-DAD6-4D5D-9F3B-77E6EFE62E2A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0081018
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-C9F - c:\program files\Internet Explorer\A733\C9F.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-07 13:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3964981781-3752073502-2909569246-1005\Software\SecuROM\License information*]
"datasecu"=hex:4b,4f,7b,01,75,d1,59,b9,96,23,a2,48,8a,5e,4e,45,39,23,f1,96,5e,
ff,d4,cf,df,ac,49,f7,89,7f,45,a1,ae,17,ae,e9,17,36,c1,c0,f0,a0,dd,8b,bc,74,\
"rkeysecu"=hex:57,c2,d9,00,f6,c8,64,c8,a7,d7,12,6e,e3,d4,43,a4
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-11-07 13:50:23
ComboFix-quarantined-files.txt 2011-11-07 19:50
ComboFix2.txt 2011-11-07 18:03
.
Pre-Run: 316,001,480,704 bytes free
Post-Run: 316,085,702,656 bytes free
.
- - End Of File - - 28DFCFD3A686833C72E6D7C270E846D0

#8 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,524
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 07 November 2011 - 05:34 PM

Hello


For now until we can get you online I want you to uninstall AVG and MSE


please run the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
NetBT.sys
afd.sys
ipsec.sys

:reg
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd /s
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt /s
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec /s


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9 User is offline   js1701 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-November 11

Posted 07 November 2011 - 06:50 PM

I uninstalled MSE. AVG was previously uninstalled and no longer shows up on the list of programs to remove.

Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:48 on 07/11/2011 by DTStrain
Administrator - Elevation successful

========== filefind ==========

Searching for "NetBT.sys"
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 162816 bytes [22:44 17/04/2010] [10:00 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\ServicePackFiles\i386\netbt.sys ------- 162816 bytes [11:20 10/11/2008] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\dllcache\netbt.sys --a---- 162816 bytes [22:00 11/08/2004] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D

Searching for "afd.sys"
C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys --a---- 138496 bytes [02:50 18/06/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys --a---- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099
C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys --a---- 138496 bytes [05:36 13/10/2011] [13:41 17/08/2011] F6B7B1ECD7B41736BDB6FF4B092BCB79
C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys --a---- 138368 bytes [10:44 20/06/2008] [10:44 20/06/2008] D99DDFFB33DEACDCF20717CB520379F6
C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys --a---- 138496 bytes [11:40 20/06/2008] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys --a---- 138496 bytes [11:48 20/06/2008] [11:48 20/06/2008] D6EE6014241D034E63C49A50CB2B442A
C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys --a---- 138368 bytes [11:10 10/11/2008] [09:48 14/08/2008] 6A0397376853E604DE8E1E7A87FC08AC
C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys --a---- 138496 bytes [11:10 10/11/2008] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7
C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys --a---- 138496 bytes [11:10 10/11/2008] [10:34 14/08/2008] 4D43E74F2A1239D53929B82600F1971C
C:\WINDOWS\$NtServicePackUninstall$\afd.sys -----c- 138368 bytes [22:44 17/04/2010] [09:51 14/08/2008] 55E6E1C51B6D30E54335750955453702
C:\WINDOWS\$NtUninstallKB2503665$\afd.sys -----c- 138496 bytes [08:06 18/06/2011] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys -----c- 138496 bytes [08:01 18/04/2011] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7
C:\WINDOWS\$NtUninstallKB2592799$\afd.sys -----c- 138496 bytes [08:02 13/10/2011] [13:22 16/02/2011] 355556D9E580915118CD7EF736653A89
C:\WINDOWS\$NtUninstallKB951748$\afd.sys -----c- 138112 bytes [22:56 17/04/2010] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\$NtUninstallKB956803$\afd.sys -----c- 138496 bytes [22:57 17/04/2010] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C
C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys -----c- 138496 bytes [11:35 11/11/2008] [10:00 04/08/2004] 5AC495F4CB807B2B98AD2AD591E6D92E
C:\WINDOWS\ServicePackFiles\i386\afd.sys ------- 138112 bytes [11:19 10/11/2008] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\system32\dllcache\afd.sys ------- 138496 bytes [11:40 20/06/2008] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\system32\drivers\afd.sys --a---- 138496 bytes [22:00 11/08/2004] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9

Searching for "ipsec.sys"
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [22:44 17/04/2010] [10:00 04/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys ------- 75264 bytes [11:19 10/11/2008] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\drivers\ipsec.sys --a---- 75264 bytes [22:00 11/08/2004] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91

========== reg ==========

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd]
"DisplayName"="AFD"
"Description"="AFD Networking Support Environment"
"Group"="TDI"
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)
"ErrorControl"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Parameters]
(No values found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Security]
"Security"=01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Enum]
"0"="Root\LEGACY_AFD\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt]
(No values found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters]
"TransportBindName"="\Device\"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Enum]
"0"="Root\LEGACY_NETBT\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec]
"Type"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"ErrorControl"= 0x0000000001 (1)
"Tag"= 0x0000000004 (4)
"ImagePath"="system32\DRIVERS\ipsec.sys"
"DisplayName"="IPSEC driver"
"Group"="PNP_TDI"
"Description"="IPSEC driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec\Security]
"Security"=01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec\Enum]
"0"="Root\LEGACY_IPSEC\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


-= EOF =-

#10 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,524
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 07 November 2011 - 07:03 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

FCopy::
C:\WINDOWS\system32\dllcache\netbt.sys | C:\WINDOWS\system32\drivers\NetBT.sys


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

    In your next post I need the following

    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#11 User is offline   js1701 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-November 11

Posted 07 November 2011 - 07:26 PM

It still had messages come up about AVG running even though it doesn't show as being installed, and that System Restore wasn't working. Internet still doesn't connect.

Here's the new log:

ComboFix 11-11-07.02 - DTStrain 11/07/2011 17:19:05.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2557.1862 [GMT -6:00]
Running from: c:\documents and settings\DTStrain\Desktop\Logs\ComboFix.exe
Command switches used :: c:\documents and settings\DTStrain\Desktop\Logs\CFScript.txt
AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\netbt.sys --> c:\windows\system32\drivers\NetBT.sys
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 23:19 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\NetBT.sys
2011-11-07 23:19 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2011-11-07 22:44 . 2011-11-07 22:44 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-10-22 16:11 . 2011-10-22 16:11 -------- d-----w- c:\windows\USBdevice
2011-10-21 01:48 . 2011-10-21 00:32 1008092 ----a-w- C:\Rkill.exe
2011-10-18 12:58 . 2011-10-18 12:58 -------- d-----w- c:\documents and settings\DTStrain\Application Data\Malwarebytes
2011-10-18 12:58 . 2011-10-18 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-18 12:57 . 2011-10-18 12:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-18 12:57 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-13 08:25 . 2011-10-13 08:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-11 22:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-11 22:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-11 22:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-11 22:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-03 19:40 . 2011-07-20 12:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-07_17.58.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-07 18:01 . 2011-11-07 18:01 16384 c:\windows\Temp\Perflib_Perfdata_8a0.dat
+ 2004-08-11 22:00 . 2011-11-07 18:04 73216 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2011-11-07 12:16 73216 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2011-11-07 18:04 446136 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2011-11-07 12:16 446136 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-02-04 106496]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-18 68856]
"Spyware Doctor"="c:\documents and settings\DTStrain\Desktop\sdsetup.exe" [2011-10-21 512992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-11 13541376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\DTStrain\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\DTStrain\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe [2011-10-22 14020608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-18 13:28 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2004-02-19 11:23 61440 ----a-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2008-06-29 21:16 19456 ----a-w- c:\windows\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2008-06-29 21:16 19968 ----a-w- c:\windows\system32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 16:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-28 18:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-10-18 13:23 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Rockstar Games\\EFLC\\EFLC.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\DTStrain\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"57223:TCP"= 57223:TCP:Pando Media Booster
"57223:UDP"= 57223:UDP:Pando Media Booster
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2011 6:58 AM 366152]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [10/22/2011 7:37 AM 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [10/22/2011 7:37 AM 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [10/22/2011 7:37 AM 955816]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [11/9/2008 4:31 PM 1373480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2011 6:57 AM 22216]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [11/9/2008 4:19 PM 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [11/9/2008 4:19 PM 14336]
S1 MpKsl04dd8b05;MpKsl04dd8b05;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02CC6DC4-DAB5-461F-869B-B5847F99ECE3}\MpKsl04dd8b05.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02CC6DC4-DAB5-461F-869B-B5847F99ECE3}\MpKsl04dd8b05.sys [?]
S1 MpKsl262de312;MpKsl262de312;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F95768B-1230-4997-B3C7-B04347C69E4A}\MpKsl262de312.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F95768B-1230-4997-B3C7-B04347C69E4A}\MpKsl262de312.sys [?]
S1 MpKsl361bb0f1;MpKsl361bb0f1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl361bb0f1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl361bb0f1.sys [?]
S1 MpKsl7fc7224d;MpKsl7fc7224d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl7fc7224d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsl7fc7224d.sys [?]
S1 MpKsla3062892;MpKsla3062892;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsla3062892.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72D82EC4-E734-4094-A514-13DC5347C97F}\MpKsla3062892.sys [?]
S1 MpKslda379f59;MpKslda379f59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF7BAF6-3BAD-4FB7-BEEC-3070DFF964BE}\MpKslda379f59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FF7BAF6-3BAD-4FB7-BEEC-3070DFF964BE}\MpKslda379f59.sys [?]
S1 MpKsle0eac522;MpKsle0eac522;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACCD6354-9B38-4455-9647-F57E571EB427}\MpKsle0eac522.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACCD6354-9B38-4455-9647-F57E571EB427}\MpKsle0eac522.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 9:09 AM 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 Bropor;Bropor;c:\windows\system32\eventvwr.exe [8/11/2004 4:00 PM 8704]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 9:09 AM 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/30/2010 3:22 PM 24576]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-11-07 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-22 20:46]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 15:09]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 15:09]
.
2011-11-03 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-22 20:46]
.
2011-10-22 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-10-22 20:46]
.
2011-11-07 c:\windows\Tasks\User_Feed_Synchronization-{C5D9E121-DAD6-4D5D-9F3B-77E6EFE62E2A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0081018
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\DTStrain\Application Data\Mozilla\Firefox\Profiles\tpgslzzd.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-07 17:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3964981781-3752073502-2909569246-1005\Software\SecuROM\License information*]
"datasecu"=hex:4b,4f,7b,01,75,d1,59,b9,96,23,a2,48,8a,5e,4e,45,39,23,f1,96,5e,
ff,d4,cf,df,ac,49,f7,89,7f,45,a1,ae,17,ae,e9,17,36,c1,c0,f0,a0,dd,8b,bc,74,\
"rkeysecu"=hex:57,c2,d9,00,f6,c8,64,c8,a7,d7,12,6e,e3,d4,43,a4
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3212)
c:\windows\system32\WININET.dll
c:\documents and settings\DTStrain\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-11-07 17:23:19
ComboFix-quarantined-files.txt 2011-11-07 23:23
ComboFix2.txt 2011-11-07 19:50
ComboFix3.txt 2011-11-07 18:03
.
Pre-Run: 316,435,906,560 bytes free
Post-Run: 316,417,949,696 bytes free
.
- - End Of File - - 8FFDD85349CE07F24668692FE660B730

#12 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,524
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 07 November 2011 - 07:27 PM

still no internet ?


gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#13 User is offline   js1701 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-November 11

Posted 08 November 2011 - 07:58 AM

No still no internet. It just says "acquiring network address" but never actually connects. This is a wired connection. I'd originally also tried hooking up a wireless usb card and it also wouldn't connect to the internet, but I haven't tried again since running all of these scripts and programs.

#14 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,524
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 08 November 2011 - 08:34 AM

Hello

I want you to try this

Click on the "Start" button
and now go to "Control Panal"
swtich to "Classic View"
find the icon "Network Connections" and double click
on the left hand side you will see "Set Up Home or Small Office Network" click on it
network setup wizard will open
click on "Next"
"Next" again
put a checkmark in "ignore disconnected network hardware"
click on "Next"
put a check on "Other"
click on "Next"
put a check on "this computer connects directly to the internet i do not have a network yet"
click on "Next"
if not filled in fill in computers name and discription
click on "Next"
fill in workgroup name
click on "Next"
turn on or off printer sharing (you will know if you need it)
click on "Next"
click on "Next"
wait a few minutes while it works
check "just finish the wizard"
click on "Next"
click on "Finish"

restart the computer and check connection

come back and let me know

gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#15 User is offline   js1701 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 15
  • Joined: 02-November 11

Posted 08 November 2011 - 09:58 PM

Under Network Connections, I tried running Network Setup Wizard and selected all the options you listed. The wizard finished and said it was successful, so I then restarted. It still doesn't connect to the internet.

Local Area Connection 2 says it's acquiring a network address, but it continuously says that. Local Area Connection says its uplugged. 1391 says it's connected.

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users