Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google analytics/antivirus can't access updates


  • This topic is locked This topic is locked
23 replies to this topic

#1 Jehlert

Jehlert

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 23 October 2010 - 11:36 AM

Been having trouble with my browser opening to a google analytics page that does not open at all. Really noticed something wrong when Trend Micro Internet Security will not gain updates anymore. Gets the message that "an error prevented your security software from contacting Trend Micro". I tried reinstalling the entire program to no avail. Vista will not create restore points anymore and the backup program will not recognize drive C: any longer. I attempted to run Trend's Housecall which turned up an error as well stating that it is "unable to complete download. Please ensure you have an internet connection and try again. Error E:1082046195:0 Not sure what to do here. Following is the info requested from DDS.


DDS (Ver_10-10-21.02) - NTFSx86
Run by New Computer at 9:14:15.02 on Sat 10/23/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1836 [GMT -6:00]

SP: Trend Micro Internet Security *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\NEWCOM~1\AppData\Local\Temp\Cx2.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Users\New Computer\Program Files\DNA\btdna.exe
C:\Users\New Computer\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\New Computer\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: FCToolbarURLSearchHook Class: {61420c5c-7f3e-4f29-9987-e7e31687ab75} - c:\program files\adventurequest worlds toolbar\Helper.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Freecause Toolbar BHO: {745a6d3b-4db0-4246-b596-9189787d4ed5} - c:\program files\adventurequest worlds toolbar\Toolbar.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AdventureQuest Worlds Toolbar: {3385e2d6-567b-4fc6-8f0f-d7a8c6e6118c} - c:\program files\adventurequest worlds toolbar\Toolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BitTorrent DNA] "c:\users\new computer\program files\dna\btdna.exe"
uRun: [WeatherEye] c:\users\new computer\appdata\local\theweathernetwork\weathereye\WeatherEye.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.164.125,93.188.160.205
TCP: {52A37BBC-CA1E-4350-93CD-666C91A92552} = 93.188.164.125,93.188.160.205

================= FIREFOX ===================

FF - ProfilePath - c:\users\newcom~1\appdata\roaming\mozilla\firefox\profiles\4mxwaitv.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppanda3d.dll
FF - plugin: c:\users\new computer\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-10-22 146448]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-10-22 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-10-22 283152]
R3 SaiH0763;SaiH0763;c:\windows\system32\drivers\SaiH0763.sys [2008-2-15 136832]
R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\drivers\SaiH0BAC.sys [2009-3-5 138112]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-10-22 50704]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-10-22 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-10-22 689416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-15 136176]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-2-4 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-23 04:29:50 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-10-23 04:29:50 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-10-23 04:29:50 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-10-23 04:29:50 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-10-23 04:29:50 283152 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2010-10-23 04:29:50 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-10-23 04:29:50 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-23 04:29:50 146448 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2010-10-23 04:29:50 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-10-19 04:13:43 -------- d-----w- c:\users\new computer\.thinupload
2010-10-18 13:41:30 -------- d-----w- c:\users\newcom~1\appdata\local\Trend Micro
2010-10-18 13:41:06 -------- d-----w- c:\progra~2\boost_interprocess
2010-10-14 15:13:57 196608 ----a-w- c:\windows\Cqytea.exe
2010-10-12 20:45:02 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 20:44:46 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-12 20:44:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 20:43:41 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-12 20:43:41 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-12 20:43:41 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-12 20:43:40 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-12 20:43:40 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-12 20:43:13 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-12 20:43:08 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-12 20:43:08 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-12 20:43:03 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-09 19:56:46 8192 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2010-10-09 19:56:29 140864 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2010-10-09 19:56:18 98304 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2010-10-09 19:55:54 -------- d-----w- c:\program files\common files\xing shared
2010-10-09 19:55:01 569397 ----a-w- c:\program files\internet explorer\plugins\richfx\player\nprfxins.dll
2010-10-09 19:54:54 -------- d-----w- c:\program files\common files\Real
2010-10-07 22:59:20 -------- d-----w- C:\3d324bd615dcd1831199e7b9a103
2010-09-29 14:35:21 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 14:35:04 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

==================== Find3M ====================

2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 9:17:15.73 ===============

I was finally able to get malwarebytes to load by installing it on an external hard drive and renaming it. It found 5 various trojans but could not delete them. An error message came up saying that it had to shut down the program. I was able to attempt this twice with the same results. Now I cannot even do this as every attempt to open the program results in a runtime error 0. I was also able to get the updates to Trend Micro Security but it is not finding anything, neither has Eset online. I have also tried running Spybot but cannot open this program either so I have removed it. I am anxiously awaiting someone's advice and would like the go ahead to try Combofix. Anyone?

I am concerned about using this computer for online banking and such until these trojans have been resolved. I removed Spybot as it never did open after several installs.

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 29 October 2010 - 04:46 PM.


BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:38 PM

Posted 01 November 2010 - 01:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 Jehlert

Jehlert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 01 November 2010 - 11:53 PM

Thanks for getting back to me! Here is the new DDS and GMER info as requested. By unistalling and then reinstalling Malwarebytes in safe mode I was finally able to have it find and delete 5 trojans. Things seem to be better, although I am still concerned that there is more to it than that. At the same time this all took place Windows backup and restore quit working. I don't know if this is a separate issue or not. Backup is seeing drive (C:) as missing and therefore will not create a shadow copy and create a backup to my external drive as it has been doing for months now. Like I said, I don't know if the trojan issue has anything to do with this or not. Trend Micro Security seems to be working properly now doing regular updates. My browser (Opera) no longer seems to be redirecting to unknown sites any longer although it does still cause some sites to go blank right after clicking on the hypertext. This is easily corrected by hitting the back button, but is annoying. I would just like to know for sure that everything is clean and back to normal. I have still not done any banking or other secure sensitive activities until I get the all clear.

Thank you for the help
Jody
Attached File  ark.txt   5.13KB   6 downloads


DDS (Ver_10-10-21.02) - NTFSx86
Run by New Computer at 18:13:49.17 on Mon 11/01/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1201 [GMT -6:00]

SP: Trend Micro Internet Security *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Users\New Computer\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Users\New Computer\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Opera\Opera.exe
C:\Users\New Computer\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WeatherEye] c:\users\new computer\appdata\local\theweathernetwork\weathereye\WeatherEye.exe
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [BitTorrent DNA] "c:\users\new computer\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-10-22 146448]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-10-23 36432]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-10-22 283152]
R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\drivers\SaiH0BAC.sys [2009-3-5 138112]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-10-22 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-10-22 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-10-22 689416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-15 136176]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-2-4 21504]
S3 SaiH0763;SaiH0763;c:\windows\system32\drivers\SaiH0763.sys [2008-2-15 136832]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-30 22:46:29 -------- d-----w- c:\users\newcom~1\appdata\roaming\ASCOMP Software
2010-10-30 22:46:21 1242552 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-10-30 22:46:21 -------- d-----w- c:\program files\ASCOMP Software
2010-10-30 20:42:19 -------- d-----w- c:\program files\Sophos
2010-10-30 15:40:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 15:40:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-30 15:11:20 -------- d-s---w- C:\ComboFix
2010-10-27 23:37:21 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 23:37:21 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 23:37:20 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 00:34:17 -------- d-----w- c:\users\newcom~1\appdata\roaming\SUPERAntiSpyware.com
2010-10-26 00:34:17 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-10-26 00:33:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-26 00:30:54 2400464 ----a-w- C:\MGtools.exe
2010-10-26 00:22:10 -------- d-----w- c:\program files\DNA
2010-10-25 19:02:55 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-24 23:32:44 -------- d-----w- c:\program files\ESET
2010-10-24 19:46:24 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-10-24 05:17:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-23 22:50:47 36432 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-10-23 22:50:47 249424 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-10-23 22:50:47 1331512 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-10-23 20:43:13 -------- d-----w- c:\users\newcom~1\appdata\roaming\Malwarebytes
2010-10-23 17:25:39 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-23 04:29:50 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-10-23 04:29:50 59472 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-10-23 04:29:50 51792 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-10-23 04:29:50 283152 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2010-10-23 04:29:50 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-23 04:29:50 146448 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2010-10-19 04:13:43 -------- d-----w- c:\users\new computer\.thinupload
2010-10-18 13:41:30 -------- d-----w- c:\users\newcom~1\appdata\local\Trend Micro
2010-10-18 13:41:06 -------- d-----w- c:\progra~2\boost_interprocess
2010-10-12 20:45:02 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 20:44:46 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-12 20:44:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 20:43:41 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-12 20:43:41 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-12 20:43:41 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-12 20:43:40 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-12 20:43:40 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-12 20:43:13 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-12 20:43:08 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-12 20:43:08 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-12 20:43:03 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-09 19:56:46 8192 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2010-10-09 19:56:29 140864 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2010-10-09 19:56:18 98304 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2010-10-09 19:55:54 -------- d-----w- c:\program files\common files\xing shared
2010-10-09 19:55:01 569397 ----a-w- c:\program files\internet explorer\plugins\richfx\player\nprfxins.dll
2010-10-09 19:54:54 -------- d-----w- c:\program files\common files\Real
2010-10-07 22:59:20 -------- d-----w- C:\3d324bd615dcd1831199e7b9a103

==================== Find3M ====================

2010-09-15 10:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 18:16:48.30 ===============

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:38 AM

Posted 02 November 2010 - 10:15 AM

Hello and welcome to Bleeping Computer. :)

*Please enable topic reply notification, follow step # 4 -> Here.

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please do not attach logs unless instructed.

*You must reply within 5 days otherwise this topic will be closed.


=======================================


1. Can you please post the latest MBAM log. Open MBAM and click the "Logs tab" to locate the log.


2. Please download MBRCheck to your desktop.
  • Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista/Windows 7).
  • It will open a black window, please do not fix anything (if it gives you an option).
  • Exit that window and it will produce a log (MBRCheck_date_time).
  • Please post that log when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 Jehlert

Jehlert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 02 November 2010 - 01:54 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4998

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18975

10/30/2010 9:55:44 AM
mbam-log-2010-10-30 (09-55-44).txt

Scan type: Quick scan
Objects scanned: 138443
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc
BIOS Manufacturer: Dell Inc
System Manufacturer: Dell Inc
System Product Name: Dimension E521
Logical Drives Mask: 0x0000009c

Kernel Drivers (total 144):
0x82047000 \SystemRoot\system32\ntkrnlpa.exe
0x82014000 \SystemRoot\system32\hal.dll
0x80406000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\PSHED.dll
0x8041E000 \SystemRoot\system32\BOOTVID.dll
0x80426000 \SystemRoot\system32\CLFS.SYS
0x80467000 \SystemRoot\system32\CI.dll
0x80547000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80609000 \SystemRoot\system32\drivers\acpi.sys
0x8064F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80658000 \SystemRoot\system32\drivers\msisadrv.sys
0x80660000 \SystemRoot\system32\drivers\pci.sys
0x80687000 \SystemRoot\System32\drivers\partmgr.sys
0x80696000 \SystemRoot\system32\drivers\volmgr.sys
0x806A5000 \SystemRoot\System32\drivers\volmgrx.sys
0x806EF000 \SystemRoot\System32\drivers\mountmgr.sys
0x806FF000 \SystemRoot\system32\drivers\nvstor.sys
0x8070C000 \SystemRoot\system32\drivers\storport.sys
0x8074D000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x8076A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8079C000 \SystemRoot\system32\drivers\fileinfo.sys
0x82602000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82673000 \SystemRoot\system32\drivers\ndis.sys
0x8277E000 \SystemRoot\system32\drivers\msrpc.sys
0x827A9000 \SystemRoot\system32\drivers\NETIO.SYS
0x82C04000 \SystemRoot\System32\drivers\tcpip.sys
0x82CEE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x82E06000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82F16000 \SystemRoot\system32\drivers\volsnap.sys
0x82F4F000 \SystemRoot\System32\Drivers\spldr.sys
0x82F57000 \SystemRoot\System32\Drivers\mup.sys
0x82F66000 \SystemRoot\System32\drivers\ecache.sys
0x82F8D000 \SystemRoot\system32\drivers\disk.sys
0x82F9E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82FBF000 \SystemRoot\system32\drivers\crcdisk.sys
0x82D09000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82D14000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82D1D000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8DE0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8E88C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8E88E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E92F000 \SystemRoot\System32\drivers\watchdog.sys
0x8E93B000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8E945000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E983000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E992000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E9AA000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x8E9BB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E9C6000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8E9D6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x82D2D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x82DBA000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E9E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x82DE9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E9EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807AC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x827E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807CF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807E3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x805D0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DE00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x827F3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x80600000 \SystemRoot\system32\drivers\SaiBus.sys
0x8DE0B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EC05000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EC2F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EC39000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EC46000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EC7B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EC8C000 \SystemRoot\system32\DRIVERS\SaiMini.sys
0x8EC90000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8ECA0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ECA7000 \SystemRoot\system32\drivers\HdAudio.sys
0x8ECE6000 \SystemRoot\system32\drivers\portcls.sys
0x8ED13000 \SystemRoot\system32\drivers\drmk.sys
0x8ED38000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8ED41000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8ED49000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8ED52000 \SystemRoot\System32\Drivers\Null.SYS
0x8ED59000 \SystemRoot\System32\Drivers\Beep.SYS
0x8ED60000 \SystemRoot\System32\drivers\vga.sys
0x8ED6C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8ED8D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8ED95000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8ED9D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EDA8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EDB6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EDBF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EDD5000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F20C000 \SystemRoot\system32\drivers\afd.sys
0x8F254000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F286000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F29C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F2B3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F2B5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F2BE000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x8F2C5000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x8F2CD000 \SystemRoot\system32\DRIVERS\tmlwf.sys
0x8F2F3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F301000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F314000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0x8F329000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8F34B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8F351000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F38D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F397000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F3AE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F3BB000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8F3C5000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x82FC8000 \SystemRoot\system32\DRIVERS\SaiH0BAC.sys
0x976D0000 \SystemRoot\System32\win32k.sys
0x8F3E2000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F3EC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x978F0000 \SystemRoot\System32\TSDDD.dll
0x97910000 \SystemRoot\System32\cdd.dll
0x805E0000 \SystemRoot\system32\drivers\luafv.sys
0x8EDE9000 \SystemRoot\system32\DRIVERS\tmpreflt.sys
0x9B800000 \SystemRoot\system32\DRIVERS\vsapint.sys
0x9B944000 \SystemRoot\system32\DRIVERS\tmxpflt.sys
0x9E20C000 \SystemRoot\system32\drivers\spsys.sys
0x9E2BC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9E2CC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E2DF000 \SystemRoot\system32\drivers\HTTP.sys
0x9E34C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E369000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E382000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E397000 \SystemRoot\system32\drivers\mrxdav.sys
0x9E3B8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B998000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E3D7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B9D1000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0008000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0056000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA006C000 \SystemRoot\system32\DRIVERS\tmcomm.sys
0xA00A0000 \SystemRoot\system32\drivers\peauth.sys
0xA017E000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA01A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA01B0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA420C000 \SystemRoot\system32\DRIVERS\tmwfp.sys
0xA43B6000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys
0xA43C5000 \SystemRoot\system32\DRIVERS\tmactmon.sys
0xA43DB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x77000000 \Windows\System32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
532 csrss.exe
584 C:\Windows\System32\wininit.exe
592 csrss.exe
628 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
648 C:\Windows\System32\lsm.exe
676 C:\Windows\System32\winlogon.exe
832 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\nvvsvc.exe
936 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\audiodg.exe
1272 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\SLsvc.exe
1372 C:\Windows\System32\nvvsvc.exe
1396 C:\Windows\System32\svchost.exe
1604 C:\Windows\System32\svchost.exe
1832 C:\Windows\System32\spoolsv.exe
1844 C:\Windows\System32\taskeng.exe
1872 C:\Windows\System32\svchost.exe
1936 C:\Windows\System32\taskeng.exe
1952 C:\Windows\System32\dwm.exe
1984 C:\Windows\explorer.exe
824 C:\Windows\System32\taskeng.exe
1560 C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
1584 C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
1764 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1980 C:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe
1684 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
2108 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2128 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2152 C:\Windows\ehome\ehtray.exe
2184 C:\Users\New Computer\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
2216 C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
2240 C:\Users\New Computer\Program Files\DNA\btdna.exe
2252 C:\Program Files\Windows Media Player\wmpnscfg.exe
2264 C:\Program Files\Logitech\SetPoint\SetPoint.exe
2316 C:\Windows\ehome\ehmsas.exe
2412 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
2872 C:\Windows\System32\svchost.exe
3060 C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
3112 C:\Windows\System32\svchost.exe
3328 C:\Windows\System32\VSSVC.exe
3352 C:\Windows\System32\svchost.exe
3384 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3420 C:\Windows\System32\SearchIndexer.exe
3544 C:\Program Files\Windows Media Player\wmpnetwk.exe
3996 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2356 C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2868 C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
1036 C:\Windows\System32\wbem\unsecapp.exe
4024 WmiPrvSE.exe
2428 C:\Program Files\Mozilla Thunderbird\thunderbird.exe
1736 C:\Program Files\Opera\opera.exe
5820 C:\Windows\servicing\TrustedInstaller.exe
5100 C:\Program Files\Trend Micro\BM\TMBMSRV.exe
3592 C:\Windows\System32\SearchProtocolHost.exe
5252 C:\Windows\System32\SearchFilterHost.exe
6020 dllhost.exe
5304 dllhost.exe
4712 C:\Users\New Computer\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AD
PhysicalDrive1 Model Number: ST380819AS, Rev: 8.03
PhysicalDrive2 Model Number: IC35L080AVVA07-0, Rev: VA4O

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
74 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
76 GB \\.\PhysicalDrive2 RE: Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!

Hope this is what you needed! Thank You
Jody

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:38 AM

Posted 05 November 2010 - 12:05 PM

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 Jehlert

Jehlert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 05 November 2010 - 08:23 PM

ComboFix would not open in Windows. I was able to get it to run in Safe Mode. Not sure if this was ok or not. It did run though and this is the log. It did not restart the computer when it was done. It did inform me that it detected both Micro Internet Security and Spybot scanners still active. I was unable to shut down Trend in Safe Mode, and I have tried to uninstall Spybot days ago but there seems to be some trace of it somewhere. It is no longer in the programs file so I am unsure as to what CF was finding.
Jody



ComboFix 10-11-05.05 - New Computer 11/05/2010 18:22:14.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2665 [GMT -6:00]
Running from: c:\users\New Computer\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Trend Micro Internet Security *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\service
c:\windows\system32\service\01092010_TIS17_SfFniAU.log
c:\windows\system32\service\02082010_TIS17_SfFniAU.log
c:\windows\system32\service\02102010_TIS17_SfFniAU.log
c:\windows\system32\service\03082010_TIS17_SfFniAU.log
c:\windows\system32\service\03092010_TIS17_SfFniAU.log
c:\windows\system32\service\04092010_TIS17_SfFniAU.log
c:\windows\system32\service\04102010_TIS17_SfFniAU.log
c:\windows\system32\service\05092010_TIS17_SfFniAU.log
c:\windows\system32\service\06062010_TIS17_SfFniAU.log
c:\windows\system32\service\07092010_TIS17_SfFniAU.log
c:\windows\system32\service\08062010_TIS17_SfFniAU.log
c:\windows\system32\service\08092010_TIS17_SfFniAU.log
c:\windows\system32\service\09092010_TIS17_SfFniAU.log
c:\windows\system32\service\09102010_TIS17_SfFniAU.log
c:\windows\system32\service\10082010_TIS17_SfFniAU.log
c:\windows\system32\service\11082010_TIS17_SfFniAU.log
c:\windows\system32\service\12062010_TIS17_SfFniAU.log
c:\windows\system32\service\12082010_TIS17_SfFniAU.log
c:\windows\system32\service\13042010_TIS17_SfFniAU.log
c:\windows\system32\service\13072010_TIS17_SfFniAU.log
c:\windows\system32\service\14062010_TIS17_SfFniAU.log
c:\windows\system32\service\14082010_TIS17_SfFniAU.log
c:\windows\system32\service\14092010_TIS17_SfFniAU.log
c:\windows\system32\service\16062010_TIS17_SfFniAU.log
c:\windows\system32\service\17072010_TIS17_SfFniAU.log
c:\windows\system32\service\20022010_TIS17_SfFniAU.log
c:\windows\system32\service\21062010_TIS17_SfFniAU.log
c:\windows\system32\service\22052010_TIS17_SfFniAU.log
c:\windows\system32\service\22102010_TIS17_SfFniAU.log
c:\windows\system32\service\23042010_TIS17_SfFniAU.log
c:\windows\system32\service\23052010_TIS17_SfFniAU.log
c:\windows\system32\service\23082010_TIS17_SfFniAU.log
c:\windows\system32\service\24032010_TIS17_SfFniAU.log
c:\windows\system32\service\24052010_TIS17_SfFniAU.log
c:\windows\system32\service\25022010_TIS17_SfFniAU.log
c:\windows\system32\service\25082010_TIS17_SfFniAU.log
c:\windows\system32\service\26052010_TIS17_SfFniAU.log
c:\windows\system32\service\26062010_TIS17_SfFniAU.log
c:\windows\system32\service\27072010_TIS17_SfFniAU.log
c:\windows\system32\service\28022010_TIS17_SfFniAU.log
c:\windows\system32\service\28082010_TIS17_SfFniAU.log
c:\windows\system32\service\28092010_TIS17_SfFniAU.log
c:\windows\system32\service\30052010_TIS17_SfFniAU.log
c:\windows\system32\service\30082010_TIS17_SfFniAU.log
c:\windows\system32\service\30092010_TIS17_SfFniAU.log
c:\windows\system32\service\31032010_TIS17_SfFniAU.log

.
((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-11-06 00:27 . 2010-11-06 00:28 -------- d-----w- c:\users\New Computer\AppData\Local\temp
2010-11-06 00:27 . 2010-11-06 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-06 00:18 . 2010-11-06 00:20 -------- d-----w- C:\32788R22FWJFW
2010-11-05 02:36 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-05 02:36 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-05 02:27 . 2010-11-05 02:04 284752 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2010-11-05 02:27 . 2010-11-05 02:04 143952 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2010-11-05 02:12 . 2010-11-05 02:04 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-11-05 02:11 . 2010-11-05 02:04 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-11-05 02:11 . 2010-11-05 02:04 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-11-05 02:11 . 2010-11-05 02:04 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-11-05 02:08 . 2010-11-05 02:09 -------- d-----w- c:\program files\Trend Micro
2010-10-30 22:46 . 2010-10-30 22:46 -------- d-----w- c:\users\New Computer\AppData\Roaming\ASCOMP Software
2010-10-30 22:46 . 2010-10-30 22:46 -------- d-----w- c:\program files\ASCOMP Software
2010-10-30 22:46 . 2009-07-20 10:52 1242552 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-10-30 20:42 . 2010-11-05 02:33 -------- d-----w- c:\program files\Sophos
2010-10-27 23:37 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 23:37 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 23:37 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 00:34 . 2010-10-26 00:34 -------- d-----w- c:\users\New Computer\AppData\Roaming\SUPERAntiSpyware.com
2010-10-26 00:34 . 2010-10-26 00:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-26 00:33 . 2010-10-26 00:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-26 00:30 . 2010-10-26 00:30 2400464 ----a-w- C:\MGtools.exe
2010-10-26 00:22 . 2010-10-30 16:24 -------- d-----w- c:\program files\DNA
2010-10-25 19:02 . 2010-09-15 10:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-24 23:32 . 2010-10-24 23:32 -------- d-----w- c:\program files\ESET
2010-10-24 19:46 . 2010-10-28 04:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-24 05:17 . 2010-10-24 05:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-23 21:59 . 2010-10-23 21:59 -------- d-----w- c:\programdata\WindowsSearch
2010-10-23 20:43 . 2010-10-23 20:43 -------- d-----w- c:\users\New Computer\AppData\Roaming\Malwarebytes
2010-10-23 17:25 . 2010-10-23 17:25 -------- d-----w- c:\programdata\Malwarebytes
2010-10-19 04:13 . 2010-10-20 03:59 -------- d-----w- c:\users\New Computer\.thinupload
2010-10-18 13:41 . 2010-10-23 04:32 -------- d-----w- c:\users\New Computer\AppData\Local\Trend Micro
2010-10-18 13:41 . 2010-10-20 23:23 -------- d-----w- c:\programdata\boost_interprocess
2010-10-12 20:45 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 20:44 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-12 20:44 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 20:43 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-12 20:43 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-12 20:43 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-12 20:43 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-12 20:43 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-12 20:43 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-12 20:43 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-12 20:43 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-12 20:43 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-09 19:56 . 2010-10-09 19:56 8192 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2010-10-09 19:56 . 2010-10-09 19:56 140864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2010-10-09 19:56 . 2010-10-09 19:56 98304 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2010-10-09 19:55 . 2010-10-09 19:55 -------- d-----w- c:\program files\Common Files\xing shared
2010-10-09 19:55 . 2010-10-09 19:55 569397 ----a-w- c:\program files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2010-10-09 19:54 . 2010-10-09 19:56 -------- d-----w- c:\program files\Real
2010-10-09 19:54 . 2010-10-09 19:56 -------- d-----w- c:\program files\Common Files\Real
2010-10-09 18:47 . 2010-10-09 18:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-07 22:59 . 2010-10-07 22:59 -------- d-----w- C:\3d324bd615dcd1831199e7b9a103

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 10:50 . 2010-04-30 16:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-10-27 23:37 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 23:37 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 23:37 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 23:37 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 15:15 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-11 00:33 . 2010-08-11 00:32 761 ----a-w- c:\windows\system32\drivers\etc\tmvsthfud.bin
2010-08-11 00:32 . 2010-08-11 00:32 761 ----a-w- c:\windows\system32\drivers\etc\tmvsthfss.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
2010-11-05 02:04 234832 ----a-w- c:\program files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WeatherEye"="c:\users\New Computer\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2009-10-27 718232]
"BitTorrent DNA"="c:\users\New Computer\Program Files\DNA\btdna.exe" [2010-03-10 323392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-07-12 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-07-12 131072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-09 202256]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-11-05 112632]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2010-11-05 1062224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-8 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-11-05 143952]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 136176]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-11-05 64080]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-11-05 284752]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\690F.tmp [x]
R3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [2008-02-15 136832]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [2009-03-06 138112]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 01:58]

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 01:58]

2010-11-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4232419160-3673180830-218952845-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-05 18:28
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\690F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-05 18:29:21
ComboFix-quarantined-files.txt 2010-11-06 00:29

Pre-Run: 72,786,354,176 bytes free
Post-Run: 72,797,696,000 bytes free

- - End Of File - - E9846C94930AEC39E151D9B903C2CF27

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:38 AM

Posted 05 November 2010 - 11:53 PM

Hi,


1. We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

DDS::
uURLSearchHooks: H - No File

Folder::
c:\programdata\Spybot - Search & Destroy

SecCenter::
{ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}


4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




2. We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 Jehlert

Jehlert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 06 November 2010 - 12:21 AM

OTL logfile created on: 11/5/2010 11:11:10 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\New Computer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 69.82 Gb Free Space | 29.99% Space Free | Partition Type: NTFS
Drive E: | 74.50 Gb Total Space | 45.98 Gb Free Space | 61.72% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: New Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/05 23:08:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\New Computer\Desktop\OTL.exe
PRC - [2010/11/04 20:05:04 | 000,112,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2010/10/09 13:54:55 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/10 17:12:01 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\New Computer\Program Files\DNA\btdna.exe
PRC - [2009/10/26 20:42:42 | 000,718,232 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\New Computer\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2009/04/11 00:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 00:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007/07/12 14:39:34 | 000,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2007/07/12 14:39:04 | 000,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe


========== Modules (SafeList) ==========

MOD - [2010/11/05 23:08:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\New Computer\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/01/19 01:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
MOD - [2006/11/02 06:34:30 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinput.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/25 22:49:30 | 000,196,320 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\690F.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\NEWCOM~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/11/04 20:04:46 | 000,284,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2010/11/04 20:04:46 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/11/04 20:04:46 | 000,143,952 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2010/11/04 20:04:46 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/11/04 20:04:46 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/11/04 20:04:46 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/05 18:22:56 | 000,138,112 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiH0BAC.sys -- (SaiH0BAC)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/15 17:51:22 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH0763.sys -- (SaiH0763)
DRV - [2008/01/18 23:53:31 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008/01/18 23:53:31 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008/01/18 23:53:28 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/07/12 20:22:50 | 000,035,072 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/07/12 20:22:50 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/02/21 13:49:47 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/02/21 13:49:47 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/02/21 13:49:47 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/05 23:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2007/01/05 23:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 01:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4232419160-3673180830-218952845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4232419160-3673180830-218952845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B B1 93 61 01 7A CB 01 [binary data]
IE - HKU\S-1-5-21-4232419160-3673180830-218952845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4232419160-3673180830-218952845-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4232419160-3673180830-218952845-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/09 13:56:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2010/11/04 20:11:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/28 21:59:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/30 09:13:51 | 000,000,000 | ---D | M]

[2010/10/30 09:13:35 | 000,000,000 | ---D | M] -- C:\Users\New Computer\AppData\Roaming\Mozilla\Extensions
[2010/02/02 21:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\New Computer\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/30 09:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/25 13:03:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/02 13:36:24 | 000,221,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\nppanda3d.dll

O1 HOSTS File: ([2010/11/05 18:28:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4232419160-3673180830-218952845-1000..\Run: [BitTorrent DNA] C:\Users\New Computer\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-4232419160-3673180830-218952845-1000..\Run: [WeatherEye] C:\Users\New Computer\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4232419160-3673180830-218952845-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4232419160-3673180830-218952845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\New Computer\Pictures\School Pic of Boys.jpg
O24 - Desktop BackupWallPaper: C:\Users\New Computer\Pictures\School Pic of Boys.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/05 23:08:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\New Computer\Desktop\OTL.exe
[2010/11/05 18:29:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/05 18:29:23 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Local\temp
[2010/11/05 18:28:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/05 18:20:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/05 18:20:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/05 18:20:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/05 18:20:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/05 18:18:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/05 18:18:31 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/11/04 20:36:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/04 20:36:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/04 20:27:33 | 000,284,752 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmwfp.sys
[2010/11/04 20:27:33 | 000,143,952 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmlwf.sys
[2010/11/04 20:12:19 | 000,092,112 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2010/11/04 20:11:39 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/11/04 20:11:39 | 000,080,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2010/11/04 20:11:39 | 000,064,080 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2010/11/04 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/04 20:00:20 | 000,000,000 | ---D | C] -- C:\Users\New Computer\Documents\mbam
[2010/11/03 21:21:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/30 16:46:29 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Roaming\ASCOMP Software
[2010/10/30 16:46:21 | 001,242,552 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll
[2010/10/30 16:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\ASCOMP Software
[2010/10/30 14:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/10/30 10:04:14 | 000,000,000 | ---D | C] -- C:\Users\New Computer\Documents\Registry Backup
[2010/10/30 09:11:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/30 09:09:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/27 17:37:21 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 17:37:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/27 17:37:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/25 18:34:17 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/25 18:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/25 18:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/25 18:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\DNA
[2010/10/25 13:02:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/25 13:02:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/25 13:02:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/24 17:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/24 13:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/23 23:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/23 15:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/10/23 14:43:13 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Roaming\Malwarebytes
[2010/10/23 11:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/23 09:24:14 | 000,000,000 | ---D | C] -- C:\Users\New Computer\Desktop\gmer
[2010/10/19 20:12:51 | 000,000,000 | R--D | C] -- C:\Users\New Computer\Music
[2010/10/18 22:13:43 | 000,000,000 | ---D | C] -- C:\Users\New Computer\.thinupload
[2010/10/18 07:41:30 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Local\Trend Micro
[2010/10/18 07:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2010/10/12 14:44:44 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/12 14:43:40 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/12 14:43:03 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/12 14:42:56 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/12 14:42:56 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/12 14:42:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/12 14:42:54 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/12 14:42:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/12 14:42:52 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/12 14:42:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/12 14:42:52 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/12 14:42:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/12 14:42:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/12 14:42:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/12 14:42:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/12 14:42:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/12 14:42:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/12 14:42:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/12 14:42:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/12 14:42:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/12 14:42:46 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/12 14:42:41 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/12 14:42:37 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/12 14:42:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/12 14:42:33 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/09 13:56:29 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/10/09 13:56:15 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/10/09 13:56:15 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/10/09 13:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/10/09 13:54:59 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/10/09 13:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/10/09 13:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/10/09 13:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/10/09 13:54:46 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Roaming\Real
[2010/10/09 12:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/09 12:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/10/07 16:59:20 | 000,000,000 | ---D | C] -- C:\3d324bd615dcd1831199e7b9a103
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/05 23:08:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\New Computer\Desktop\OTL.exe
[2010/11/05 22:53:46 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 22:53:46 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 22:15:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/05 21:15:49 | 000,088,576 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/05 19:00:53 | 000,611,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/05 19:00:53 | 000,106,840 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/05 18:54:29 | 000,037,589 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/05 18:54:28 | 000,037,589 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/05 18:53:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 18:53:37 | 000,252,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/05 18:53:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/05 18:28:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/05 18:15:01 | 003,903,800 | R--- | M] () -- C:\Users\New Computer\Desktop\ComboFix.exe
[2010/11/04 20:12:50 | 000,001,107 | ---- | M] () -- C:\Users\New Computer\Desktop\Trend Micro Titanium Internet Security.lnk
[2010/11/04 20:04:46 | 000,284,752 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmwfp.sys
[2010/11/04 20:04:46 | 000,189,520 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/11/04 20:04:46 | 000,143,952 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmlwf.sys
[2010/11/04 20:04:46 | 000,092,112 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2010/11/04 20:04:46 | 000,080,464 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2010/11/04 20:04:46 | 000,064,080 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2010/11/04 14:27:32 | 000,108,544 | ---- | M] () -- C:\Users\New Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/03 22:14:19 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-4232419160-3673180830-218952845-1000.job
[2010/11/03 21:20:58 | 298,147,884 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/02 12:50:03 | 000,080,384 | ---- | M] () -- C:\Users\New Computer\Desktop\MBRCheck.exe
[2010/10/30 16:04:48 | 000,061,440 | ---- | M] () -- C:\Users\New Computer\Documents\November Media Schedule.doc
[2010/10/30 11:04:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/10/30 09:18:13 | 000,001,356 | ---- | M] () -- C:\Users\New Computer\AppData\Local\d3d9caps.dat
[2010/10/25 18:30:55 | 002,400,464 | ---- | M] () -- C:\MGtools.exe
[2010/10/24 15:22:29 | 000,000,036 | ---- | M] () -- C:\Users\New Computer\AppData\Local\housecall.guid.cache
[2010/10/23 09:22:30 | 000,286,404 | ---- | M] () -- C:\Users\New Computer\Desktop\gmer.zip
[2010/10/23 09:12:55 | 000,545,280 | ---- | M] () -- C:\Users\New Computer\Desktop\dds.scr
[2010/10/23 09:11:39 | 000,000,000 | ---- | M] () -- C:\Users\New Computer\defogger_reenable
[2010/10/23 09:10:48 | 000,050,477 | ---- | M] () -- C:\Users\New Computer\Desktop\Defogger.exe
[2010/10/22 22:07:14 | 000,000,698 | ---- | M] () -- C:\Users\New Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/12 16:35:02 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/10/09 13:56:29 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/10/09 13:56:15 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/10/09 13:56:15 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/10/09 13:54:59 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/05 18:20:19 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/05 18:20:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/05 18:20:19 | 000,088,576 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/05 18:20:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/05 18:20:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/05 18:14:51 | 003,903,800 | R--- | C] () -- C:\Users\New Computer\Desktop\ComboFix.exe
[2010/11/04 20:12:41 | 000,001,107 | ---- | C] () -- C:\Users\New Computer\Desktop\Trend Micro Titanium Internet Security.lnk
[2010/11/03 22:14:19 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-4232419160-3673180830-218952845-1000.job
[2010/11/03 21:20:58 | 298,147,884 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/02 12:50:03 | 000,080,384 | ---- | C] () -- C:\Users\New Computer\Desktop\MBRCheck.exe
[2010/10/30 16:04:24 | 000,061,440 | ---- | C] () -- C:\Users\New Computer\Documents\November Media Schedule.doc
[2010/10/27 21:30:17 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/25 18:30:54 | 002,400,464 | ---- | C] () -- C:\MGtools.exe
[2010/10/23 09:22:29 | 000,286,404 | ---- | C] () -- C:\Users\New Computer\Desktop\gmer.zip
[2010/10/23 09:12:55 | 000,545,280 | ---- | C] () -- C:\Users\New Computer\Desktop\dds.scr
[2010/10/23 09:11:39 | 000,000,000 | ---- | C] () -- C:\Users\New Computer\defogger_reenable
[2010/10/23 09:10:47 | 000,050,477 | ---- | C] () -- C:\Users\New Computer\Desktop\Defogger.exe
[2010/10/22 22:49:05 | 000,000,036 | ---- | C] () -- C:\Users\New Computer\AppData\Local\housecall.guid.cache
[2010/06/23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/05/02 22:30:54 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/06 15:34:31 | 000,000,393 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/05 20:24:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/04 21:48:19 | 000,000,093 | ---- | C] () -- C:\Windows\R300.ini
[2010/02/02 23:05:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/02 22:48:12 | 000,108,544 | ---- | C] () -- C:\Users\New Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/02 22:42:37 | 000,000,188 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/02/02 20:55:23 | 000,037,589 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/02/02 20:55:23 | 000,037,589 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/02 20:35:01 | 000,001,356 | ---- | C] () -- C:\Users\New Computer\AppData\Local\d3d9caps.dat
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/05 18:22:56 | 000,851,968 | ---- | C] () -- C:\Windows\System32\SaiC0BAC.Dll
[2009/03/05 18:22:56 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0C.dll
[2009/03/05 18:22:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_10.dll
[2009/03/05 18:22:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0A.dll
[2009/03/05 18:22:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_07.dll
[2009/03/05 18:22:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_09.dll
[2009/03/05 18:22:56 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0402.dll
[2009/03/05 18:22:56 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_11.dll
[2008/02/15 17:51:22 | 000,831,488 | ---- | C] () -- C:\Windows\System32\SaiC0763.Dll
[2008/02/15 17:51:22 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0763_0C.dll
[2008/02/15 17:51:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0763_10.dll
[2008/02/15 17:51:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0763_0A.dll
[2008/02/15 17:51:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0763_07.dll
[2008/02/15 17:51:22 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0763_09.dll
[2008/02/15 17:51:22 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0763_0402.dll
[2008/02/15 17:51:22 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0763_11.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/05/15 17:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002/05/04 07:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[2002/04/21 12:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/04/19 08:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\System32\libpostproc.dll
[2002/04/19 07:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2002/04/01 16:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2002/04/01 16:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/04/01 16:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2001/06/22 05:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MPEG2DEC.dll

< End of report >


OTL Extras logfile created on: 11/5/2010 11:11:10 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\New Computer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 69.82 Gb Free Space | 29.99% Space Free | Partition Type: NTFS
Drive E: | 74.50 Gb Total Space | 45.98 Gb Free Space | 61.72% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: New Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4232419160-3673180830-218952845-1000\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ADC2BB3-8533-42A3-B8DF-C6B2E0E605E5}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{10EAAC02-014D-46FE-A511-51BCB37934EA}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{1DAD2385-A362-4745-8263-D02795B766BB}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{203C7ECB-23D5-49FE-A305-22F697619F8C}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{358C48D4-B90B-43AA-9AC8-96FCA9C46960}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{3D0F138D-C1FB-44EB-8F0F-5025C2A75413}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{61CE643D-7282-447F-A153-25B2288B13EF}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{66E0280B-7314-4925-B41C-B885B8548134}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{6972DBD6-0646-4B54-AE0B-C27F9FBDF4B0}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{6F9F8A1B-0860-463E-A9BB-4C75E16079B9}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{B6F275E6-6587-4FE3-BD90-336A90A81945}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{FF309F73-2B13-43FE-9160-D251F45644B7}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{1791ED18-1288-4B88-BB1D-51406A2738DC}C:\users\new computer\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\new computer\program files\dna\btdna.exe |
"TCP Query User{BD66B080-E993-483D-ADE1-C389F8C08C51}C:\users\new computer\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\new computer\program files\dna\btdna.exe |
"UDP Query User{2BFE7E62-489F-4AF0-AAEF-83100F923B23}C:\users\new computer\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\new computer\program files\dna\btdna.exe |
"UDP Query User{DF1396E8-7B37-404F-BCC9-B23841412BB4}C:\users\new computer\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\new computer\program files\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{696A666D-7CB6-40f6-B394-BD3EEDAA2B99}" = HP Scanjet G3010 and 4370 9.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{960B5908-CB3C-439A-9BEA-1C920DD81F3C}" = Saitek SD6 Programming Software 6.0.7.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Internet Security
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{AF92749E-BC99-47e0-8968-D4420896A64A}" = Quicken 2009
"{B9272341-39C4-40D6-8B31-54D85409116F}" = hpg3010
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C012BF9F-79EA-4601-9778-BFE9B3CE83A1}" = hpg3010QFolder
"{C25D2512-3136-4B33-9D32-8F0F5E81F349}" = MGTEK dopisp
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC0C2C2-921F-4EB8-8D7E-4F2F03ED02AA}" = ScannerCopy
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX Setup
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"Graboid Video" = Graboid Video 1.71
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"Silent Package Run-Time Sample" = EPSON SPR300 Reference Guide
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.0.1
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WinZip" = WinZip
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4232419160-3673180830-218952845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"WeatherEye" = WeatherEye

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/4/2010 10:27:51 PM | Computer Name = Dell | Source = System Restore | ID = 8193
Description =

Error - 11/4/2010 11:36:16 PM | Computer Name = Dell | Source = Windows Backup | ID = 4104
Description =

Error - 11/5/2010 8:04:27 PM | Computer Name = Dell | Source = EventSystem | ID = 4609
Description =

Error - 11/5/2010 8:17:20 PM | Computer Name = Dell | Source = EventSystem | ID = 4609
Description =

Error - 11/5/2010 8:27:29 PM | Computer Name = Dell | Source = EventSystem | ID = 4609
Description =

Error - 11/5/2010 8:29:01 PM | Computer Name = Dell | Source = EventSystem | ID = 4609
Description =

Error - 11/5/2010 11:32:31 PM | Computer Name = Dell | Source = SPP | ID = 16387
Description =

Error - 11/5/2010 11:32:31 PM | Computer Name = Dell | Source = System Restore | ID = 8193
Description =

Error - 11/5/2010 11:32:31 PM | Computer Name = Dell | Source = System Restore | ID = 8210
Description =

Error - 11/6/2010 12:49:44 AM | Computer Name = Dell | Source = Windows Backup | ID = 4104
Description =

[ System Events ]
Error - 4/2/2010 11:19:17 AM | Computer Name = Dell | Source = Print | ID = 19
Description = The print spooler failed to share printer HP DeskJet 656c with shared
resource name HP DeskJet 656c. Error 2114. The printer cannot be used by others
on the network.

Error - 4/2/2010 11:19:17 AM | Computer Name = Dell | Source = Print | ID = 19
Description = The print spooler failed to share printer Epson Stylus Photo R300
(M) with shared resource name Epson Stylus Photo R300 (M). Error 2114. The printer
cannot be used by others on the network.

Error - 4/3/2010 7:07:59 PM | Computer Name = Dell | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:06:43 PM on 4/3/2010 was unexpected.

Error - 4/3/2010 7:08:02 PM | Computer Name = Dell | Source = Print | ID = 19
Description = The print spooler failed to share printer HP DeskJet 656c with shared
resource name HP DeskJet 656c. Error 2114. The printer cannot be used by others
on the network.

Error - 4/4/2010 7:31:21 PM | Computer Name = Dell | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:12:02 PM on 4/4/2010 was unexpected.

Error - 4/4/2010 7:31:25 PM | Computer Name = Dell | Source = Print | ID = 19
Description = The print spooler failed to share printer HP DeskJet 656c with shared
resource name HP DeskJet 656c. Error 2114. The printer cannot be used by others
on the network.

Error - 4/5/2010 9:12:25 AM | Computer Name = Dell | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:51:17 PM on 4/4/2010 was unexpected.

Error - 4/6/2010 12:15:01 PM | Computer Name = Dell | Source = Print | ID = 19
Description = The print spooler failed to share printer HP DeskJet 656c with shared
resource name HP DeskJet 656c. Error 2114. The printer cannot be used by others
on the network.

Error - 4/6/2010 12:15:01 PM | Computer Name = Dell | Source = Print | ID = 19
Description = The print spooler failed to share printer Epson Stylus Photo R300
(M) with shared resource name Epson Stylus Photo R300 (M). Error 2114. The printer
cannot be used by others on the network.

Error - 4/10/2010 5:35:35 PM | Computer Name = Dell | Source = Print | ID = 19
Description = The print spooler failed to share printer HP DeskJet 656c with shared
resource name HP DeskJet 656c. Error 2114. The printer cannot be used by others
on the network.


< End of report >


I did exactly as instructed with the script change in ComboFix with no results. It still will not open without going to safe mode which I did not try. It gets as far as requesting permission to allow (the usual stupid Vista request) and then nothing happens.
Jody

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:38 AM

Posted 06 November 2010 - 12:44 AM

Please run the Combofix script in safe mode.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 Jehlert

Jehlert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 06 November 2010 - 10:04 AM

ComboFix 10-11-05.05 - New Computer 11/06/2010 8:39.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2667 [GMT -6:00]
Running from: c:\users\New Computer\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Trend Micro Internet Security *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-11-06 14:46 . 2010-11-06 14:46 -------- d-----w- c:\users\New Computer\AppData\Local\temp
2010-11-06 14:46 . 2010-11-06 14:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-05 02:36 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-05 02:36 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-05 02:27 . 2010-11-05 02:04 284752 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2010-11-05 02:27 . 2010-11-05 02:04 143952 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2010-11-05 02:12 . 2010-11-05 02:04 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-11-05 02:11 . 2010-11-05 02:04 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-11-05 02:11 . 2010-11-05 02:04 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-11-05 02:11 . 2010-11-05 02:04 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-11-05 02:08 . 2010-11-05 02:09 -------- d-----w- c:\program files\Trend Micro
2010-10-30 22:46 . 2010-10-30 22:46 -------- d-----w- c:\users\New Computer\AppData\Roaming\ASCOMP Software
2010-10-30 22:46 . 2010-10-30 22:46 -------- d-----w- c:\program files\ASCOMP Software
2010-10-30 22:46 . 2009-07-20 10:52 1242552 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-10-30 20:42 . 2010-11-05 02:33 -------- d-----w- c:\program files\Sophos
2010-10-27 23:37 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 23:37 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 23:37 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 00:34 . 2010-10-26 00:34 -------- d-----w- c:\users\New Computer\AppData\Roaming\SUPERAntiSpyware.com
2010-10-26 00:34 . 2010-10-26 00:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-26 00:33 . 2010-10-26 00:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-26 00:30 . 2010-10-26 00:30 2400464 ----a-w- C:\MGtools.exe
2010-10-26 00:22 . 2010-10-30 16:24 -------- d-----w- c:\program files\DNA
2010-10-25 19:02 . 2010-09-15 10:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-24 23:32 . 2010-10-24 23:32 -------- d-----w- c:\program files\ESET
2010-10-24 19:46 . 2010-10-28 04:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-24 05:17 . 2010-10-24 05:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-23 21:59 . 2010-10-23 21:59 -------- d-----w- c:\programdata\WindowsSearch
2010-10-23 20:43 . 2010-10-23 20:43 -------- d-----w- c:\users\New Computer\AppData\Roaming\Malwarebytes
2010-10-23 17:25 . 2010-10-23 17:25 -------- d-----w- c:\programdata\Malwarebytes
2010-10-19 04:13 . 2010-10-20 03:59 -------- d-----w- c:\users\New Computer\.thinupload
2010-10-18 13:41 . 2010-10-23 04:32 -------- d-----w- c:\users\New Computer\AppData\Local\Trend Micro
2010-10-18 13:41 . 2010-10-20 23:23 -------- d-----w- c:\programdata\boost_interprocess
2010-10-12 20:45 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 20:44 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-12 20:44 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 20:43 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-12 20:43 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-12 20:43 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-12 20:43 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-12 20:43 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-12 20:43 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-12 20:43 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-12 20:43 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-12 20:43 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-09 19:56 . 2010-10-09 19:56 8192 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2010-10-09 19:56 . 2010-10-09 19:56 140864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2010-10-09 19:56 . 2010-10-09 19:56 98304 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2010-10-09 19:55 . 2010-10-09 19:55 -------- d-----w- c:\program files\Common Files\xing shared
2010-10-09 19:55 . 2010-10-09 19:55 569397 ----a-w- c:\program files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2010-10-09 19:54 . 2010-10-09 19:56 -------- d-----w- c:\program files\Real
2010-10-09 19:54 . 2010-10-09 19:56 -------- d-----w- c:\program files\Common Files\Real
2010-10-09 18:47 . 2010-10-09 18:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-07 22:59 . 2010-10-07 22:59 -------- d-----w- C:\3d324bd615dcd1831199e7b9a103

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 10:50 . 2010-04-30 16:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-10-27 23:37 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 23:37 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 23:37 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 23:37 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 15:15 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-11 00:33 . 2010-08-11 00:32 761 ----a-w- c:\windows\system32\drivers\etc\tmvsthfud.bin
2010-08-11 00:32 . 2010-08-11 00:32 761 ----a-w- c:\windows\system32\drivers\etc\tmvsthfss.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
2010-11-05 02:04 234832 ----a-w- c:\program files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WeatherEye"="c:\users\New Computer\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2009-10-27 718232]
"BitTorrent DNA"="c:\users\New Computer\Program Files\DNA\btdna.exe" [2010-03-10 323392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-07-12 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-07-12 131072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-09 202256]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-11-05 112632]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2010-11-05 1062224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-8 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-11-05 143952]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 136176]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-11-05 64080]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-11-05 284752]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\690F.tmp [x]
R3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [2008-02-15 136832]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [2009-03-06 138112]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 01:58]

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 01:58]

2010-11-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4232419160-3673180830-218952845-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Malwarebytes' Anti-Malware_is1 - h:\malwarebytes' anti-malware\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 08:46
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\690F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-06 08:48:15
ComboFix-quarantined-files.txt 2010-11-06 14:48
ComboFix2.txt 2010-11-06 00:29

Pre-Run: 74,758,946,816 bytes free
Post-Run: 74,658,156,544 bytes free

- - End Of File - - 5D3F51B7EF30DABA7C799FD601F0A4C1


ComboFix 10-11-05.05 - New Computer 11/06/2010 8:52.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2502 [GMT -6:00]
Running from: c:\users\New Computer\Desktop\ComboFix.exe
Command switches used :: c:\users\New Computer\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Trend Micro Internet Security *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Logs\Resident.log
c:\programdata\Spybot - Search & Destroy\Logs\Update downloads.log
c:\programdata\Spybot - Search & Destroy\ProcCache.sbc

.
((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-11-06 14:55 . 2010-11-06 14:55 -------- d-----w- c:\users\New Computer\AppData\Local\temp
2010-11-06 14:55 . 2010-11-06 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-05 02:36 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-05 02:36 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-05 02:27 . 2010-11-05 02:04 284752 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2010-11-05 02:27 . 2010-11-05 02:04 143952 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2010-11-05 02:12 . 2010-11-05 02:04 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-11-05 02:11 . 2010-11-05 02:04 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-11-05 02:11 . 2010-11-05 02:04 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-11-05 02:11 . 2010-11-05 02:04 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-11-05 02:08 . 2010-11-05 02:09 -------- d-----w- c:\program files\Trend Micro
2010-10-30 22:46 . 2010-10-30 22:46 -------- d-----w- c:\users\New Computer\AppData\Roaming\ASCOMP Software
2010-10-30 22:46 . 2010-10-30 22:46 -------- d-----w- c:\program files\ASCOMP Software
2010-10-30 22:46 . 2009-07-20 10:52 1242552 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-10-30 20:42 . 2010-11-05 02:33 -------- d-----w- c:\program files\Sophos
2010-10-27 23:37 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 23:37 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 23:37 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 00:34 . 2010-10-26 00:34 -------- d-----w- c:\users\New Computer\AppData\Roaming\SUPERAntiSpyware.com
2010-10-26 00:34 . 2010-10-26 00:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-26 00:33 . 2010-10-26 00:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-26 00:30 . 2010-10-26 00:30 2400464 ----a-w- C:\MGtools.exe
2010-10-26 00:22 . 2010-10-30 16:24 -------- d-----w- c:\program files\DNA
2010-10-25 19:02 . 2010-09-15 10:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-24 23:32 . 2010-10-24 23:32 -------- d-----w- c:\program files\ESET
2010-10-24 05:17 . 2010-10-24 05:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-23 21:59 . 2010-10-23 21:59 -------- d-----w- c:\programdata\WindowsSearch
2010-10-23 20:43 . 2010-10-23 20:43 -------- d-----w- c:\users\New Computer\AppData\Roaming\Malwarebytes
2010-10-23 17:25 . 2010-10-23 17:25 -------- d-----w- c:\programdata\Malwarebytes
2010-10-19 04:13 . 2010-10-20 03:59 -------- d-----w- c:\users\New Computer\.thinupload
2010-10-18 13:41 . 2010-10-23 04:32 -------- d-----w- c:\users\New Computer\AppData\Local\Trend Micro
2010-10-18 13:41 . 2010-10-20 23:23 -------- d-----w- c:\programdata\boost_interprocess
2010-10-12 20:45 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 20:44 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-12 20:44 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-12 20:43 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-12 20:43 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-12 20:43 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-12 20:43 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-12 20:43 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-12 20:43 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-12 20:43 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-12 20:43 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-12 20:43 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-09 19:56 . 2010-10-09 19:56 8192 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2010-10-09 19:56 . 2010-10-09 19:56 140864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2010-10-09 19:56 . 2010-10-09 19:56 98304 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2010-10-09 19:55 . 2010-10-09 19:55 -------- d-----w- c:\program files\Common Files\xing shared
2010-10-09 19:55 . 2010-10-09 19:55 569397 ----a-w- c:\program files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2010-10-09 19:54 . 2010-10-09 19:56 -------- d-----w- c:\program files\Real
2010-10-09 19:54 . 2010-10-09 19:56 -------- d-----w- c:\program files\Common Files\Real
2010-10-09 18:47 . 2010-10-09 18:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-07 22:59 . 2010-10-07 22:59 -------- d-----w- C:\3d324bd615dcd1831199e7b9a103

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 10:50 . 2010-04-30 16:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 16:33 . 2010-10-27 23:37 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 23:37 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 23:37 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 23:37 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 15:15 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-11 00:33 . 2010-08-11 00:32 761 ----a-w- c:\windows\system32\drivers\etc\tmvsthfud.bin
2010-08-11 00:32 . 2010-08-11 00:32 761 ----a-w- c:\windows\system32\drivers\etc\tmvsthfss.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
2010-11-05 02:04 234832 ----a-w- c:\program files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WeatherEye"="c:\users\New Computer\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2009-10-27 718232]
"BitTorrent DNA"="c:\users\New Computer\Program Files\DNA\btdna.exe" [2010-03-10 323392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-07-12 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-07-12 131072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-09 202256]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-11-05 112632]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2010-11-05 1062224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-8 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-11-05 143952]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 136176]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-11-05 64080]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-11-05 284752]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\690F.tmp [x]
R3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [2008-02-15 136832]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [2009-03-06 138112]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 01:58]

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 01:58]

2010-11-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4232419160-3673180830-218952845-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 08:55
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\690F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-06 08:56:59
ComboFix-quarantined-files.txt 2010-11-06 14:56
ComboFix2.txt 2010-11-06 14:48
ComboFix3.txt 2010-11-06 00:29

Pre-Run: 74,679,345,152 bytes free
Post-Run: 74,654,507,008 bytes free

- - End Of File - - E7CD35450D62AF55CCD6FD5259CC851C


So I ran ComboFix in Safe Mode the first time not realizing that the script I added outside of safe mode did not work (I think) so I moved the script into ComboFix within safe mode and that is the second log posted.
Jody

#12 Jehlert

Jehlert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 06 November 2010 - 10:08 AM

With the trouble that Spybot seems to be having, is it worthwhile in your opinion to keep? Is it best to stick to one Malware program, or what do you recommend?

#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:38 AM

Posted 06 November 2010 - 11:14 AM

Hi,

Spybot S&D is more than an AntiSpyware Program, it includes many features that are really helpful so you will stay protected. I will still recommend to continue its use, please read this tutorial -> http://www.bleepingcomputer.com/tutorials/using-spybot-to-remove-spyware/


======================================================


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 Jehlert

Jehlert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 06 November 2010 - 06:53 PM

Ran ESET as requested and had No Threats Found so there is no file to report.
Jody

#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:38 AM

Posted 06 November 2010 - 09:52 PM

Hi,

How's the PC running? Still having issue/s?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users