Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I was asked to start a new topic...


  • This topic is locked This topic is locked
10 replies to this topic

#1 usfjosh

usfjosh

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 22 May 2011 - 04:19 PM

I was asked to start a new post with some information. Here is my previous post:

Posted 18 May 2011 - 10:58 AM
Two days ago I got an Antimal Doctor Virus or Malware, not sure of the exact definition. Being fairly computer savy I started going through steps in order to remove it myself, thinking it would be very easy. After reading many different forums (mostly from this site) I downloaded Malwarebytes and used that utility. It seemed like everything worked well, except all of a sudden my google search results were being redirected, so I started working on that. I ended up running two more programs, ATF-Cleaner and TDSSkiller. After running both of those programs I had a new virus issue, I believe it was called babylon. More reading forums and I ran Hijack this, but did not delete anything. At this point it seems like my computer is clean, but I want to know if there is a way to make sure before I plug back into my work LAN network. I appologize if I took too many steps or did them out of order, I was trying to fix this issue myself and want to make sure I didn't make it worse. I currently have the following programs downloaded:

CCleaner
Malwarebytes
TDSSkiller
AFT Cleaner
Hijack This (did not delete anything from this)
Combo Fix

Thank you so much for your help


DDS:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Run by jrjohans at 14:12:31 on 2011-05-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.2304 [GMT -4:00]
.
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {1F383481-F70E-4E7A-8B69-C4B4A23928E4}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\15\stacsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\F5InstallerService.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\PIPC\BIN\pilogsrv.exe
C:\Program Files\PIPC\BIN\pinetmgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\PIPC\BIN\pimsgss.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtwTracePktWpp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Downloaded Program Files\CacheCleaner.exe
C:\WINDOWS\Downloaded Program Files\TunnelServer.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\jrjohans\My Documents\Downloads\dds.com
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by Mosaic
uStart Page = https://employee.mosaicco.com
uDefault_Page_URL = https://employee.mosaicco.com
mDefault_Page_URL = https://employee.mosaicco.com
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [F5 Networks Cleaner] rundll32.exe c:\windows\downlo~1\CACHEC~1.DLL,Run BROWSER:MSIE URL:vpn2.mosaicco.com
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
dRun: [ISUSPM] "c:\documents and settings\all users\application data\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: cargill.com\hrdirect
Trusted Zone: cargill.com\smaccess.ds
Trusted Zone: mosaicco.com\alsharepoint
Trusted Zone: mosaicco.com\fim
Trusted Zone: mosaicco.com\it
Trusted Zone: mosaicco.com\mgts
Trusted Zone: mosaicco.com\ps1.pmo
Trusted Zone: mosaicco.com\sites.project
Trusted Zone: mosaicco.com\wdsharepoint
Trusted Zone: mosaicco.com\webmail
Trusted Zone: mosaicco.com\www.pmo
Trusted Zone: wdwebprd2
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - c:\windows\temp\f5tmp\cachecleaner.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - c:\windows\temp\f5tmp\urxvpn.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\windows\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\windows\temp\f5tmp\InstallerControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294924462002
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1294924455909
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\windows\temp\f5tmp\urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\windows\temp\f5tmp\urxhost.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jrjohans\application data\mozilla\firefox\profiles\8y6m3kvg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.baynews9.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.50611.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2011-3-2 17072]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 F5 Networks Component Installer;F5 Networks Component Installer;c:\windows\system32\F5InstallerService.exe [2009-10-6 244152]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2011-3-2 60928]
R2 Intelligent Response Agent;Intelligent Response Agent;c:\program files\mandiant\mandiant intelligent response agent\miragent.exe -service -servicename intelligent response agent --> c:\program files\mandiant\mandiant intelligent response agent\miragent.exe -service -servicename Intelligent Response Agent [?]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2011-5-15 104960]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-3-2 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-3-2 113664]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2011-1-12 167080]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-3-2 132352]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-3-2 215040]
R3 Mandiant_Tools;Mandiant_Tools;c:\documents and settings\all users\application data\mandiant\mandiant intelligent response agent\mktools.sys [2011-3-2 19920]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2009-10-9 33920]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2011-5-15 14336]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2011-3-2 32808]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2011-3-3 10752]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\bin\ONRSD.EXE [2000-10-19 411244]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-05-19 15:34:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-19 15:34:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-19 15:34:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-19 02:43:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-19 02:43:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-19 02:43:17 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-05-19 02:34:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 02:24:16 -------- d-----w- c:\documents and settings\jrjohans\local settings\application data\Secunia PSI
2011-05-19 02:24:11 -------- d-----w- c:\program files\Secunia
2011-05-18 17:53:15 -------- d-----w- c:\documents and settings\jrjohans\Tracing
2011-05-18 14:23:18 -------- d-----w- c:\documents and settings\jrjohans\local settings\application data\WeatherBug
2011-05-18 14:23:09 18944 ----a-r- c:\documents and settings\jrjohans\application data\microsoft\installer\{8f018a9e-56de-4a79-a5ef-25f413f1d538}\IconBB6A16301.exe
2011-05-18 14:23:09 -------- d-----w- c:\documents and settings\jrjohans\application data\WeatherBug
2011-05-18 14:21:57 -------- d-----w- c:\documents and settings\all users\application data\AOL Toolbar
2011-05-18 14:20:04 -------- d-----w- c:\documents and settings\jrjohans\application data\kikin
2011-05-18 14:19:06 -------- d-----w- c:\program files\Ploose
2011-05-18 00:58:48 -------- d-----w- c:\documents and settings\jrjohans\application data\Malwarebytes
2011-05-18 00:58:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-15 20:11:24 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras
2011-05-15 20:09:10 -------- d-----r- c:\program files\Skype
2011-05-15 17:03:57 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-05-15 17:03:57 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-05-15 17:03:57 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-05-15 17:03:57 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-05-15 17:03:57 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-05-15 17:03:56 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-05-15 17:03:56 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-05-15 17:03:56 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2011-05-15 17:03:56 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-05-15 17:02:12 -------- d-----w- c:\program files\HP Button Manager
2011-05-15 17:01:58 -------- d-----w- c:\documents and settings\jrjohans\local settings\application data\ArcSoft
2011-05-15 17:00:56 -------- d-----w- c:\documents and settings\all users\application data\ArcSoft
2011-05-15 17:00:45 245408 ----a-w- c:\windows\system32\unicows.dll
2011-05-15 17:00:43 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2011-05-15 17:00:36 14336 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2011-05-15 17:00:35 55808 ----a-w- c:\windows\system32\ArcSoftKsUFilter.dll
2011-05-15 16:58:03 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-05-15 16:58:03 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-05-15 16:58:03 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2011-05-15 16:58:03 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-05-15 16:58:00 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-05-07 12:15:23 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-07 12:15:23 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-07 12:15:22 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-07 12:15:22 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-07 12:15:22 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-07 12:15:21 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-07 12:15:21 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-07 12:15:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-06 14:57:04 732 ----a-w- c:\windows\system32\drivers\etc\urhE.tmp
2011-05-05 10:25:44 732 ----a-w- c:\windows\system32\drivers\etc\urh34.tmp
2011-05-04 13:10:47 -------- d-----w- c:\documents and settings\jrjohans\application data\PC-FAX TX
2011-05-02 10:29:57 732 ----a-w- c:\windows\system32\drivers\etc\urh2BF.tmp
2011-04-27 14:09:52 -------- d-----w- c:\documents and settings\jrjohans\application data\Elluminate
.
==================== Find3M ====================
.
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 21:10:02 3313664 ----a-w- c:\windows\system32\stlang.dll
2011-03-02 21:10:01 1656246 ----a-w- c:\windows\system32\drivers\sthda.sys
2011-03-02 21:10:00 540773 ----a-w- c:\windows\system32\stacapi.dll
2011-03-02 21:10:00 175616 ----a-w- c:\windows\system32\st326261.dll
2011-03-02 20:49:44 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-03-02 20:49:43 12288 ----a-w- c:\windows\EvtMessage.dll
2011-03-02 20:49:43 109122 ----a-w- c:\windows\system32\Vxdif.dll
2011-03-02 20:49:39 255096 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-03-02 20:48:24 65536 ----a-w- c:\windows\system32\wltrynt.dll
2011-03-02 20:48:24 25088 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2011-03-02 20:48:23 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2011-03-02 20:48:23 2670592 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2011-03-02 20:48:23 2498560 ----a-w- c:\windows\system32\WLTRAY.EXE
2011-03-02 20:48:22 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2011-03-02 20:48:22 143360 ----a-w- c:\windows\system32\preflib.dll
2011-03-02 20:48:21 2649216 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2011-03-02 20:48:17 303104 ----a-w- c:\windows\system32\bcmwlu00.exe
2011-03-02 20:48:17 2232320 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2011-03-02 20:48:16 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2011-03-02 20:48:16 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2011-03-02 20:47:50 5431296 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2011-03-02 20:47:50 155648 ----a-w- c:\windows\system32\bcmwlapi.dll
2011-03-02 20:47:49 831488 ----a-w- c:\windows\system32\BCMLogon.dll
2011-03-02 20:47:49 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2011-03-02 20:38:41 483328 ----a-w- c:\windows\system32\sapfcpl.cpl
2011-03-02 20:37:43 95744 ----a-w- c:\windows\system32\h5rtf32.dll
2011-03-02 20:37:43 51200 ----a-w- c:\windows\system32\h5tool32.dll
2011-03-02 20:37:43 175616 ----a-w- c:\windows\system32\h5menu32.dll
2011-03-02 20:37:43 1064960 ----a-w- c:\windows\system32\h5krnl32.dll
2011-03-02 20:37:42 188928 ----a-w- c:\windows\system32\h5icon32.dll
2011-03-02 20:37:42 114688 ----a-w- c:\windows\system32\h5dlg32.dll
2011-03-02 20:36:37 1228800 ----a-w- c:\windows\system32\wdba.dll
2011-03-02 20:26:04 1127760 ----a-w- c:\windows\system32\btrez.dll
2011-03-02 20:25:46 47656 ----a-w- c:\windows\system32\drivers\btwusb.sys
2011-03-02 20:25:45 92072 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2011-03-02 20:25:40 909736 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2011-03-02 20:25:38 556200 ----a-w- c:\windows\system32\drivers\btaudio.sys
.
============= FINISH: 14:12:43.98 ===============

DDS, Attatch

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/2/2011 3:17:32 PM
System Uptime: 5/21/2011 12:05:48 PM (26 hours ago)
.
Motherboard: Dell Inc. | | 04373Y
Processor: Intel Pentium II processor | CPU 1 | 1460/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 107.456 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {09E9A11D-CCB2-45AE-9BE8-65C263E60490}
Description: Broadcom USH CV w/o Fingerprint Sensor
Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000
Manufacturer: Broadcom Corporation
Name: Broadcom USH CV w/o Fingerprint Sensor
PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000
Service: cvusbdrv
.
Class GUID: {50DD5230-BA8A-11D1-BF5D-0000F805F530}
Description: USB Smart Card reader
Device ID: USB\VID_0A5C&PID_5800&MI_01\7&66DE6C9&0&0001
Manufacturer: USB CCID Compliant
Name: USB Smart Card reader
PNP Device ID: USB\VID_0A5C&PID_5800&MI_01\7&66DE6C9&0&0001
Service: USBCCID
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Terminal Server Device Redirector
Device ID: ROOT\RDPDR\0000
Manufacturer: (Standard system devices)
Name: Terminal Server Device Redirector
PNP Device ID: ROOT\RDPDR\0000
Service: rdpdr
.
==== System Restore Points ===================
.
RP1: 5/19/2011 7:59:55 AM - System Checkpoint
RP2: 5/20/2011 11:14:51 AM - System Checkpoint
RP3: 5/21/2011 12:53:21 PM - System Checkpoint
RP4: 5/21/2011 2:13:07 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
AccelerometerP11
Adobe Acrobat 9 Pro
Adobe Acrobat 9.4.4 - CPSID_83708
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
AutoCAD 2010 - English
AutoCAD 2010 Language Pack - English
Autodesk Design Review 2010
Bonjour
Brother MFL-Pro Suite MFC-6890CDW
CCleaner
Citrix Presentation Server Client
Client
Configuration Manager Client
Critical Update for Windows Media Player 11 (KB959772)
CutePDFWriter
Dell Touchpad
DW WLAN Card Utility
FirePass Component Installer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB981128)
HP Button Manager
HP Webcam User's Guide
iTunes
Java Auto Updater
Java™ 6 Update 24
KIP Request 6
Livelink Explorer Professional 4.8.6
Malwarebytes' Anti-Malware
MANDIANT Intelligent Response Agent
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Forefront Endpoint Protection 2010
Microsoft Forefront Endpoint Protection 2010 Server Management
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft Security Client
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft® Windows NT® Operating System
Minitab 15 English
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML4.0 redistributable
OIS
OSIsoft MS Runtime Redistributables
PI DataLink 3.1.3
PI ProcessBook 3.1.0.1
PI ProcessBook SVG Add-In 3.1.0.1
PI Software Development Kit (PI-SDK)
PowerDVD
QuickTime
RDC
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
SAP Business Explorer
SAP GUI 7.10
Secunia PSI (2.0.0.3003)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Skype Toolbars
Skype™ 5.3
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Visual Studio 2005 Tools for Office Second Edition Runtime
WebFldrs XP
WIDCOMM Bluetooth Software
WIMGAPI
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
5/21/2011 12:06:52 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 78E40083E5DE has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
5/20/2011 5:12:51 PM, error: NETLOGON [5719] - No Domain Controller is available for domain MNA due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
5/19/2011 9:16:28 AM, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding
5/18/2011 4:21:17 PM, error: Service Control Manager [7034] - The PIPC Log Server service terminated unexpectedly. It has done this 1 time(s).
5/18/2011 4:21:17 PM, error: Service Control Manager [7034] - The PI Network Manager service terminated unexpectedly. It has done this 1 time(s).
5/18/2011 4:21:17 PM, error: Service Control Manager [7034] - The PI Message Subsystem service terminated unexpectedly. It has done this 1 time(s).
5/18/2011 4:21:17 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
5/18/2011 4:21:17 PM, error: Service Control Manager [7034] - The F5 Networks Component Installer service terminated unexpectedly. It has done this 1 time(s).
5/18/2011 4:21:17 PM, error: Service Control Manager [7034] - The CamMonitor service terminated unexpectedly. It has done this 1 time(s).
5/18/2011 4:21:17 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
5/18/2011 4:21:17 PM, error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
5/18/2011 4:21:17 PM, error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).
5/18/2011 4:21:17 PM, error: Service Control Manager [7031] - The SMS Agent Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/18/2011 4:21:17 PM, error: Service Control Manager [7031] - The Intelligent Response Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/18/2011 4:21:17 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/18/2011 4:21:17 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/18/2011 12:30:20 AM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
5/18/2011 12:30:20 AM, error: Service Control Manager [7023] - The Intel CPU service terminated with the following error: The specified module could not be found.
5/18/2011 12:04:47 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 atapi cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o Fips hpn i2omp ini910u IntelIde intelppm MpFilter mraid35x ohci1394 PCIIde perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
5/18/2011 11:35:25 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
5/18/2011 11:35:19 AM, error: SRService [104] - The System Restore initialization process failed.
5/18/2011 11:30:16 AM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).
5/18/2011 11:30:16 AM, error: Service Control Manager [7034] - The FF Install Filter Service service terminated unexpectedly. It has done this 1 time(s).
5/18/2011 11:30:16 AM, error: Service Control Manager [7034] - The DW WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
5/18/2011 10:35:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/18/2011 10:35:36 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DC28D12E-B065-4EE4-9468-899D8C47B856} to the user MNA\jrjohans SID (S-1-5-21-1599442949-3460341375-2447778116-39965). This security permission can be modified using the Component Services administrative tool.
5/18/2011 10:35:36 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {A8889E84-14D9-43D0-813A-249BFFE193C2} to the user MNA\jrjohans SID (S-1-5-21-1599442949-3460341375-2447778116-39965). This security permission can be modified using the Component Services administrative tool.
5/17/2011 9:44:00 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
5/17/2011 9:05:34 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/17/2011 9:05:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
5/17/2011 9:04:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 atapi cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x PCIIde perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
5/17/2011 8:56:36 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
5/17/2011 8:54:17 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 78E40083E5DE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/17/2011 8:52:33 AM, error: NETLOGON [5719] - No Domain Controller is available for domain MNA due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
5/17/2011 8:18:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
5/17/2011 8:17:41 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {B07C1D3E-637B-4C71-BC2F-06665F376A59} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
5/17/2011 8:17:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/17/2011 8:17:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/17/2011 12:16:55 AM, error: Microsoft Antimalware [2001] -
5/16/2011 8:09:52 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
5/16/2011 5:28:27 PM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
5/16/2011 10:19:51 AM, error: Dhcp [1002] - The IP address lease 128.62.194.182 for the Network Card with network address 78E40083E5DE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/16/2011 10:18:52 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 78E40083E5DE has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/15/2011 3:51:35 PM, error: Dhcp [1002] - The IP address lease 192.168.1.8 for the Network Card with network address 78E40083E5DE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


GMER

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-22 17:18:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.01.0
Running: gmer.exe; Driver: C:\DOCUME~1\jrjohans\LOCALS~1\Temp\kxlcrpob.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\jrjohans\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[536] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104C7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[536] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104C7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\system32\SearchIndexer.exe[544] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[972] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[972] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 32920DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3527F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E352777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3527BB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E352703 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35273D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352831 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1224] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3529F3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3160] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3160] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 32920DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Files - GMER 1.0.15 ----

ADS C:\WINDOWS\KIX32.EXE:WDCTXPRD2.2 237568 bytes executable
ADS C:\WINDOWS\KIX32.EXE:WDCTXPRD2.3 237568 bytes executable

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:08 AM

Posted 30 May 2011 - 06:29 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 usfjosh

usfjosh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 30 May 2011 - 06:42 PM

I am here. Thank you.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:08 AM

Posted 30 May 2011 - 07:00 PM

The Antimalware Doctor rogue is not a nice one as you probably realise. We need to run Combofix but the one you have downloaded may be out of date, depending on when you downloaded it. Please run the program and if it asks you to update then say Yes and run it. If it does not ask for an update then uninstall it

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Disable any realtime antivirus or antispyware programs.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Now download a fresh copy

Please download ComboFix from one of these locations:
Posted Image
m0le is a proud member of UNITE

#5 usfjosh

usfjosh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 30 May 2011 - 07:45 PM

I was unable to disable microsoft forefront, it is a work computer so i don't know if I have the correct access.

ComboFix 11-05-30.06 - jrjohans 05/30/2011 20:17:04.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.2085 [GMT -4:00]
Running from: c:\documents and settings\jrjohans\My Documents\Downloads\ComboFix.exe
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {1F383481-F70E-4E7A-8B69-C4B4A23928E4}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
.
----- BITS: Possible infected sites -----
.
hxxp://nasccmprd1.mna.corp.********.com:8540
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-26 14:21 . 2011-05-26 14:21 -------- d-----w- c:\documents and settings\jrjohans\Local Settings\Application Data\IsolatedStorage
2011-05-19 15:34 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-19 15:34 . 2011-05-19 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-19 15:34 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-19 02:43 . 2011-05-19 02:43 -------- d-----w- c:\program files\Common Files\Java
2011-05-19 02:43 . 2011-05-19 02:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-19 02:43 . 2011-05-19 02:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-19 02:43 . 2011-05-19 02:43 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-19 02:34 . 2011-05-19 02:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 02:24 . 2011-05-19 02:24 -------- d-----w- c:\documents and settings\jrjohans\Local Settings\Application Data\Secunia PSI
2011-05-19 02:24 . 2011-05-19 02:24 -------- d-----w- c:\program files\Secunia
2011-05-18 17:53 . 2011-05-30 20:52 -------- d-----w- c:\documents and settings\jrjohans\Tracing
2011-05-18 14:23 . 2011-05-18 14:23 -------- d-----w- c:\documents and settings\jrjohans\Local Settings\Application Data\WeatherBug
2011-05-18 14:23 . 2011-05-18 14:23 18944 ----a-r- c:\documents and settings\jrjohans\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-05-18 14:23 . 2011-05-18 14:23 -------- d-----w- c:\documents and settings\jrjohans\Application Data\WeatherBug
2011-05-18 14:21 . 2011-05-18 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Toolbar
2011-05-18 14:20 . 2011-05-18 15:45 -------- d-----w- c:\documents and settings\jrjohans\Application Data\kikin
2011-05-18 14:19 . 2011-05-18 14:23 -------- d-----w- c:\program files\Ploose
2011-05-18 00:58 . 2011-05-18 00:58 -------- d-----w- c:\documents and settings\jrjohans\Application Data\Malwarebytes
2011-05-18 00:58 . 2011-05-18 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-15 20:11 . 2011-05-20 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-05-15 20:11 . 2011-05-20 00:11 -------- d-----w- c:\documents and settings\jrjohans\Application Data\skypePM
2011-05-15 20:10 . 2011-05-20 02:40 -------- d-----w- c:\documents and settings\jrjohans\Application Data\Skype
2011-05-15 20:09 . 2011-05-15 20:09 -------- d-----w- c:\program files\Common Files\Skype
2011-05-15 20:09 . 2011-05-15 20:10 -------- d-----r- c:\program files\Skype
2011-05-15 20:09 . 2011-05-15 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-05-15 17:03 . 2008-04-14 09:42 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-05-15 17:03 . 2008-04-14 09:42 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-05-15 17:03 . 2008-04-14 09:42 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-05-15 17:03 . 2008-04-14 09:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-05-15 17:03 . 2008-04-14 09:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-05-15 17:03 . 2008-04-14 09:42 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-05-15 17:03 . 2008-04-14 09:42 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-05-15 17:03 . 2008-04-14 04:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2011-05-15 17:03 . 2008-04-14 04:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-05-15 17:02 . 2011-05-15 17:02 -------- d-----w- c:\program files\HP Button Manager
2011-05-15 17:01 . 2011-05-15 17:01 -------- d-----w- c:\documents and settings\jrjohans\Local Settings\Application Data\ArcSoft
2011-05-15 17:01 . 2011-05-15 23:52 -------- d-----w- c:\documents and settings\jrjohans\Application Data\ArcSoft
2011-05-15 17:00 . 2011-05-15 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2011-05-15 17:00 . 2005-04-27 20:36 245408 ----a-w- c:\windows\system32\unicows.dll
2011-05-15 17:00 . 1995-07-31 17:44 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2011-05-15 17:00 . 2008-04-25 09:06 14336 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2011-05-15 17:00 . 2008-04-26 01:06 55808 ----a-w- c:\windows\system32\ArcSoftKsUFilter.dll
2011-05-15 17:00 . 2011-05-15 17:00 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-05-15 17:00 . 2011-05-15 17:01 -------- d-----w- c:\program files\ArcSoft
2011-05-15 16:58 . 2001-09-05 08:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-05-15 16:58 . 2001-09-05 08:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-05-15 16:58 . 2001-09-05 08:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-05-15 16:58 . 2001-09-05 08:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-05-15 16:58 . 2010-04-01 19:43 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-05-07 12:15 . 2011-05-07 12:15 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-07 12:15 . 2011-05-07 12:15 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-07 12:15 . 2011-05-07 12:15 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-07 12:15 . 2011-05-07 12:15 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-07 12:15 . 2011-05-07 12:15 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-07 12:15 . 2011-05-07 12:15 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-07 12:15 . 2011-05-07 12:15 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-07 12:15 . 2011-05-07 12:15 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-06 14:57 . 2011-05-06 14:57 732 ----a-w- c:\windows\system32\drivers\etc\urhE.tmp
2011-05-05 10:25 . 2011-05-05 10:25 732 ----a-w- c:\windows\system32\drivers\etc\urh34.tmp
2011-05-04 13:10 . 2011-05-04 13:10 -------- d-----w- c:\documents and settings\jrjohans\Application Data\PC-FAX TX
2011-05-02 10:29 . 2011-05-02 10:29 732 ----a-w- c:\windows\system32\drivers\etc\urh2BF.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33 . 2011-01-12 20:17 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2011-01-12 21:04 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2011-01-12 21:04 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 21:10 . 2011-03-02 20:12 3313664 ----a-w- c:\windows\system32\stlang.dll
2011-03-02 21:10 . 2011-03-02 21:10 1656246 ----a-w- c:\windows\system32\drivers\sthda.sys
2011-03-02 21:10 . 2011-03-02 21:10 540773 ----a-w- c:\windows\system32\stacapi.dll
2011-03-02 21:10 . 2011-03-02 21:10 175616 ----a-w- c:\windows\system32\st326261.dll
2011-03-02 21:09 . 2011-03-02 20:12 11870301 ----a-w- c:\windows\system32\idtsg.cpl
2011-03-02 21:09 . 2011-03-02 20:12 737280 ----a-w- c:\windows\system32\AESTFltr.exe
2011-03-02 21:09 . 2011-03-02 20:12 253952 ----a-w- c:\windows\system32\AESTCtrl.cpl
2011-03-02 21:09 . 2011-03-02 21:10 113664 ----a-w- c:\windows\system32\drivers\AESTAud.sys
2011-03-02 21:09 . 2011-03-02 21:10 29184 ----a-w- c:\windows\system32\drivers\usbccid.sys
2011-03-02 21:09 . 2011-03-02 21:10 215040 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2011-03-02 21:09 . 2011-03-02 21:10 1418792 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-03-02 21:09 . 2011-03-02 21:10 32808 ----a-w- c:\windows\system32\drivers\cvusbdrv.sys
2011-03-02 21:09 . 2011-03-02 21:10 57344 ----a-w- c:\windows\system32\igxprd32.dll
2011-03-02 21:09 . 2011-03-02 21:10 3767808 ----a-w- c:\windows\system32\igxpdx32.dll
2011-03-02 21:09 . 2011-03-02 21:10 1914144 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2011-03-02 21:09 . 2011-03-02 21:10 183808 ----a-w- c:\windows\system32\igxpgd32.dll
2011-03-02 21:09 . 2011-03-02 21:10 81920 ----a-w- c:\windows\system32\igfxCoIn_v5225.dll
2011-03-02 21:09 . 2011-03-02 21:10 3226048 ----a-w- c:\windows\system32\igxpdv32.dll
2011-03-02 21:09 . 2011-03-02 21:10 56832 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-03-02 21:09 . 2011-03-02 21:10 265752 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-03-02 21:09 . 2011-03-02 21:10 141848 ----a-w- c:\windows\system32\igfxtray.exe
2011-03-02 21:09 . 2011-03-02 21:10 283648 ----a-w- c:\windows\system32\igfxrptb.lrc
2011-03-02 21:09 . 2011-03-02 21:10 284672 ----a-w- c:\windows\system32\igfxrfra.lrc
2011-03-02 21:09 . 2011-03-02 21:10 284160 ----a-w- c:\windows\system32\igfxrita.lrc
2011-03-02 21:09 . 2011-03-02 21:10 280576 ----a-w- c:\windows\system32\igfxrkor.lrc
2011-03-02 21:09 . 2011-03-02 21:10 280576 ----a-w- c:\windows\system32\igfxrjpn.lrc
2011-03-02 21:09 . 2011-03-02 21:10 9030656 ----a-w- c:\windows\system32\igfxress.dll
2011-03-02 21:09 . 2011-03-02 21:10 284672 ----a-w- c:\windows\system32\igfxresn.lrc
2011-03-02 21:09 . 2011-03-02 21:10 284160 ----a-w- c:\windows\system32\igfxrdeu.lrc
2011-03-02 21:09 . 2011-03-02 21:10 283136 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-03-02 21:09 . 2011-03-02 21:10 279552 ----a-w- c:\windows\system32\igfxrcht.lrc
2011-03-02 21:09 . 2011-03-02 21:10 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-03-02 21:09 . 2011-03-02 21:10 279552 ----a-w- c:\windows\system32\igfxrchs.lrc
2011-03-02 21:09 . 2011-03-02 21:10 23552 ----a-w- c:\windows\system32\igfxexps.dll
2011-03-02 21:09 . 2011-03-02 21:10 199680 ----a-w- c:\windows\system32\igfxpph.dll
2011-03-02 21:09 . 2011-03-02 21:10 177688 ----a-w- c:\windows\system32\igfxext.exe
2011-03-02 21:09 . 2011-03-02 21:10 144920 ----a-w- c:\windows\system32\igfxpers.exe
2011-03-02 21:09 . 2011-03-02 21:10 130560 ----a-w- c:\windows\system32\igfxdo.dll
2011-03-02 21:09 . 2011-03-02 21:10 213504 ----a-w- c:\windows\system32\igfxdev.dll
2011-03-02 21:09 . 2011-03-02 21:10 119808 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-03-02 21:09 . 2011-03-02 21:10 6060544 ----a-w- c:\windows\system32\ig4icd32.dll
2011-03-02 21:09 . 2011-03-02 21:10 94720 ----a-w- c:\windows\system32\hccutils.dll
2011-03-02 21:09 . 2011-03-02 21:10 4016128 ----a-w- c:\windows\system32\ig4dev32.dll
2011-03-02 21:09 . 2011-03-02 21:10 3118104 ----a-w- c:\windows\system32\GfxUI.exe
2011-03-02 21:09 . 2011-03-02 21:10 174104 ----a-w- c:\windows\system32\hkcmd.exe
2011-03-02 21:09 . 2011-03-02 21:10 120832 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-03-02 21:09 . 2011-03-02 21:10 132352 ----a-w- c:\windows\system32\drivers\Impcd.sys
2011-03-02 21:09 . 2011-03-02 21:10 106557 ----a-w- c:\windows\system32\btw_ci.dll
2011-03-02 20:49 . 2011-03-02 20:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-03-02 20:49 . 2011-03-02 20:50 12288 ----a-w- c:\windows\EvtMessage.dll
2011-03-02 20:49 . 2011-03-02 20:49 109122 ----a-w- c:\windows\system32\Vxdif.dll
2011-03-02 20:49 . 2011-03-02 20:49 255096 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-03-02 20:48 . 2011-03-02 20:48 65536 ----a-w- c:\windows\system32\wltrynt.dll
2011-03-02 20:48 . 2011-03-02 20:48 25088 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2011-03-02 20:48 . 2011-03-02 20:48 2498560 ----a-w- c:\windows\system32\WLTRAY.EXE
2011-03-02 20:48 . 2011-03-02 20:48 2670592 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2011-03-02 20:48 . 2011-01-13 19:47 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2011-03-02 20:48 . 2011-03-02 20:48 143360 ----a-w- c:\windows\system32\preflib.dll
2011-03-02 20:48 . 2011-01-13 19:47 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2011-03-02 20:48 . 2011-01-13 19:47 2649216 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2011-03-02 20:48 . 2011-03-02 20:48 303104 ----a-w- c:\windows\system32\bcmwlu00.exe
2011-03-02 20:48 . 2011-03-02 20:48 2232320 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2011-03-02 20:48 . 2011-03-02 20:48 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2011-03-02 20:48 . 2011-03-02 20:48 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2011-03-02 20:47 . 2011-03-02 20:48 5431296 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2011-03-02 20:47 . 2011-03-02 20:48 155648 ----a-w- c:\windows\system32\bcmwlapi.dll
2011-03-02 20:47 . 2011-03-02 20:49 831488 ----a-w- c:\windows\system32\BCMLogon.dll
2011-03-02 20:47 . 2011-03-02 20:48 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2011-03-02 20:40 . 2011-03-02 20:41 15872 ----a-w- c:\windows\system32\vtssm32.dll
2011-03-02 20:40 . 2011-03-02 20:41 533504 ----a-w- c:\windows\system32\vtssdl32.dll
2011-03-02 20:40 . 2011-03-02 20:42 4251648 ----a-w- c:\windows\system32\librfc32u.dll
2011-03-02 20:40 . 2011-03-02 20:42 102400 ----a-w- c:\windows\system32\libsapu16vc80.dll
2011-03-02 20:40 . 2011-03-02 20:42 8847360 ----a-w- c:\windows\system32\icudt34.dll
2011-03-02 20:40 . 2011-03-02 20:42 835584 ----a-w- c:\windows\system32\icuuc34.dll
2011-03-02 20:40 . 2011-03-02 20:42 733184 ----a-w- c:\windows\system32\icuin34.dll
2011-03-02 20:40 . 2011-03-02 20:41 1654784 ----a-w- c:\windows\system32\SAPbtmp.dll
2011-03-02 20:40 . 2011-03-02 20:41 67376 ----a-w- c:\windows\system32\sysinfo.ocx
2011-03-02 20:40 . 2011-03-02 20:41 153600 ----a-w- c:\windows\system32\tlbinf32.dll
2011-03-02 20:40 . 2011-03-02 20:41 203976 ----a-w- c:\windows\system32\richtx32.ocx
2011-03-02 20:40 . 2011-03-02 20:41 640512 ----a-w- c:\windows\system32\oc30.dll
2011-03-02 20:40 . 2011-03-02 20:41 94208 ----a-w- c:\windows\system32\msstkprp.dll
2011-03-02 20:40 . 2011-03-02 20:41 244232 ----a-w- c:\windows\system32\msflxgrd.ocx
2011-03-02 20:40 . 2011-03-02 20:41 262152 ----a-w- c:\windows\system32\msdatgrd.ocx
2011-03-02 20:40 . 2011-03-02 20:41 94744 ----a-w- c:\windows\system32\grid32.ocx
2011-03-02 20:40 . 2011-03-02 20:41 133904 ----a-w- c:\windows\system32\mfcans32.dll
2011-03-02 20:40 . 2011-03-02 20:41 414944 ----a-w- c:\windows\system32\comct332.ocx
2011-03-02 20:40 . 2011-03-02 20:41 164144 ----a-w- c:\windows\system32\comct232.ocx
2011-03-02 20:38 . 2011-03-02 20:41 483328 ----a-w- c:\windows\system32\sapfcpl.cpl
2011-03-02 20:37 . 2011-03-02 20:41 95744 ----a-w- c:\windows\system32\h5rtf32.dll
2011-03-02 20:37 . 2011-03-02 20:41 51200 ----a-w- c:\windows\system32\h5tool32.dll
2011-03-02 20:37 . 2011-03-02 20:41 175616 ----a-w- c:\windows\system32\h5menu32.dll
2011-03-02 20:37 . 2011-03-02 20:41 1064960 ----a-w- c:\windows\system32\h5krnl32.dll
2011-03-02 20:37 . 2011-03-02 20:41 188928 ----a-w- c:\windows\system32\h5icon32.dll
2011-05-07 12:15 . 2011-05-07 12:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-03-02 495711]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2011-03-02 737280]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2011-03-02 2498560]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-02 288112]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2011-03-07 5150560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-11-20 632160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 22:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-01-31 04:36 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-10-11 22:42 1085440 ----a-r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]
2011-03-07 17:43 5150560 ----a-w- c:\program files\Microsoft Office Communicator\communicator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 22:57 86016 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 21:41 222128 ----a-w- c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 22:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 18:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MANDIANT\\MANDIANT Intelligent Response Agent\\miragent.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [3/2/2011 4:22 PM 17072]
R2 F5 Networks Component Installer;F5 Networks Component Installer;c:\windows\system32\F5InstallerService.exe [10/6/2009 3:27 PM 244152]
R2 Intelligent Response Agent;Intelligent Response Agent;c:\program files\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe -service -servicename Intelligent Response Agent --> c:\program files\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe -service -servicename Intelligent Response Agent [?]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [5/15/2011 1:00 PM 104960]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [3/2/2011 4:22 PM 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [3/2/2011 5:10 PM 113664]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [1/12/2011 5:05 PM 167080]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [3/2/2011 5:10 PM 132352]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [3/2/2011 5:10 PM 215040]
R3 Mandiant_Tools;Mandiant_Tools;c:\documents and settings\All Users\Application Data\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys [3/2/2011 4:03 PM 19920]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [10/9/2009 11:15 PM 33920]
S2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [3/2/2011 4:22 PM 60928]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [5/15/2011 1:00 PM 14336]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [3/2/2011 5:10 PM 32808]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [3/3/2011 10:35 PM 10752]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\bin\ONRSD.EXE [10/19/2000 12:55 PM 411244]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = https://employee.********.com
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -

Trusted Zone: wdwebprd2
FF - ProfilePath - c:\documents and settings\jrjohans\Application Data\Mozilla\Firefox\Profiles\8y6m3kvg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.baynews9.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 2
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-30 20:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\KIX32.EXE:WDCTXPRD2.2 237568 bytes executable
c:\windows\KIX32.EXE:WDCTXPRD2.3 237568 bytes executable
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-05-30 20:23:08
ComboFix-quarantined-files.txt 2011-05-31 00:23
.
Pre-Run: 114,730,577,920 bytes free
Post-Run: 114,759,073,792 bytes free
.
- - End Of File - - 84B67D52CA0556E6F36B052E3C2829FF

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:08 AM

Posted 31 May 2011 - 01:58 PM

Please now visit ESET and run an online scan

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#7 usfjosh

usfjosh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 01 June 2011 - 03:34 PM

The scan found no issues and said no threats were found.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:08 AM

Posted 01 June 2011 - 07:12 PM

Excellent. Is the machine running well?
Posted Image
m0le is a proud member of UNITE

#9 usfjosh

usfjosh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 01 June 2011 - 10:05 PM

Yes I have not noticed any issues, I just wanted to make sure there wasn't something hidden or sleeping that would come back on later. When I look through the logs these things make me wonder...

2011-05-18 14:23 . 2011-05-18 14:23 -------- d-----w- c:\documents and settings\jrjohans\Local Settings\Application Data\WeatherBug

2011-05-18 14:23 . 2011-05-18 14:23 -------- d-----w- c:\documents and settings\jrjohans\Application Data\WeatherBug

Microsoft Antimalware

EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/17/2011 12:16:55 AM, error: Microsoft Antimalware [2001]

I am not sure what was causing the redirect.

The computer seems to be working fine, I really just wanted to make sure there wasn't still something there. If you think everything is good then I am ready to close this case. Thanks.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:08 AM

Posted 02 June 2011 - 05:23 PM

Weatherbug is a legitimate program which sits in the system tray and tells you the outside weather temperature. Great, if you need to know the temperature outside, I guess. :P

I saw the Microsoft Antimalware error and that is a DCOM error which is very common for malware as it esssentially network communication. The error message isn't very specific but it could be connected to the issues you had been having.

As to the cause of the redirects:

----- BITS: Possible infected sites -----

hxxp://nasccmprd1.mna.corp.********.com:8540



and this:

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat


This is used by the legitimate BITS process which Combofix removes to kill any infection.


You're ready to clear up though now.

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it usfjosh, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:08 AM

Posted 07 June 2011 - 09:06 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users