Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Redirect Virus


  • This topic is locked This topic is locked
20 replies to this topic

#1 Turvy

Turvy

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 08 August 2011 - 11:25 PM

Hi -

I am struggling with removing this nasty virus. I have tried every single thing that i have read regarding fixing the redirect problem. The problem began with my antivirus software avast giving me error messages saying "avast has blocked a potentially harmful site" whenever i click on google links or links from other websites. Then i disabled avast and started receiving the same error from ms security essentials. Later i started getting redirected whenever i clicked on any google site. I have run avast, malwarebytes, hitmanpro 3.5, Microsoft security essentials, tdsskiller, spybot s&d, spywareblaster, gmer (which crashes and gives me the bsod) and immunet protect. All these programs tell me that my system is clean and there are no viruses or spyware present. However, when i click on a search link from google, i automatically get redirected to an ad site. I have also tried flushing my dns and clearing temp and cache files. All to no avail.

I even downloaded and tried running combofix, but when i run it, i get a warning message saying that i have my antivirus programs running although i have them disabled and when it does run, i get an error saying "nircmd cannot be found by combofix". I downloaded Hijackthis, but i can make sense of its output.

I'm at my wits end and i need help please!

Thanks.

Turvy

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:00 AM

Posted 12 August 2011 - 05:53 PM

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Turvy

Turvy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 15 August 2011 - 09:55 AM

Hi. Thanks for your response and help.

Here is the output from DDS.txt and attached the file "attach.txt"Attached File  Attach.txt   9.53KB   0 downloads

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_26
Run by Tim at 10:41:38 on 2011-08-15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1682 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Immunet Protect *Disabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Immunet Protect\2.0.17\iptray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Novatel Wireless\Mobilink\Lite.exe
C:\Program Files\McAfee Security Scan\2.1.119\SSScheduler.exe
C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Security Scan\2.1.119\McUICnt.exe
C:\Users\Tim\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: MRI_DISABLED - No File
BHO: AcroIEHelperStub - No File
BHO: SmartSelect - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e161807a-1857-44a6-ab57-d988e14d6379} - c:\windows\system32\atmfd32.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: MRI_DISABLED - No File
uRun: [Google Update] "c:\users\tim\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MobiLink Lite] c:\program files\novatel wireless\mobilink\Lite.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [cdloader] "c:\users\tim\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\tim\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tim\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\securi~1.lnk - c:\program files\mcafee security scan\2.1.119\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{2BC6A3A5-4E93-4F27-A9FA-84EC0C5D3A70} : DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DhcpNameServer = 192.168.2.1 68.87.73.246 68.87.71.230
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tim\appdata\roaming\mozilla\firefox\profiles\bt5kp6ku.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51778
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\tim\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\users\tim\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\tim\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XUL Cache: {39be5bb7-3584-426c-8e9c-87c0a3f68dc0} - %profile%\extensions\{39be5bb7-3584-426c-8e9c-87c0a3f68dc0}
FF - Ext: NoRedirect: {c1970c0d-dbe6-4d91-804f-c9c0de643a57} - %profile%\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-21 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-21 309848]
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-7-21 41424]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-7-21 31184]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslb78f272d;MpKslb78f272d;c:\programdata\microsoft\microsoft antimalware\definition updates\{05b37b5c-23a3-407b-b538-7c2749800869}\MpKslb78f272d.sys [2011-8-11 28752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-21 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-21 54104]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 143360]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-8 1153368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-20 22712]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-20 366640]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.119\McCHSvc.exe [2010-3-8 227232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-10-12 99200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S4 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-21 42184]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
S4 ImmunetProtect;Immunet Protect;c:\program files\immunet protect\2.0.17\agent.exe [2011-7-21 756680]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
.
=============== Created Last 30 ================
.
2011-08-11 07:24:14 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{05b37b5c-23a3-407b-b538-7c2749800869}\MpKslb78f272d.sys
2011-08-11 05:34:36 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{05b37b5c-23a3-407b-b538-7c2749800869}\mpengine.dll
2011-08-10 03:06:17 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-05 00:09:31 -------- d-s---w- C:\ComboFix
2011-08-05 00:08:50 98816 ----a-w- c:\windows\sed.exe
2011-08-05 00:08:50 518144 ----a-w- c:\windows\SWREG.exe
2011-08-05 00:08:50 256000 ----a-w- c:\windows\PEV.exe
2011-08-05 00:08:50 208896 ----a-w- c:\windows\MBR.exe
2011-08-04 04:48:32 -------- d-----w- c:\program files\SpywareBlaster
2011-08-04 04:35:17 -------- d-----w- c:\program files\Trend Micro
2011-08-02 02:59:04 -------- d-----w- C:\Uninstall
2011-08-02 02:55:12 -------- d-s---w- C:\uninstall.exe
2011-07-26 03:02:58 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-07-26 03:02:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-21 04:42:37 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-21 04:42:35 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-21 04:41:01 40112 ----a-w- c:\windows\avastSS.scr
2011-07-21 04:37:17 -------- d-----w- c:\users\tim\appdata\local\Immunet
2011-07-21 04:37:17 -------- d-----w- c:\programdata\Immunet
2011-07-21 04:36:57 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-07-21 04:36:51 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-07-21 04:36:25 -------- d-----w- c:\program files\Immunet Protect
2011-07-20 22:19:53 -------- d-----w- c:\users\tim\appdata\roaming\Malwarebytes
2011-07-20 22:19:41 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-20 22:19:39 -------- d-----w- c:\programdata\Malwarebytes
2011-07-20 22:19:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-20 22:19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-20 22:03:53 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-20 22:03:30 -------- d-----w- c:\programdata\Hitman Pro
2011-07-20 05:09:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-20 05:04:41 -------- d-----w- c:\program files\Lavasoft
2011-07-20 00:03:49 -------- d-----w- c:\program files\Bonjour
2011-07-17 01:21:29 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-07-16 19:01:20 -------- d-----w- c:\programdata\AVAST Software
2011-07-16 19:01:20 -------- d-----w- c:\program files\AVAST Software
.
==================== Find3M ====================
.
2011-07-18 01:52:39 66 ----a-w- c:\users\tim\appdata\roaming\isfree4_1.tmp
2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 12:59:29 2042368 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:43:22.00 ===============

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:00 AM

Posted 15 August 2011 - 10:00 AM

Hi,

The DDS Log is showing that there are three antivirus products installed:

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Immunet Protect *Disabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}

Having more than one antivirus can cause conflicts, system slowdowns and crashes, please uninstall two of them.

I see ComboFix has been run on this system, was it recent?

If so please post the ComboFix Log(s) it can be found at c:\combofix.txt

(older logs can be located at c:\qoobox\combofix2.txt)

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Turvy

Turvy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 15 August 2011 - 10:14 AM

Ok. Just uninstalled avast and immunet.

I was not successful in running Combofix. Kept getting an "Nircmd cannot be found" error. The folder "c:\qoobox\combofix2.txt" does not exist on my pc.

Thanks

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:00 AM

Posted 15 August 2011 - 10:45 AM

OK,were you able to run aswMBR from my previous post?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Turvy

Turvy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 15 August 2011 - 11:13 AM

Ran MBR the first time and got a BSOD. Here are the results of the second attempt:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-15 12:11:37
-----------------------------
12:11:37.657 OS Version: Windows 6.0.6001 Service Pack 1
12:11:37.658 Number of processors: 2 586 0x170A
12:11:37.659 ComputerName: TIM-PC UserName: Tim
12:11:40.245 Initialize success
12:11:53.152 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:11:53.156 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
12:11:55.161 Disk 0 MBR read successfully
12:11:55.164 Disk 0 MBR scan
12:11:55.168 Disk 0 unknown MBR code
12:11:55.174 Disk 0 scanning sectors +625135616
12:11:55.250 Disk 0 scanning C:\Windows\system32\drivers
12:12:02.119 Service scanning
12:12:03.260 Service MpKsl493c53b9 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{504487E1-B0E8-4BAF-AE49-610BF87D4215}\MpKsl493c53b9.sys **LOCKED** 32
12:12:03.268 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
12:12:04.037 Modules scanning
12:12:09.631 Disk 0 trace - called modules:
12:12:09.672 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS ndis.sys athr.sys
12:12:09.680 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86cd25c8]
12:12:09.689 3 CLASSPNP.SYS[805ca745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x854d0ba0]
12:12:09.699 Scan finished successfully
12:12:49.412 Disk 0 MBR has been saved successfully to "C:\Users\Tim\Desktop\MBR.dat"
12:12:49.422 The log file has been saved successfully to "C:\Users\Tim\Desktop\aswMBR.txt"


Thanks.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:00 AM

Posted 15 August 2011 - 12:08 PM

Hi

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Turvy

Turvy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 15 August 2011 - 03:52 PM

Ran the tool. No infections found..

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:00 AM

Posted 15 August 2011 - 04:23 PM

OK,

Please download a fresh copy of ComboFix,(if you still have the old copy on your desktop > right click and delete it) make certain all your security programs are disabled as it sounds as though you AV interfered with the download the first time

try running it in safe mode of it wont run in normal mode:


ComboFix



To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Turvy

Turvy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 15 August 2011 - 04:54 PM

Heres the log from combo fix:

ComboFix 11-08-15.07 - Tim 08/15/2011 17:37:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1644 [GMT -4:00]
Running from: c:\users\Tim\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\uninstall.exe
c:\uninstall.exe\023.dat
c:\uninstall.exe\023v.dat
c:\uninstall.exe\023w7.dat
c:\uninstall.exe\AppDataFile.cfx
c:\uninstall.exe\AppDataFolder.cfx
c:\uninstall.exe\appinit.bad
c:\uninstall.exe\asp.str
c:\uninstall.exe\Assoc.cmd
c:\uninstall.exe\ATTRIB.cfxxe
c:\uninstall.exe\Auto-RC.cmd
c:\uninstall.exe\av.cmd
c:\uninstall.exe\av.vbs
c:\uninstall.exe\AWF.cmd
c:\uninstall.exe\badclsid.c
c:\uninstall.exe\Boot-Rk.cmd
c:\uninstall.exe\Boot.bat
c:\uninstall.exe\BootDrv.vbs
c:\uninstall.exe\c.bat
c:\uninstall.exe\c.mrk
c:\uninstall.exe\Catch-sub.cmd
c:\uninstall.exe\catchme.cfxxe
c:\uninstall.exe\CCS.bat
c:\uninstall.exe\CF-Script.cmd
c:\uninstall.exe\CF489.cfxxe
c:\uninstall.exe\CHCP.bat
c:\uninstall.exe\clsid.c
c:\uninstall.exe\cmd.cfxxe
c:\uninstall.exe\Combobatch.bat
c:\uninstall.exe\ComboFix-Download.cfxxe
c:\uninstall.exe\Create.cmd
c:\uninstall.exe\Creg.dat
c:\uninstall.exe\CregC.cmd
c:\uninstall.exe\CregC.dat
c:\uninstall.exe\CSCRIPT.cfxxe
c:\uninstall.exe\CSet.cmd
c:\uninstall.exe\dd.cfxxe
c:\uninstall.exe\ddsDo.sed
c:\uninstall.exe\DelClsid.bat
c:\uninstall.exe\DelClsid64.bat
c:\uninstall.exe\desktop.ini
c:\uninstall.exe\DesktopFile.cfx
c:\uninstall.exe\DisclaimED.dat
c:\uninstall.exe\DPF.str
c:\uninstall.exe\DrvRun.vbs
c:\uninstall.exe\dumphive.cfxxe
c:\uninstall.exe\embedded.sed
c:\uninstall.exe\en-US\ATTRIB.cfxxe.mui
c:\uninstall.exe\en-US\CF489.cfxxe.mui
c:\uninstall.exe\en-US\cmd.cfxxe.mui
c:\uninstall.exe\en-US\CSCRIPT.cfxxe.mui
c:\uninstall.exe\en-US\PING.cfxxe.mui
c:\uninstall.exe\en-US\REGT.cfxxe.mui
c:\uninstall.exe\en-US\ROUTE.cfxxe.mui
c:\uninstall.exe\ERDNT.e_e
c:\uninstall.exe\ERDNTDOS.LOC
c:\uninstall.exe\ERDNTWIN.LOC
c:\uninstall.exe\ERUNT.cfxxe
c:\uninstall.exe\erunt.dat
c:\uninstall.exe\ERUNT.LOC
c:\uninstall.exe\Exe.reg
c:\uninstall.exe\extract.cfxxe
c:\uninstall.exe\FavoriteFolder.cfx
c:\uninstall.exe\FavoritesFile.cfx
c:\uninstall.exe\FD-SV.cmd
c:\uninstall.exe\ffdefstr.dll
c:\uninstall.exe\FileKill.cfxxe
c:\uninstall.exe\files.pif
c:\uninstall.exe\Fin.dat
c:\uninstall.exe\FIND3M.bat
c:\uninstall.exe\FIXLSP.bat
c:\uninstall.exe\FKMGen.cmd
c:\uninstall.exe\GetHive.cmd
c:\uninstall.exe\grep.cfxxe
c:\uninstall.exe\gsar.cfxxe
c:\uninstall.exe\handle.cfxxe
c:\uninstall.exe\hidec.cfxxe
c:\uninstall.exe\history.bat
c:\uninstall.exe\hwid.pif
c:\uninstall.exe\image001.gif
c:\uninstall.exe\Imefile.dat
c:\uninstall.exe\Install-RC.cmd
c:\uninstall.exe\katch.cmd
c:\uninstall.exe\Kill-All.cmd
c:\uninstall.exe\kmd.dat
c:\uninstall.exe\Lang.bat
c:\uninstall.exe\List-B.bat
c:\uninstall.exe\List-C.bat
c:\uninstall.exe\List-D.bat
c:\uninstall.exe\List.bat
c:\uninstall.exe\lnkread.vbs
c:\uninstall.exe\LocalAppDataFile.cfx
c:\uninstall.exe\LocalAppDataFolder.cfx
c:\uninstall.exe\LocalService.dat
c:\uninstall.exe\LocalServiceNetworkRestricted.dat
c:\uninstall.exe\LocalSettingsFile.cfx
c:\uninstall.exe\LocalSystemNetworkRestricted.dat
c:\uninstall.exe\mbr.cfxxe
c:\uninstall.exe\mbr.chk
c:\uninstall.exe\md5sum.pif
c:\uninstall.exe\MoveIt.bat
c:\uninstall.exe\mtee.cfxxe
c:\uninstall.exe\MUI
c:\uninstall.exe\mynul.dat
c:\uninstall.exe\N_\10519
c:\uninstall.exe\N_\11673
c:\uninstall.exe\N_\14257
c:\uninstall.exe\N_\18670
c:\uninstall.exe\N_\23185
c:\uninstall.exe\N_\26784
c:\uninstall.exe\N_\30949
c:\uninstall.exe\N_\7770
c:\uninstall.exe\ncmd.com
c:\uninstall.exe\ND_.bat
c:\uninstall.exe\ND_64.bat
c:\uninstall.exe\ndis_combofix.dat
c:\uninstall.exe\netsvc.bad.dat
c:\uninstall.exe\netsvc.dat
c:\uninstall.exe\netsvc.vista.dat
c:\uninstall.exe\netsvc.xp.dat
c:\uninstall.exe\NetworkService.dat
c:\uninstall.exe\NirCmdC.cfxxe
c:\uninstall.exe\NlsLanguageDefault
c:\uninstall.exe\NT-OS.cmd
c:\uninstall.exe\NULL
c:\uninstall.exe\OSid.vbs
c:\uninstall.exe\pausep.cfxxe
c:\uninstall.exe\PersonalFile.cfx
c:\uninstall.exe\PersonalFolder.cfx
c:\uninstall.exe\pev.cfxxe
c:\uninstall.exe\PEV.exe
c:\uninstall.exe\pevb.cfxxe
c:\uninstall.exe\PING.cfxxe
c:\uninstall.exe\Policies.dat
c:\uninstall.exe\powp.dat
c:\uninstall.exe\Prep.inf
c:\uninstall.exe\ProfilesFile.cfx
c:\uninstall.exe\ProfilesFolder.cfx
c:\uninstall.exe\ProgramsFile.cfx
c:\uninstall.exe\ProgramsFolder.cfx
c:\uninstall.exe\Purity.dat
c:\uninstall.exe\PV.cfxxe
c:\uninstall.exe\pv.com
c:\uninstall.exe\rar_sfx.cmd
c:\uninstall.exe\RCLink.dat
c:\uninstall.exe\REGDACL.sed
c:\uninstall.exe\RegDo.sed
c:\uninstall.exe\region.dat
c:\uninstall.exe\RegScan.cmd
c:\uninstall.exe\RegScan64.cmd
c:\uninstall.exe\Resident.txt
c:\uninstall.exe\restore_pt.vbs
c:\uninstall.exe\Rkey.cmd
c:\uninstall.exe\rmbr.cfxxe
c:\uninstall.exe\rogues.dat
c:\uninstall.exe\ROUTE.cfxxe
c:\uninstall.exe\run2.sed
c:\uninstall.exe\Rust.str
c:\uninstall.exe\s0rt.cfxxe
c:\uninstall.exe\safeboot.dat
c:\uninstall.exe\safeboot.def.dat
c:\uninstall.exe\safeboot.def.vista.dat
c:\uninstall.exe\Safeboot.def.w7.dat
c:\uninstall.exe\sed.cfxxe
c:\uninstall.exe\SetEnvmt.bat
c:\uninstall.exe\setpath.cfxxe
c:\uninstall.exe\setpath_N.cmd
c:\uninstall.exe\SF.exe
c:\uninstall.exe\sfx.cmd
c:\uninstall.exe\SnapShot.cmd
c:\uninstall.exe\SRestore.cmd
c:\uninstall.exe\srizbi.md5
c:\uninstall.exe\Start_dat
c:\uninstall.exe\StartMenuFile.cfx
c:\uninstall.exe\StartMenuFolder.cfx
c:\uninstall.exe\StartUpFile.cfx
c:\uninstall.exe\SuppScan.cmd
c:\uninstall.exe\svc_wht.dat
c:\uninstall.exe\SvcDrv.vbs
c:\uninstall.exe\svchost.dat
c:\uninstall.exe\svchost.vista.dat
c:\uninstall.exe\svchost.vista.x64.dat
c:\uninstall.exe\svchost.w7.dat
c:\uninstall.exe\svchost.w7.x64.dat
c:\uninstall.exe\swreg.cfxxe
c:\uninstall.exe\swsc.cfxxe
c:\uninstall.exe\swxcacls.cfxxe
c:\uninstall.exe\system_ini.dat
c:\uninstall.exe\tail.cfxxe
c:\uninstall.exe\TemplatesFile.cfx
c:\uninstall.exe\TemplatesFolder.cfx
c:\uninstall.exe\toolbar.sed
c:\uninstall.exe\Update-CF.cmd
c:\uninstall.exe\VerCF.bat
c:\uninstall.exe\VInfo
c:\uninstall.exe\VInfo2
c:\uninstall.exe\VINFO3
c:\uninstall.exe\Vipev.dat
c:\uninstall.exe\Vista.krl
c:\uninstall.exe\Vista.mac
c:\uninstall.exe\vistaMcode.dat
c:\uninstall.exe\vistareg.dat
c:\uninstall.exe\vun.dat
c:\uninstall.exe\VwinTemp.dacl
c:\uninstall.exe\w_sock.dll
c:\uninstall.exe\w2k_sock.dll
c:\uninstall.exe\w2kreg.dat
c:\uninstall.exe\w7Mcode.dat
c:\uninstall.exe\w7reg.dat
c:\uninstall.exe\Wmi_rem.vbs
c:\uninstall.exe\xpmcode.dat
c:\uninstall.exe\xpreg.dat
c:\uninstall.exe\XPSBoot.reg
c:\uninstall.exe\zDomain.dat
c:\uninstall.exe\zhsvc.dat
c:\uninstall.exe\zip.cfxxe
c:\users\Tim\AppData\Roaming\isfree4_0.tmp
c:\users\Tim\AppData\Roaming\isfree4_1.tmp
c:\users\Tim\AppData\Roaming\ispro4_0.tmp
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Explorer.lnk
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bt5kp6ku.default\extensions\{39be5bb7-3584-426c-8e9c-87c0a3f68dc0}
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bt5kp6ku.default\extensions\{39be5bb7-3584-426c-8e9c-87c0a3f68dc0}\chrome.manifest
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bt5kp6ku.default\extensions\{39be5bb7-3584-426c-8e9c-87c0a3f68dc0}\chrome\xulcache.jar
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bt5kp6ku.default\extensions\{39be5bb7-3584-426c-8e9c-87c0a3f68dc0}\defaults\preferences\xulcache.js
c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bt5kp6ku.default\extensions\{39be5bb7-3584-426c-8e9c-87c0a3f68dc0}\install.rdf
c:\users\Tim\Favorites\Weather Toolbar and Smileys!.url
c:\users\Tim\GoToAssistDownloadHelper.exe
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))
.
.
2011-08-15 21:46 . 2011-08-15 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-15 15:20 . 2011-07-15 22:27 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-15 15:20 . 2011-08-15 15:20 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{504487E1-B0E8-4BAF-AE49-610BF87D4215}\MpKsl493c53b9.sys
2011-08-15 15:20 . 2011-07-15 22:27 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F3DFFD9-3A48-4B6C-9425-F8F91A52925D}\gapaengine.dll
2011-08-15 15:20 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{504487E1-B0E8-4BAF-AE49-610BF87D4215}\mpengine.dll
2011-08-10 03:06 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-04 04:48 . 2011-08-04 04:51 -------- d-----w- c:\program files\SpywareBlaster
2011-08-04 04:35 . 2011-08-04 04:35 -------- d-----w- c:\program files\Trend Micro
2011-08-02 02:59 . 2011-08-02 02:59 -------- d-----w- C:\Uninstall
2011-07-26 03:03 . 2011-07-26 03:03 -------- d-----w- c:\program files\Common Files\Java
2011-07-26 03:02 . 2011-07-26 03:01 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-26 03:02 . 2011-07-26 03:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-21 04:37 . 2011-08-15 15:04 -------- d-----w- c:\programdata\Immunet
2011-07-21 04:37 . 2011-07-21 04:37 -------- d-----w- c:\users\Tim\AppData\Local\Immunet
2011-07-21 04:35 . 2011-07-21 04:35 -------- d-----w- c:\programdata\Google Updater
2011-07-21 04:35 . 2011-07-21 04:35 -------- d-----w- c:\program files\Google
2011-07-20 22:19 . 2011-07-20 22:19 -------- d-----w- c:\users\Tim\AppData\Roaming\Malwarebytes
2011-07-20 22:19 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-20 22:19 . 2011-07-20 22:19 -------- d-----w- c:\programdata\Malwarebytes
2011-07-20 22:19 . 2011-07-20 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-20 22:19 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-20 22:03 . 2011-08-04 04:42 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-20 22:03 . 2011-07-20 22:03 -------- d-----w- c:\programdata\Hitman Pro
2011-07-20 05:09 . 2011-07-20 05:09 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-20 05:04 . 2011-07-23 21:38 -------- d-----w- c:\programdata\Lavasoft
2011-07-20 05:04 . 2011-07-20 05:04 -------- d-----w- c:\program files\Lavasoft
2011-07-20 00:09 . 2011-07-20 00:09 -------- d-----w- c:\program files\Apple Software Update
2011-07-20 00:03 . 2011-07-20 00:03 -------- d-----w- c:\program files\Bonjour
2011-07-17 01:21 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 22:27 . 2011-07-15 22:28 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19334826-F5ED-4BA3-965F-C40404D7F1DF}\gapaengine.dll
2011-06-07 15:55 . 2011-07-15 18:07 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61D7448F-8314-4B8A-9992-46AEFF085BA2}\mpengine.dll
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 12:59 . 2011-07-14 00:49 2042368 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobiLink Lite"="c:\program files\Novatel Wireless\MobiLink\Lite.exe" [2008-01-11 401480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"cdloader"="c:\users\Tim\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-05-16 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SecurityScan.lnk - c:\program files\McAfee Security Scan\2.1.119\SSScheduler.exe [2010-3-8 255536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-07-02 03:12 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-26 00:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 01:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-26 00:45 136216 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-26 00:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 01:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-15 00:25 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 23:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe Version Cue CS4"=3 (0x3)
"aswUpdSv"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"Bonjour Service"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"Com4QLBEx"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"HP Health Check Service"=2 (0x2)
"GameConsoleService"=3 (0x3)
"hpqcxs08"=3 (0x3)
"hpqddsvc"=2 (0x2)
"hpqwmiex"=3 (0x3)
"IDriverT"=3 (0x3)
"iPod Service"=3 (0x3)
"Net Driver HPZ12"=2 (0x2)
"Recovery Service for Windows"=2 (0x2)
"RoxLiveShare9"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"LightScribeService"=2 (0x2)
"XAudioService"=2 (0x2)
.
R1 MpKsl1181d220;MpKsl1181d220;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E62485-7A1B-4FE3-9B0B-14FA89FAD9EF}\MpKsl1181d220.sys [x]
R1 MpKsl39361ab0;MpKsl39361ab0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2FF03F0-7EB5-4D01-BA7F-DBC65B6018A1}\MpKsl39361ab0.sys [x]
R1 MpKslfa290d40;MpKslfa290d40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{087364F3-73D9-42E3-A507-F79C375B916C}\MpKslfa290d40.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.119\McCHSvc.exe [2010-03-08 227232]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 99200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S1 MpKsl493c53b9;MpKsl493c53b9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{504487E1-B0E8-4BAF-AE49-610BF87D4215}\MpKsl493c53b9.sys [2011-08-15 28752]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-05-24 143360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 41834841
*NewlyCreated* - MPKSL493C53B9
*Deregistered* - 41834841
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-07-21 04:35]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1512131602-3806726369-2959656117-1000Core.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-20 02:54]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1512131602-3806726369-2959656117-1000UA.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-20 02:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bt5kp6ku.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51778
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoRedirect: {c1970c0d-dbe6-4d91-804f-c9c0de643a57} - %profile%\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E161807A-1857-44A6-AB57-D988E14D6379} - c:\windows\system32\atmfd32.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-15 17:46
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
[0] 0x68EC81E5
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-15 17:51:19
ComboFix-quarantined-files.txt 2011-08-15 21:51
.
Pre-Run: 131,522,928,640 bytes free
Post-Run: 131,471,368,192 bytes free
.
- - End Of File - - D0BE9239FC803D95FD018FCE8E29C382

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:00 AM

Posted 15 August 2011 - 05:08 PM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FireFox::
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bt5kp6ku.default\
FF - prefs.js: network.proxy.http_port - 51778

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Turvy

Turvy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 16 August 2011 - 07:36 PM

ComboFix 11-08-15.08 - Tim 08/15/2011 22:43:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1669 [GMT -4:00]
Running from: c:\users\Tim\Desktop\ComboFix.exe
Command switches used :: c:\users\Tim\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-16 02:51 . 2011-08-16 02:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-15 15:20 . 2011-07-15 22:27 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-15 15:20 . 2011-08-15 15:20 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{504487E1-B0E8-4BAF-AE49-610BF87D4215}\MpKsl493c53b9.sys
2011-08-15 15:20 . 2011-07-15 22:27 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F3DFFD9-3A48-4B6C-9425-F8F91A52925D}\gapaengine.dll
2011-08-15 15:20 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{504487E1-B0E8-4BAF-AE49-610BF87D4215}\mpengine.dll
2011-08-10 03:06 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-04 04:48 . 2011-08-04 04:51 -------- d-----w- c:\program files\SpywareBlaster
2011-08-04 04:35 . 2011-08-04 04:35 -------- d-----w- c:\program files\Trend Micro
2011-08-02 02:59 . 2011-08-02 02:59 -------- d-----w- C:\Uninstall
2011-07-26 03:03 . 2011-07-26 03:03 -------- d-----w- c:\program files\Common Files\Java
2011-07-26 03:02 . 2011-07-26 03:01 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-26 03:02 . 2011-07-26 03:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-21 04:37 . 2011-08-15 15:04 -------- d-----w- c:\programdata\Immunet
2011-07-21 04:37 . 2011-07-21 04:37 -------- d-----w- c:\users\Tim\AppData\Local\Immunet
2011-07-21 04:35 . 2011-07-21 04:35 -------- d-----w- c:\programdata\Google Updater
2011-07-21 04:35 . 2011-07-21 04:35 -------- d-----w- c:\program files\Google
2011-07-20 22:19 . 2011-07-20 22:19 -------- d-----w- c:\users\Tim\AppData\Roaming\Malwarebytes
2011-07-20 22:19 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-20 22:19 . 2011-07-20 22:19 -------- d-----w- c:\programdata\Malwarebytes
2011-07-20 22:19 . 2011-07-20 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-20 22:19 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-20 22:03 . 2011-08-04 04:42 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-20 22:03 . 2011-07-20 22:03 -------- d-----w- c:\programdata\Hitman Pro
2011-07-20 05:09 . 2011-07-20 05:09 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-20 05:04 . 2011-07-23 21:38 -------- d-----w- c:\programdata\Lavasoft
2011-07-20 05:04 . 2011-07-20 05:04 -------- d-----w- c:\program files\Lavasoft
2011-07-20 00:09 . 2011-07-20 00:09 -------- d-----w- c:\program files\Apple Software Update
2011-07-20 00:03 . 2011-07-20 00:03 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 22:27 . 2011-07-15 22:28 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19334826-F5ED-4BA3-965F-C40404D7F1DF}\gapaengine.dll
2011-07-13 03:39 . 2011-07-17 01:21 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-07 15:55 . 2011-07-15 18:07 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61D7448F-8314-4B8A-9992-46AEFF085BA2}\mpengine.dll
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 12:59 . 2011-07-14 00:49 2042368 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobiLink Lite"="c:\program files\Novatel Wireless\MobiLink\Lite.exe" [2008-01-11 401480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"cdloader"="c:\users\Tim\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-05-16 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SecurityScan.lnk - c:\program files\McAfee Security Scan\2.1.119\SSScheduler.exe [2010-3-8 255536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-07-02 03:12 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-26 00:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 01:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-26 00:45 136216 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-26 00:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 01:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-15 00:25 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 23:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe Version Cue CS4"=3 (0x3)
"aswUpdSv"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"Bonjour Service"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"Com4QLBEx"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"HP Health Check Service"=2 (0x2)
"GameConsoleService"=3 (0x3)
"hpqcxs08"=3 (0x3)
"hpqddsvc"=2 (0x2)
"hpqwmiex"=3 (0x3)
"IDriverT"=3 (0x3)
"iPod Service"=3 (0x3)
"Net Driver HPZ12"=2 (0x2)
"Recovery Service for Windows"=2 (0x2)
"RoxLiveShare9"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"LightScribeService"=2 (0x2)
"XAudioService"=2 (0x2)
.
R1 MpKsl1181d220;MpKsl1181d220;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E62485-7A1B-4FE3-9B0B-14FA89FAD9EF}\MpKsl1181d220.sys [x]
R1 MpKsl39361ab0;MpKsl39361ab0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2FF03F0-7EB5-4D01-BA7F-DBC65B6018A1}\MpKsl39361ab0.sys [x]
R1 MpKslfa290d40;MpKslfa290d40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{087364F3-73D9-42E3-A507-F79C375B916C}\MpKslfa290d40.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.119\McCHSvc.exe [2010-03-08 227232]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 99200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S1 MpKsl493c53b9;MpKsl493c53b9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{504487E1-B0E8-4BAF-AE49-610BF87D4215}\MpKsl493c53b9.sys [2011-08-15 28752]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-05-24 143360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 41834841
*NewlyCreated* - MPKSL493C53B9
*Deregistered* - 41834841
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-07-21 04:35]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1512131602-3806726369-2959656117-1000Core.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-20 02:54]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1512131602-3806726369-2959656117-1000UA.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-20 02:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bt5kp6ku.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoRedirect: {c1970c0d-dbe6-4d91-804f-c9c0de643a57} - %profile%\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-15 22:51
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4748)
c:\users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-08-15 22:55:32
ComboFix-quarantined-files.txt 2011-08-16 02:55
ComboFix2.txt 2011-08-15 21:51
.
Pre-Run: 131,553,554,432 bytes free
Post-Run: 131,503,370,240 bytes free
.
- - End Of File - - A4BAD8EF7C63DA4F0CD7772BC18CBFDD



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7476

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

8/15/2011 11:00:27 PM
mbam-log-2011-08-15 (23-00-27).txt

Scan type: Quick scan
Objects scanned: 182742
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

MBAM-Log
Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESETSCAN
C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bt5kp6ku.default\extensions\{39be5bb7-3584-426c-8e9c-87c0a3f68dc0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bt5kp6ku.default\extensions\{39be5bb7-3584-426c-8e9c-87c0a3f68dc0}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5cddf7d0-169cac4a multiple threats
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6dfdeab1-217a04f0 Java/Agent.BV trojan

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:00 AM

Posted 16 August 2011 - 07:48 PM

Hi

Please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date.
Java™ 6 Update 26 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT


Please post a fresh DDS Log and advise how your computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Turvy

Turvy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 16 August 2011 - 08:07 PM

Quick question: not sure if you saw the ESETSCAN log, but it showed trojans? Do i need to re-run ESET with the "Remove found threats" option ticked?
ESETSCAN
C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bt5kp6ku.default\extensions\{39be5bb7-3584-426c-8e9c-87c0a3f68dc0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bt5kp6ku.default\extensions\{39be5bb7-3584-426c-8e9c-87c0a3f68dc0}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5cddf7d0-169cac4a multiple threats
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6dfdeab1-217a04f0 Java/Agent.BV trojan


Heres the new DDS Log:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_26
Run by Tim at 21:02:04 on 2011-08-16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1441 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Novatel Wireless\Mobilink\Lite.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\McAfee Security Scan\2.1.119\SSScheduler.exe
C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\Explorer.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: MRI_DISABLED - No File
BHO: AcroIEHelperStub - No File
BHO: SmartSelect - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: MRI_DISABLED - No File
uRun: [MobiLink Lite] c:\program files\novatel wireless\mobilink\Lite.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [cdloader] "c:\users\tim\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [AdobeUpdater6] "c:\program files\common files\adobe\updater6\Adobe_Updater.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\tim\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tim\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\securi~1.lnk - c:\program files\mcafee security scan\2.1.119\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{2BC6A3A5-4E93-4F27-A9FA-84EC0C5D3A70} : DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DhcpNameServer = 192.168.2.1 68.87.73.246 68.87.71.230
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tim\appdata\roaming\mozilla\firefox\profiles\bt5kp6ku.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\tim\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\users\tim\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\tim\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoRedirect: {c1970c0d-dbe6-4d91-804f-c9c0de643a57} - %profile%\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 143360]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-8 1153368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-20 22712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-20 366640]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.119\McCHSvc.exe [2010-3-8 227232]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-10-12 99200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
.
=============== Created Last 30 ================
.
2011-08-17 00:50:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-16 21:57:08 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4d9efbda-30df-4a79-8087-dc225f477e59}\mpengine.dll
2011-08-16 03:02:54 -------- d-----w- c:\program files\ESET
2011-08-16 02:53:17 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-15 15:20:57 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-08-15 15:20:54 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1f3dffd9-3a48-4b6c-9425-f8f91a52925d}\gapaengine.dll
2011-08-10 03:06:17 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-05 00:08:50 98816 ----a-w- c:\windows\sed.exe
2011-08-05 00:08:50 518144 ----a-w- c:\windows\SWREG.exe
2011-08-05 00:08:50 256000 ----a-w- c:\windows\PEV.exe
2011-08-05 00:08:50 208896 ----a-w- c:\windows\MBR.exe
2011-08-04 04:48:32 -------- d-----w- c:\program files\SpywareBlaster
2011-08-04 04:35:17 -------- d-----w- c:\program files\Trend Micro
2011-08-02 02:59:04 -------- d-----w- C:\Uninstall
2011-07-26 03:02:58 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-07-26 03:02:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-21 04:37:17 -------- d-----w- c:\users\tim\appdata\local\Immunet
2011-07-21 04:37:17 -------- d-----w- c:\programdata\Immunet
2011-07-20 22:19:53 -------- d-----w- c:\users\tim\appdata\roaming\Malwarebytes
2011-07-20 22:19:41 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-20 22:19:39 -------- d-----w- c:\programdata\Malwarebytes
2011-07-20 22:19:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-20 22:19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-20 22:03:53 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-20 22:03:30 -------- d-----w- c:\programdata\Hitman Pro
2011-07-20 05:09:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-20 05:04:41 -------- d-----w- c:\program files\Lavasoft
2011-07-20 00:03:49 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 12:59:29 2042368 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:03:18.45 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/6/2009 9:58:52 PM
System Uptime: 8/15/2011 5:32:53 PM (28 hours ago)
.
Motherboard: Hewlett-Packard | | 3612
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 1200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 122.771 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.806 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 233 GiB total, 116.867 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP697: 7/25/2011 10:26:52 PM - Windows Update
RP698: 7/25/2011 10:59:54 PM - Installed Java™ 6 Update 26
RP699: 7/27/2011 1:04:09 AM - Windows Update
RP700: 7/28/2011 6:41:11 PM - Windows Update
RP701: 8/1/2011 5:12:30 PM - Windows Update
RP702: 8/2/2011 2:02:01 AM - Windows Update
RP703: 8/2/2011 8:00:51 PM - Windows Update
RP704: 8/3/2011 2:01:15 AM - Windows Update
RP705: 8/3/2011 8:00:51 PM - Windows Update
RP706: 8/5/2011 2:24:44 AM - Windows Update
RP707: 8/6/2011 2:37:27 AM - Scheduled Checkpoint
RP708: 8/6/2011 9:31:59 PM - Windows Update
RP709: 8/7/2011 2:19:16 AM - Windows Update
RP710: 8/8/2011 1:57:57 AM - Scheduled Checkpoint
RP711: 8/8/2011 2:19:11 AM - Windows Update
RP712: 8/9/2011 6:54:04 PM - Windows Update
RP713: 8/11/2011 1:33:58 AM - Windows Update
RP714: 8/11/2011 3:00:26 AM - Windows Update
RP715: 8/15/2011 11:05:27 AM - avast! Free Antivirus Setup
RP716: 8/15/2011 11:19:33 AM - Windows Update
RP717: 8/16/2011 11:07:33 AM - Scheduled Checkpoint
RP718: 8/16/2011 5:55:40 PM - Windows Update
RP719: 8/16/2011 8:50:56 PM - Installed Adobe Reader X (10.1.0).
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Web Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Digital Editions
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.0)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Audacity 1.2.6
BlackBerry Desktop Software 5.0
BlackBerry Device Software Updater
Bonjour
BufferChm
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Connect
Copy
CustomerResearchQFolder
CyberLink DVD Suite
CyberLink YouCam
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Dropbox
ESET Online Scanner v3
ESU for Microsoft Vista
eSupportQFolder
F2100
F2100_doccd
F2100_Help
gBurner
GoldWave v5.52
Google Talk Plugin
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing 4.60
HP Solution Center 9.0
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
HPTCSSetup
IHA_MessageCenter
Intel® Graphics Media Accelerator Driver
iSpring Free 4.2
iTunes
iTunes Library Updater
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
K-Lite Codec Pack 4.7.5 (Full)
kuler
LabelPrint
LAME v3.98.2 for Audacity
LightScribe System Software 1.14.17.1
LimeWire 5.4.6
LiveUpload to Facebook
magicJack
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time Lib Setup
Microsoft Works
Mobilink Lite
Mozilla Firefox (3.6.18)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
Norton Internet Security
OGA Notifier 2.0.0048.0
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Power2Go
PowerDirector
Prism Video Converter
PSSWCORE
PureVoice
QuickTime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.0
runtime
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SecurityScan
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SnagIt 9
SolutionCenter
SPORE Creature Creator Trial Edition
Spybot - Search & Destroy
SpywareBlaster 4.4
Status
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
VC80CRTRedist - 8.0.50727.4053
Veoh Web Player
Verizon Help and Support Tool
VideoToolkit01
VLC media player 1.1.4
Vuze
Vz In Home Agent
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== End Of File ===========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users