Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Really bad Malware and possible virus - unable to uninstall


  • This topic is locked This topic is locked
85 replies to this topic

#1 Angel Rodriquez

Angel Rodriquez

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 21 September 2011 - 08:55 PM

I have something on my computer that is doing some pretty nasty things. I started noticing things when it started redirecting my Google searches. I tried to run Malware Bytes and ComboFix but whatever I have shuts them down after a few seconds and then refuses to let me open them again. Microsoft Security Essentials can no longer be activated and I am getting odd prompts from my Firewall asking to unblock certain programs that were, previously, standard issue.

I have even tried running malware removal in safe mode and can't get anything to work.

Please help.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:09 AM

Posted 21 September 2011 - 09:45 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 26 September 2011 - 09:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419942 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Angel Rodriquez

Angel Rodriquez
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 04 October 2011 - 05:38 PM

I ran ComboFix a while back to solve this issue.

Then my problem came back so I ran it again to fix the issue.

I want to make sure the problem is fully fixed so below is the log it produced.

My main problem, now, is whatever malware I had before kept blocking out certain antivirus program everytime I downloaded them. Now I have a bunch of "empty" useless program files on my desktop that can not run and I can not delete (Access Denied) even in Safe Mode.


ComboFix 11-10-04.04 - Owner 10/04/2011  14:51:10.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.958.618 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix3.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\vso_ts_preview.xml
c:\windows\$NtUninstallKB46472$\2718951544\@
c:\windows\$NtUninstallKB46472$\2718951544\bckfg.tmp
c:\windows\$NtUninstallKB46472$\2718951544\cfg.ini
c:\windows\$NtUninstallKB46472$\2718951544\Desktop.ini
c:\windows\$NtUninstallKB46472$\2718951544\keywords
c:\windows\$NtUninstallKB46472$\2718951544\kwrd.dll
c:\windows\$NtUninstallKB46472$\2718951544\L\cuofphfn
c:\windows\$NtUninstallKB46472$\2718951544\lsflt7.ver
c:\windows\$NtUninstallKB46472$\2718951544\U\00000001.@
c:\windows\$NtUninstallKB46472$\2718951544\U\00000002.@
c:\windows\$NtUninstallKB46472$\2718951544\U\80000000.@
c:\windows\$NtUninstallKB46472$\2718951544\U\80000032.@
c:\windows\$NtUninstallKB46472$\2902476909
c:\windows\system32\ 
c:\windows\system32\d3d9caps.dat
c:\windows\$NtUninstallKB46472$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected 
Restored copy from - The cat found it <img src='http://www.bleepingcomputer.com/forums/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_a20fe878
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-04 to 2011-10-04  )))))))))))))))))))))))))))))))
.
.
2011-10-04 21:46 . 2008-06-20 11:59	361600	-c--a-w-	c:\windows\system32\dllcache\tcpip.sys
2011-10-04 21:46 . 2008-06-20 11:59	361600	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-10-04 21:32 . 2011-10-04 21:32	--------	d--h--w-	c:\windows\PIF
2011-10-04 21:24 . 2011-10-04 21:24	56200	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96B40525-D921-476A-B4A2-9AD4BABBEB4E}\offreg.dll
2011-10-04 21:24 . 2011-09-12 23:14	7269712	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96B40525-D921-476A-B4A2-9AD4BABBEB4E}\mpengine.dll
2011-10-04 21:22 . 2011-10-04 21:23	--------	d-----w-	c:\program files\Microsoft Security Client
2011-10-04 19:37 . 2011-10-04 19:37	--------	d-sh--w-	c:\documents and settings\NetworkService\IETldCache
2011-09-27 18:54 . 2001-08-17 20:47	12928	-c--a-w-	c:\windows\system32\dllcache\dot4prt.sys
2011-09-27 18:54 . 2001-08-17 20:47	12928	----a-w-	c:\windows\system32\drivers\Dot4Prt.sys
2011-09-27 18:53 . 2008-04-13 17:39	206976	-c--a-w-	c:\windows\system32\dllcache\dot4.sys
2011-09-27 18:53 . 2008-04-13 17:39	206976	----a-w-	c:\windows\system32\drivers\Dot4.sys
2011-09-27 18:53 . 2001-08-17 20:47	23808	-c--a-w-	c:\windows\system32\dllcache\dot4usb.sys
2011-09-27 18:53 . 2001-08-17 20:47	23808	----a-w-	c:\windows\system32\drivers\Dot4usb.sys
2011-09-22 02:42 . 2008-04-13 18:40	42112	----a-w-	c:\windows\system32\drivers\imapi.sys
2011-09-22 02:21 . 2011-09-22 02:21	--------	d-----w-	C:\TDSSKiller_Quarantine
2011-09-14 20:49 . 2011-10-04 21:29	--------	d-----w-	c:\documents and settings\Owner\Application Data\uTorrent
2011-09-11 01:57 . 2011-09-11 01:57	--------	d-----w-	c:\documents and settings\Owner\Application Data\StreamTorrent
2011-09-11 01:57 . 2011-09-11 01:57	--------	d-----w-	c:\program files\StreamTorrent 1.0
2011-09-10 20:49 . 2011-09-10 20:49	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
2011-09-10 20:49 . 2011-09-14 20:33	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\Conduit
2011-09-10 20:48 . 2011-09-10 20:50	--------	d-----w-	c:\program files\vShare.tv plugin
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 15:22 . 2011-05-18 22:20	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-22 02:35 . 2006-02-28 12:00	52480	----a-w-	c:\windows\system32\drivers\i8042prt.sys
2011-09-22 02:17 . 2006-02-28 12:00	138496	----a-w-	c:\windows\system32\drivers\afd.sys
2011-09-22 02:14 . 2010-11-12 21:54	57600	----a-w-	c:\windows\system32\drivers\redbook.sys
2011-09-09 09:12 . 2006-02-28 12:00	599040	----a-w-	c:\windows\system32\crypt32.dll
2011-07-19 18:28 . 2010-12-04 13:32	13312	----a-w-	c:\windows\system32\drivers\pneteth.sys
2011-07-15 13:29 . 2006-02-28 12:00	456320	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-02-28 12:00	10496	----a-w-	c:\windows\system32\drivers\ndistapi.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-09-22_02.56.17   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-04 22:00 . 2011-10-04 22:00	16384              c:\windows\temp\Perflib_Perfdata_1fc.dat
- 2011-06-25 03:06 . 2010-10-19 20:51	222080              c:\windows\system32\MpSigStub.exe
+ 2011-06-25 03:06 . 2011-05-25 02:14	222080              c:\windows\system32\MpSigStub.exe
+ 2011-10-04 15:22 . 2011-10-04 15:22	243360              c:\windows\system32\Macromed\Flash\FlashUtil10x_Plugin.exe
+ 2011-06-24 05:16 . 2007-01-17 08:37	286720              c:\windows\system32\HPZc3212.dll
+ 2011-10-04 21:23 . 2011-10-04 21:23	785920              c:\windows\Installer\1eccc.msi
+ 2011-10-04 21:23 . 2011-10-04 21:23	483840              c:\windows\Installer\1ecc6.msi
+ 2011-10-04 21:23 . 2011-10-04 21:23	301056              c:\windows\Installer\1ecc1.msi
- 2010-11-23 10:23 . 2011-09-12 15:10	6277280              c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-11-23 10:23 . 2011-10-04 15:22	6277280              c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-11-13 07:10 . 2011-09-28 10:00	47369160              c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"E2A6CA641BD771C06D3776C293639FEB79099F12._service_run"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011-09-20 1030200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 11:44	500208	------w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 12:57	406992	----a-w-	c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E2A6CA641BD771C06D3776C293639FEB79099F12._service_run]
2011-09-20 03:07	1030200	----a-w-	c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-30 03:17	136176	----atw-	c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22	3739648	----a-w-	c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 04:17	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31	80896	----a-w-	c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 08:40	421160	-c--a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2003-07-13 09:49	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]
2010-11-07 06:24	1867888	----a-w-	c:\program files\PeerBlock\peerblock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 21:37	517096	----a-w-	c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\GreedyTorrent\\GTor.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\TweetDeck\\TweetDeck.exe"=
"c:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6789:TCP"= 6789:TCP:TCP Port 6789
"6789:UDP"= 6789:UDP:UDP Port 6789
.
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [1/25/2005 3:26 PM 200576]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/29/2010 9:20 PM 47360]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [12/4/2010 6:32 AM 13312]
S1 MpKsl0afa3823;MpKsl0afa3823;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83AEB394-D653-44C4-9637-8DD086971252}\MpKsl0afa3823.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83AEB394-D653-44C4-9637-8DD086971252}\MpKsl0afa3823.sys [?]
S1 MpKsl151e56da;MpKsl151e56da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFCE4D54-4C6D-4AE5-A2F9-C1838CCB3B4E}\MpKsl151e56da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFCE4D54-4C6D-4AE5-A2F9-C1838CCB3B4E}\MpKsl151e56da.sys [?]
S1 MpKsl3684419a;MpKsl3684419a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17C3DB7B-F1E0-4713-9E47-FB367F7998C9}\MpKsl3684419a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17C3DB7B-F1E0-4713-9E47-FB367F7998C9}\MpKsl3684419a.sys [?]
S1 MpKsl3bae4e90;MpKsl3bae4e90;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB467ED1-94F4-450D-8B09-A3870692BDFB}\MpKsl3bae4e90.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB467ED1-94F4-450D-8B09-A3870692BDFB}\MpKsl3bae4e90.sys [?]
S1 MpKsl69c3d908;MpKsl69c3d908;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB467ED1-94F4-450D-8B09-A3870692BDFB}\MpKsl69c3d908.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB467ED1-94F4-450D-8B09-A3870692BDFB}\MpKsl69c3d908.sys [?]
S1 MpKsl6e4530cb;MpKsl6e4530cb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F6331BE-2DAE-4DFC-B1FD-A3D4DA2C310C}\MpKsl6e4530cb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F6331BE-2DAE-4DFC-B1FD-A3D4DA2C310C}\MpKsl6e4530cb.sys [?]
S1 MpKsl874f2937;MpKsl874f2937;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96B40525-D921-476A-B4A2-9AD4BABBEB4E}\MpKsl874f2937.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96B40525-D921-476A-B4A2-9AD4BABBEB4E}\MpKsl874f2937.sys [?]
S1 MpKsl975dfa2a;MpKsl975dfa2a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB467ED1-94F4-450D-8B09-A3870692BDFB}\MpKsl975dfa2a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB467ED1-94F4-450D-8B09-A3870692BDFB}\MpKsl975dfa2a.sys [?]
S1 MpKsla9727e04;MpKsla9727e04;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83AEB394-D653-44C4-9637-8DD086971252}\MpKsla9727e04.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83AEB394-D653-44C4-9637-8DD086971252}\MpKsla9727e04.sys [?]
S1 MpKslad49ce60;MpKslad49ce60;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DBD1DB8D-43B5-4152-A953-F9052737A098}\MpKslad49ce60.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DBD1DB8D-43B5-4152-A953-F9052737A098}\MpKslad49ce60.sys [?]
S1 MpKslb9fbf66a;MpKslb9fbf66a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E39BEB0B-917E-4A37-8BA1-DBF502E33715}\MpKslb9fbf66a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E39BEB0B-917E-4A37-8BA1-DBF502E33715}\MpKslb9fbf66a.sys [?]
S1 MpKsled4fd865;MpKsled4fd865;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40621B92-5278-4092-AC5D-224ECAF32249}\MpKsled4fd865.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40621B92-5278-4092-AC5D-224ECAF32249}\MpKsled4fd865.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/27/2010 11:42 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/27/2010 11:42 PM 136176]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/29/2010 12:49 AM 19056]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [12/4/2010 6:17 AM 9472]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
S3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\drivers\lgvzandnetadb.sys [2/17/2011 11:37 PM 25984]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\drivers\lgvzandnetdiag.sys [2/17/2011 11:34 PM 23296]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\drivers\lgvzandnetmdm.sys [2/17/2011 11:35 PM 28288]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\drivers\lgvzandnetndis.sys [2/17/2011 11:35 PM 70528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 08:23]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 08:23]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 03:17]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 03:17]
.
2011-10-04 c:\windows\Tasks\User_Feed_Synchronization-{6118BEA7-ED74-4841-83FC-E1D66611DD63}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.igoogle.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xgxp78xn.default\
FF - prefs.js: browser.search.selectedEngine - The Pirate Bay
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Firefox (default): {972ce4c6-7e08-4474-a285-3208198ce6fd} - %profile%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: foursquarefox | foursquare for Firefox: {8D8755DA-0541-4E4C-818A-99188622BA02} - %profile%\extensions\{8D8755DA-0541-4E4C-818A-99188622BA02}
FF - Ext: Google+Facebook: crossriderapp519@crossrider.com - %profile%\extensions\crossriderapp519@crossrider.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-04 15:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.imapi]
"ImagePath"="\*"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(700)
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Completion time: 2011-10-04  15:04:22 - machine was rebooted
ComboFix-quarantined-files.txt  2011-10-04 22:04
ComboFix2.txt  2011-09-22 03:00
.
Pre-Run: 13,662,633,984 bytes free
Post-Run: 13,827,227,648 bytes free
.
- - End Of File - - 4218A6A5C58AC3D6F20EBC0EB4E3C3CB


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:09 AM

Posted 04 October 2011 - 11:54 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


File::
c:\windows\system32\ConduitEngine.tmp

Folder::
c:\documents and settings\Owner\Local Settings\Application Data\Conduit


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[b]"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:09 AM

Posted 08 October 2011 - 12:42 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:09 AM

Posted 11 October 2011 - 10:02 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:09 AM

Posted 11 October 2011 - 06:00 PM

topic has been reopened
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Angel Rodriquez

Angel Rodriquez
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 11 October 2011 - 06:28 PM

Here is the more recent ComboFix log:

[ce]
ComboFix 11-10-04.04 - Owner 10/06/2011 14:03:21.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.599 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix3.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\ConduitEngine.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Local Settings\Application Data\Conduit
c:\windows\system32\ConduitEngine.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))))))
.
.
2011-10-06 20:55 . 2011-10-06 20:55 -------- d-----w- C:\ComboFix3
2011-10-06 15:15 . 2011-10-06 15:15 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C207165-AF47-45C6-BB6E-89EB72A8493B}\MpKslfcd34e7c.sys
2011-10-06 15:14 . 2011-10-06 15:14 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C207165-AF47-45C6-BB6E-89EB72A8493B}\offreg.dll
2011-10-06 15:14 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C207165-AF47-45C6-BB6E-89EB72A8493B}\mpengine.dll
2011-10-05 23:47 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-04 22:06 . 2011-10-04 22:06 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-04 21:46 . 2008-06-20 11:59 361600 -c--a-w- c:\windows\system32\dllcache\tcpip.sys
2011-10-04 21:46 . 2008-06-20 11:59 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-04 21:32 . 2011-10-04 21:32 -------- d--h--w- c:\windows\PIF
2011-10-04 19:37 . 2011-10-04 19:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-27 18:54 . 2001-08-17 20:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2011-09-27 18:54 . 2001-08-17 20:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2011-09-27 18:53 . 2008-04-13 17:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2011-09-27 18:53 . 2008-04-13 17:39 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2011-09-27 18:53 . 2001-08-17 20:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2011-09-27 18:53 . 2001-08-17 20:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2011-09-22 02:42 . 2008-04-13 18:40 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-09-22 02:21 . 2011-09-22 02:21 -------- d-----w- C:\TDSSKiller_Quarantine
2011-09-14 20:49 . 2011-10-06 20:33 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2011-09-11 01:57 . 2011-09-11 01:57 -------- d-----w- c:\documents and settings\Owner\Application Data\StreamTorrent
2011-09-11 01:57 . 2011-09-11 01:57 -------- d-----w- c:\program files\StreamTorrent 1.0
2011-09-10 20:48 . 2011-09-10 20:50 -------- d-----w- c:\program files\vShare.tv plugin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 15:22 . 2011-05-18 22:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-22 02:35 . 2006-02-28 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-09-22 02:17 . 2006-02-28 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-22 02:14 . 2010-11-12 21:54 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-09-09 09:12 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-19 18:28 . 2010-12-04 13:32 13312 ----a-w- c:\windows\system32\drivers\pneteth.sys
2011-07-15 13:29 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-22_02.56.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-05 15:00 . 2011-10-05 15:00 16384 c:\windows\temp\Perflib_Perfdata_c0.dat
- 2011-06-25 03:06 . 2010-10-19 20:51 222080 c:\windows\system32\MpSigStub.exe
+ 2011-06-25 03:06 . 2011-05-25 02:14 222080 c:\windows\system32\MpSigStub.exe
+ 2011-10-04 15:22 . 2011-10-04 15:22 243360 c:\windows\system32\Macromed\Flash\FlashUtil10x_Plugin.exe
+ 2011-06-24 05:16 . 2007-01-17 08:37 286720 c:\windows\system32\HPZc3212.dll
+ 2011-10-04 22:06 . 2011-10-04 22:06 785920 c:\windows\Installer\4b99f.msi
+ 2011-10-04 22:06 . 2011-10-04 22:06 483840 c:\windows\Installer\4b999.msi
+ 2011-10-04 22:06 . 2011-10-04 22:06 301056 c:\windows\Installer\4b994.msi
- 2010-11-23 10:23 . 2011-09-12 15:10 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-11-23 10:23 . 2011-10-04 15:22 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-11-13 07:10 . 2011-09-28 10:00 47369160 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"E2A6CA641BD771C06D3776C293639FEB79099F12._service_run"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011-09-20 1030200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 11:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 12:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E2A6CA641BD771C06D3776C293639FEB79099F12._service_run]
2011-09-20 03:07 1030200 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-30 03:17 136176 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 04:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 08:40 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2003-07-13 09:49 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]
2010-11-07 06:24 1867888 ----a-w- c:\program files\PeerBlock\peerblock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 21:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\GreedyTorrent\\GTor.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TweetDeck\\TweetDeck.exe"=
"c:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6789:TCP"= 6789:TCP:TCP Port 6789
"6789:UDP"= 6789:UDP:UDP Port 6789
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 MpKsl2e62ca43;MpKsl2e62ca43;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31A41F7D-57E9-4BA7-99CC-F3E296916E57}\MpKsl2e62ca43.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31A41F7D-57E9-4BA7-99CC-F3E296916E57}\MpKsl2e62ca43.sys [?]
R1 MpKslfcd34e7c;MpKslfcd34e7c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C207165-AF47-45C6-BB6E-89EB72A8493B}\MpKslfcd34e7c.sys [10/6/2011 8:15 AM 28752]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [1/25/2005 3:26 PM 200576]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/29/2010 9:20 PM 47360]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [12/4/2010 6:32 AM 13312]
S1 MpKsl0afa3823;MpKsl0afa3823;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83AEB394-D653-44C4-9637-8DD086971252}\MpKsl0afa3823.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83AEB394-D653-44C4-9637-8DD086971252}\MpKsl0afa3823.sys [?]
S1 MpKsl151e56da;MpKsl151e56da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFCE4D54-4C6D-4AE5-A2F9-C1838CCB3B4E}\MpKsl151e56da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFCE4D54-4C6D-4AE5-A2F9-C1838CCB3B4E}\MpKsl151e56da.sys [?]
S1 MpKsl3684419a;MpKsl3684419a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17C3DB7B-F1E0-4713-9E47-FB367F7998C9}\MpKsl3684419a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17C3DB7B-F1E0-4713-9E47-FB367F7998C9}\MpKsl3684419a.sys [?]
S1 MpKsl3bae4e90;MpKsl3bae4e90;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB467ED1-94F4-450D-8B09-A3870692BDFB}\MpKsl3bae4e90.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB467ED1-94F4-450D-8B09-A3870692BDFB}\MpKsl3bae4e90.sys [?]
S1 MpKsl69c3d908;MpKsl69c3d908;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB467ED1-94F4-450D-8B09-A3870692BDFB}\MpKsl69c3d908.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB467ED1-94F4-450D-8B09-A3870692BDFB}\MpKsl69c3d908.sys [?]
S1 MpKsl6e4530cb;MpKsl6e4530cb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F6331BE-2DAE-4DFC-B1FD-A3D4DA2C310C}\MpKsl6e4530cb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F6331BE-2DAE-4DFC-B1FD-A3D4DA2C310C}\MpKsl6e4530cb.sys [?]
S1 MpKsl874f2937;MpKsl874f2937;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96B40525-D921-476A-B4A2-9AD4BABBEB4E}\MpKsl874f2937.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96B40525-D921-476A-B4A2-9AD4BABBEB4E}\MpKsl874f2937.sys [?]
S1 MpKsl975dfa2a;MpKsl975dfa2a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB467ED1-94F4-450D-8B09-A3870692BDFB}\MpKsl975dfa2a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB467ED1-94F4-450D-8B09-A3870692BDFB}\MpKsl975dfa2a.sys [?]
S1 MpKsla9727e04;MpKsla9727e04;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83AEB394-D653-44C4-9637-8DD086971252}\MpKsla9727e04.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83AEB394-D653-44C4-9637-8DD086971252}\MpKsla9727e04.sys [?]
S1 MpKslad49ce60;MpKslad49ce60;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DBD1DB8D-43B5-4152-A953-F9052737A098}\MpKslad49ce60.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DBD1DB8D-43B5-4152-A953-F9052737A098}\MpKslad49ce60.sys [?]
S1 MpKslb9fbf66a;MpKslb9fbf66a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E39BEB0B-917E-4A37-8BA1-DBF502E33715}\MpKslb9fbf66a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E39BEB0B-917E-4A37-8BA1-DBF502E33715}\MpKslb9fbf66a.sys [?]
S1 MpKsled4fd865;MpKsled4fd865;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40621B92-5278-4092-AC5D-224ECAF32249}\MpKsled4fd865.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40621B92-5278-4092-AC5D-224ECAF32249}\MpKsled4fd865.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/27/2010 11:42 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/27/2010 11:42 PM 136176]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/29/2010 12:49 AM 19056]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [12/4/2010 6:17 AM 9472]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
S3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\drivers\lgvzandnetadb.sys [2/17/2011 11:37 PM 25984]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\drivers\lgvzandnetdiag.sys [2/17/2011 11:34 PM 23296]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\drivers\lgvzandnetmdm.sys [2/17/2011 11:35 PM 28288]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\drivers\lgvzandnetndis.sys [2/17/2011 11:35 PM 70528]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL996E4F4C
*NewlyCreated* - MPKSLFCD34E7C
*Deregistered* - MpKsl996e4f4c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 08:23]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 08:23]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 03:17]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 03:17]
.
2011-10-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-10-06 c:\windows\Tasks\User_Feed_Synchronization-{6118BEA7-ED74-4841-83FC-E1D66611DD63}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.igoogle.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xgxp78xn.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Firefox (default): {972ce4c6-7e08-4474-a285-3208198ce6fd} - %profile%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: foursquarefox | foursquare for Firefox: {8D8755DA-0541-4E4C-818A-99188622BA02} - %profile%\extensions\{8D8755DA-0541-4E4C-818A-99188622BA02}
FF - Ext: Google+Facebook: crossriderapp519@crossrider.com - %profile%\extensions\crossriderapp519@crossrider.com
FF - Ext: Boomerang for GMail: {65e41d20-f092-41b7-bb83-c6e8a9ab0f57} - %profile%\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-06 14:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.imapi]
"ImagePath"="\*"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-10-06 14:18:48
ComboFix-quarantined-files.txt 2011-10-06 21:18
ComboFix2.txt 2011-10-04 22:04
ComboFix3.txt 2011-09-22 03:00
.
Pre-Run: 6,404,141,056 bytes free
Post-Run: 6,423,339,008 bytes free
.
- - End Of File - - 9FC925A87388EC7A8C8F43740D1F3CFF

[/code]

Edited by gringo_pr, 11 October 2011 - 06:32 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:09 AM

Posted 11 October 2011 - 06:34 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:09 AM

Posted 14 October 2011 - 12:23 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Angel Rodriquez

Angel Rodriquez
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 14 October 2011 - 10:40 AM

here is the report it produced:



µTorrent
32 Bit HP CIO Components Installer
6400_Help
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.5
Ahead Nero Burning ROM
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
Bowflex i-Trainer
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
ConvertXtoDVD 3.3.4.106e
CustomerResearchQFolder
CutePDF Writer 2.7
Data Access Objects (DAO) 3.5
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Dropbox
DVD Shrink 3.2
eSupportQFolder
Fax
Google Chrome
Google Earth Plug-in
Google Gmail Notifier
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GoToMeeting 4.0.0.320
GPBaseService
GreedyTorrent v1.01 beta build 170
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB971276-v3)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Officejet J6400 Series
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
IsoBuster 2.5.5
iTunes
J6400
Java Auto Updater
Java(TM) 6 Update 22
LG Verizon United Drivers
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.23)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OCR Software by I.R.I.S. 10.0
PdaNet for Android 3.02
PDF Settings CS5
PeerBlock 1.1 (r518)
ProductContext
PSSWCORE
QuickTime
Remote Desktop Web Connection
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
SmartWebPrintingOC
Soft Data Fax Modem with SmartCP
SolutionCenter
Spotify
Status
StreamTorrent 1.0
Synaptics Pointing Device Driver
Toolbox
TrayApp
TweetDeck
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
VLC media player 1.1.5
vShare.tv plugin 1.3
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
XPS Essentials Pack
XPS Essentials Pack 1.0


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:09 AM

Posted 14 October 2011 - 12:55 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.5

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Angel Rodriquez

Angel Rodriquez
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 14 October 2011 - 05:38 PM

Here are the results from Malwarebytes:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7948

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/14/2011 1:37:42 PM
mbam-log-2011-10-14 (13-37-42).txt

Scan type: Quick scan
Objects scanned: 178029
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#15 Angel Rodriquez

Angel Rodriquez
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 14 October 2011 - 05:41 PM

Here are the results from HiJack This:



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:40:52 PM, on 10/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [E2A6CA641BD771C06D3776C293639FEB79099F12._service_run] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 7713 bytes





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users