Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

super persistent google redirect


  • This topic is locked This topic is locked
4 replies to this topic

#1 Roger Hill

Roger Hill

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 01 October 2011 - 11:03 AM

Hi,

I am also facing the google re-direct issue (basically result is redirected either to get-answers-fast.com or find-quick-results.com).
Please find attached the DDS.txt and gmer.log files.

I would appreciate if you would let me know the next steps.

Thanks,
Roger.

DDS log:
========
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by aramanath at 18:50:48 on 2011-09-30
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - c:\program files\microsoft lync\OCHelper.dll
BHO: IEInspector Browser Helper: {9b43b7b1-bf56-4708-81d2-332d708b0dd9} - c:\progra~1\ieinsp~1\httpan~1\IEINSP~1.DLL
BHO: SnapFlash Class: {a44cbb0b-c77d-4bf5-87cc-b4ee79ad1b7e} - c:\program files\common files\justdo\Jd2002.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: AvayaIEHlprObj Class: {e6df0b46-7d6f-407a-a6a2-62d17a021a9a} - c:\program files\avaya\avaya ip softphone\AvayaWebDial.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
EB: IE HTTPAnalyzer V5: {a8404868-2818-48f0-84eb-2fdadd10385d} - c:\progra~1\ieinsp~1\httpan~1\IEHTTP~1.DLL
uRun: [EpsonUpdate] c:\documents and settings\aramanath\application data\epson\epsonupdate\Epsonupdt32.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\docume~1\araman~1\locals~1\temp\E_S793.tmp" /EF "HKCU"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_Plugin.exe -update plugin
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
dRun: [EpsonUpdate] c:\documents and settings\aramanath\application data\epson\epsonupdate\Epsonupdt32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - res://c:\program files\common files\justdo\IECatcher.DLL/FlashCatcher.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {858CFDE9-D018-453E-80D9-FD4FC3EF631E} - {A8404868-2818-48F0-84EB-2FDADD10385D} - c:\progra~1\ieinsp~1\httpan~1\IEHTTP~1.DLL
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: microsoft.com\onlinehelp
Trusted Zone: microsoftonline.com\portal
Trusted Zone: msecnd.net\bposast.vo
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239041639480
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239041750308
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} - hxxp://h30299.www3.hp.com/ediags/hpna/web/14/install/gtdownhp.cab?1,0,0,94
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{57B385DC-1925-4BB2-9873-CBD2199FE9FE} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\aramanath\application data\mozilla\firefox\profiles\z8qoufpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://finderquery.com/?tmp=redir_bho_bing&prt=whitesmokefqbho&keywords=
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60848
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\aramanath\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\aramanath\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\aramanath\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50826.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://finderquery.com/?tmp=redir_bho_bing&prt=whitesmokefqbho&keywords=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-09-25 22:46:19 17704 ----a-w- C:\a.exe
2011-09-18 03:53:13 -------- d-----w- c:\documents and settings\aramanath\local settings\application data\MetaGeek,_LLC
2011-09-18 03:48:01 -------- d-----w- c:\program files\MetaGeek
2011-09-18 03:42:41 -------- d-----w- c:\documents and settings\aramanath\application data\Intel
2011-09-18 03:41:50 6878848 ----a-w- c:\windows\system32\drivers\NETwNx32.sys
2011-09-18 03:41:50 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2011-09-18 03:41:50 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2011-09-18 03:41:22 -------- d-----w- c:\program files\common files\Intel
2011-09-16 02:51:54 -------- d-----w- C:\MSProject
2011-09-13 03:42:39 -------- d-----w- c:\program files\Sun
2011-09-13 03:28:18 -------- d-----w- c:\documents and settings\aramanath\local settings\application data\WinZip
2011-09-13 03:26:17 -------- d-----w- c:\documents and settings\aramanath\local settings\application data\uTorrent
2011-09-13 02:03:34 -------- d-----w- c:\program files\Wireshark
2011-09-12 01:37:04 -------- d-sh--w- c:\documents and settings\aramanath\PrivacIE
2011-09-12 01:35:32 -------- d-sh--w- c:\documents and settings\aramanath\IECompatCache
2011-09-11 23:12:27 388096 ----a-r- c:\documents and settings\aramanath\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-11 23:12:27 -------- d-----w- c:\program files\Trend Micro
2011-09-11 23:05:24 0 ---ha-w- c:\documents and settings\aramanath\nycfaazgge.tmp
2011-09-11 21:37:53 -------- d-sh--w- c:\documents and settings\aramanath\IETldCache
2011-09-11 21:33:19 -------- dc-h--w- c:\windows\ie8
2011-09-11 21:25:02 -------- d-----w- c:\documents and settings\aramanath\local settings\application data\Solid State Networks
2011-09-11 19:46:33 208896 ----a-w- c:\windows\MBR.exe
2011-09-11 19:46:31 98816 ----a-w- c:\windows\sed.exe
2011-09-11 19:46:31 518144 ----a-w- c:\windows\SWREG.exe
2011-09-11 19:46:31 256000 ----a-w- c:\windows\PEV.exe
2011-09-10 06:37:51 -------- d-----w- C:\test
.
==================== Find3M ====================
.
2011-09-30 07:32:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-27 04:22:39 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:57:33.25 ===============


GMER log:
==========
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-01 08:41:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160411AS rev.HP14
Running: gmer.exe; Driver: C:\DOCUME~1\ARAMAN~1\LOCALS~1\Temp\uxlyyuob.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF718AE22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF716BCDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF716BECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF718B610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF718B8C4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7189B14]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF718BD30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF718B0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF716B982]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6BC7000, 0x18A3B6, 0xE8000020]
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !
? C:\DOCUME~1\ARAMAN~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2288] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2288] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AA8CE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2288] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AA86E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5720] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 326052B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6788] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AA800 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6788] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AA792 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6788] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104B229C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6788] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104B2861 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-7 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000c5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b9 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000c7 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000c9 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000bb hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000bd hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000cb hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000bf hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Program Files\Hewlett-Packard\Documentation\407104-1a\pl_ww\1_1_2_2.html 2307 bytes
File C:\Program Files\Hewlett-Packard\Documentation\407104-1a\pl_ww\1_1_3_0.html 22168 bytes
File C:\Program Files\Hewlett-Packard\Documentation\407104-1a\pl_ww\document.css 11672 bytes
File C:\Program Files\Hewlett-Packard\Documentation\407104-1a\pl_ww\htmlix.hhk 994 bytes
File C:\Program Files\Hewlett-Packard\Documentation\407104-1a\pl_ww\htmltoc.hhc 1589 bytes
File C:\Program Files\Hewlett-Packard\Documentation\407104-1a\pl_ww\userguide.html 1682 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_2_2.html 2394 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_2_3.html 1881 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_2_4.html 6414 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_0.html 2458 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_1.html 1792 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_1_2.html 3277 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_1_3.html 1991 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_1_3_2.html 1727 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_1_3_3.html 1824 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_1_4_2.html 2763 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_1_4_3.html 2603 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_1_4_4.html 3238 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_1_4_5.html 2658 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_1_4_6.html 2726 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_2_1.html 3964 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_2_2.html 4602 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_2_2_2.html 1990 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_2_2_3.html 4213 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_2_2_4.html 1608 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_2_2_5.html 1647 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_2_3.html 3236 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_2_3_2.html 1638 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_2_4.html 2771 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_2_4_2.html 1437 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_2_5.html 6367 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_2_6.html 5000 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_2_6_2.html 1877 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3.html 1845 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_1.html 6870 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_2.html 4072 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_2_2.html 2057 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_2_4.html 1712 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_2_5.html 2436 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_2_6.html 5866 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_3.html 5905 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_3_2.html 1540 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_3_3.html 1803 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_3_4.html 2941 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_3_5.html 1708 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_4.html 1863 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_4_2.html 3282 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_4_3.html 1915 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_5.html 3467 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_5_2.html 2232 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_3_5_3.html 2131 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4.html 7041 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_1.html 3921 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_2.html 4843 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_2_3.html 3037 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_2_4.html 4965 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_2_5.html 1481 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_3.html 0 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_3_2.html 2072 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_4.html 3819 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_4_2.html 1631 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_4_3.html 1568 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_5.html 3164 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_5_2.html 2142 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_6.html 8336 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_6_2.html 0 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_6_3.html 0 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_6_4.html 0 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_6_5.html 0 bytes
File C:\Program Files\Hewlett-Packard\Documentation\417893-4a\lt_ww\1_1_3_4_7_2.html 0 bytes
File C:\Program Files\HTML Help Workshop\hhc.exe 0 bytes
File C:\Program Files\HTML Help Workshop\itcc.dll 0 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 Roger Hill

Roger Hill
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 01 October 2011 - 11:06 AM

Hi,

In addition to that, I have also run GooredFix and here is the log output:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 09:04 on 01/10/2011 (Administrator)
Firefox version 6.0.2 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{F048976D-B10C-424E-8529-CB137C260FE9} -> Success!
Deleting C:\Documents and Settings\aramanath\Local Settings\Application Data\{F048976D-B10C-424E-8529-CB137C260FE9} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [05:13 23/03/2011]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [06:01 09/09/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:17 08/04/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [04:07 20/03/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [07:41 16/04/2011]

-=E.O.F=-

#3 Roger Hill

Roger Hill
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 01 October 2011 - 01:56 PM

Hi,

I have also pasted the log file from Combofix here.
I could not find an option for attaching the file here and hence have pasted the logs here.

Thanks,
Roger.

Combofix log:
=============

ComboFix 11-10-01.03 - aramanath 10/01/2011 10:41:49.9.2 - x86
Running from: c:\temp\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a.exe
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\SDKFilesVer.dll
c:\documents and settings\aramanath\Application Data\Mozilla\Firefox\Profiles\z8qoufpp.default\extensions\{97254f68-aad2-4f23-a3fc-d64698ddd647}
c:\documents and settings\aramanath\Application Data\Mozilla\Firefox\Profiles\z8qoufpp.default\extensions\{97254f68-aad2-4f23-a3fc-d64698ddd647}\chrome.manifest
c:\documents and settings\aramanath\Application Data\Mozilla\Firefox\Profiles\z8qoufpp.default\extensions\{97254f68-aad2-4f23-a3fc-d64698ddd647}\chrome\xulcache.jar
c:\documents and settings\aramanath\Application Data\Mozilla\Firefox\Profiles\z8qoufpp.default\extensions\{97254f68-aad2-4f23-a3fc-d64698ddd647}\defaults\preferences\xulcache.js
c:\documents and settings\aramanath\Application Data\Mozilla\Firefox\Profiles\z8qoufpp.default\extensions\{97254f68-aad2-4f23-a3fc-d64698ddd647}\install.rdf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETMAN32
.
.
((((((((((((((((((((((((( Files Created from 2011-09-01 to 2011-10-01 )))))))))))))))))))))))))))))))
.
.
2011-10-01 16:26 . 2011-10-01 16:26 -------- d-----w- c:\program files\DjVuZone
2011-09-18 03:53 . 2011-09-18 03:53 -------- d-----w- c:\documents and settings\aramanath\Local Settings\Application Data\MetaGeek,_LLC
2011-09-18 03:48 . 2011-09-18 03:48 -------- d-----w- c:\program files\MetaGeek
2011-09-18 03:42 . 2011-09-18 03:42 -------- d-----w- c:\documents and settings\aramanath\Application Data\Intel
2011-09-18 03:41 . 2011-01-19 09:20 6878848 ----a-w- c:\windows\system32\drivers\NETwNx32.sys
2011-09-18 03:41 . 2010-05-20 05:14 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2011-09-18 03:41 . 2010-05-20 04:12 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2011-09-18 03:41 . 2011-09-18 03:41 -------- d-----w- c:\program files\Common Files\Intel
2011-09-18 03:41 . 2011-09-18 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2011-09-16 02:51 . 2011-09-16 03:33 -------- d-----w- C:\MSProject
2011-09-13 03:42 . 2011-09-13 03:42 -------- d-----w- c:\program files\Sun
2011-09-13 03:28 . 2011-09-13 03:28 -------- d-----w- c:\documents and settings\aramanath\Local Settings\Application Data\WinZip
2011-09-13 03:27 . 2011-09-13 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2011-09-13 03:26 . 2011-09-13 03:26 -------- d-----w- c:\documents and settings\aramanath\Local Settings\Application Data\uTorrent
2011-09-13 02:03 . 2011-09-13 02:03 -------- d-----w- c:\program files\Wireshark
2011-09-12 01:37 . 2011-09-12 01:37 -------- d-sh--w- c:\documents and settings\aramanath\PrivacIE
2011-09-12 01:35 . 2011-09-12 01:35 -------- d-sh--w- c:\documents and settings\aramanath\IECompatCache
2011-09-11 23:12 . 2011-09-11 23:12 388096 ----a-r- c:\documents and settings\aramanath\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-11 23:12 . 2011-09-11 23:12 -------- d-----w- c:\program files\Trend Micro
2011-09-11 23:05 . 2011-09-11 23:05 0 ---ha-w- c:\documents and settings\aramanath\nycfaazgge.tmp
2011-09-11 21:37 . 2011-09-11 21:37 -------- d-sh--w- c:\documents and settings\aramanath\IETldCache
2011-09-11 21:37 . 2011-09-11 21:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-11 21:33 . 2011-09-11 21:35 -------- dc-h--w- c:\windows\ie8
2011-09-11 21:25 . 2011-09-11 21:26 -------- d-----w- c:\documents and settings\aramanath\Local Settings\Application Data\Solid State Networks
2011-09-10 06:37 . 2011-09-11 01:32 -------- d-----w- C:\test
2011-09-09 06:02 . 2011-09-09 06:02 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 07:32 . 2011-08-04 03:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 17:02 . 2010-07-20 12:09 17816 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
2011-08-27 04:22 . 2008-04-14 12:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-07-07 02:52 . 2011-02-26 04:40 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-02-26 04:40 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-03 15:02 . 2011-08-03 15:02 289592 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-09-09 06:32 . 2011-03-23 05:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-11_22.12.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-01 18:34 . 2011-10-01 18:34 16384 c:\windows\temp\Perflib_Perfdata_724.dat
+ 2011-01-12 22:03 . 2011-01-12 22:03 16896 c:\windows\system32\S24NCfg.dll
+ 2010-05-20 04:15 . 2010-05-20 04:15 13952 c:\windows\system32\drivers\s24trans.sys
+ 2011-09-13 03:27 . 2011-09-13 03:27 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}\IconCD95F6617.exe
+ 2011-09-18 03:42 . 2011-09-18 03:42 49152 c:\windows\Installer\{0E95DA08-2514-4399-AD87-349C350FA9DE}\NewShortcut1_EC2A9EA7A46E48B9A0FD04BC5EF9F6A5.exe
+ 2011-09-18 03:42 . 2011-09-18 03:42 9110 c:\windows\Installer\{0E95DA08-2514-4399-AD87-349C350FA9DE}\ARPPRODUCTICON.exe
+ 2011-09-18 03:41 . 2010-04-05 18:44 675840 c:\windows\system32\ReinstallBackups\0018\DriverFiles\NETw5c32.dll
+ 2011-01-12 22:13 . 2011-01-12 22:13 208896 c:\windows\system32\NetProvCredMan.dll
+ 2011-09-30 07:32 . 2011-09-30 07:32 243360 c:\windows\system32\Macromed\Flash\FlashUtil10x_Plugin.exe
+ 2011-09-18 03:41 . 2010-05-20 05:14 684032 c:\windows\system32\DRVSTORE\netwnx32_BDB8454A498256349CDEF5AA415D5CAE35D36E90\NETwNc32.dll
+ 2011-09-18 03:41 . 2010-02-24 23:39 675840 c:\windows\system32\DRVSTORE\netwlx32_2BE482C52CE0CF8A56BFD3ACF4CED8D99910A62A\NETwLc32.dll
+ 2011-09-13 03:43 . 2011-09-13 03:43 390144 c:\windows\Installer\42e8be9.msi
+ 2011-09-13 03:41 . 2011-09-13 03:41 533504 c:\windows\Installer\42e8be3.msi
+ 2011-09-18 03:48 . 2011-09-18 03:48 576512 c:\windows\Installer\1c8125.msi
+ 2011-09-13 03:27 . 2011-09-13 03:27 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}\IconCD95F66110.exe
+ 2011-09-18 03:41 . 2010-04-05 18:44 6601216 c:\windows\system32\ReinstallBackups\0018\DriverFiles\NETw5x32.sys
+ 2011-09-18 03:41 . 2010-04-05 18:44 2756608 c:\windows\system32\ReinstallBackups\0018\DriverFiles\NETw5r32.dll
+ 2009-10-28 03:40 . 2011-09-30 07:32 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2009-10-28 03:40 . 2011-09-11 21:26 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-04-13 22:40 . 2011-04-13 22:40 4284416 c:\windows\system32\GPhotos.scr
+ 2011-09-18 03:41 . 2011-01-19 09:20 6878848 c:\windows\system32\DRVSTORE\netwnx32_BDB8454A498256349CDEF5AA415D5CAE35D36E90\NETwNx32.sys
+ 2011-09-18 03:41 . 2010-05-20 04:12 2760704 c:\windows\system32\DRVSTORE\netwnx32_BDB8454A498256349CDEF5AA415D5CAE35D36E90\NETwNr32.dll
+ 2011-09-18 03:41 . 2010-10-07 11:11 6609920 c:\windows\system32\DRVSTORE\netwlx32_2BE482C52CE0CF8A56BFD3ACF4CED8D99910A62A\NETwLx32.sys
+ 2011-09-18 03:41 . 2010-02-24 23:37 2756608 c:\windows\system32\DRVSTORE\netwlx32_2BE482C52CE0CF8A56BFD3ACF4CED8D99910A62A\NETwLr32.dll
+ 2011-09-11 23:12 . 2011-09-11 23:12 1094656 c:\windows\Installer\57843f.msi
+ 2011-09-13 03:27 . 2011-09-13 03:27 1704448 c:\windows\Installer\421b1d1.msi
+ 2011-09-18 03:42 . 2011-09-18 03:42 6498304 c:\windows\Installer\1c8121.msi
- 2011-08-31 15:57 . 2011-08-31 15:57 2370312 c:\windows\Installer\{81BE0B17-563B-45D4-B198-5721E6C665CD}\ocpubmgr.exe
+ 2011-08-31 15:57 . 2011-09-12 14:59 2370312 c:\windows\Installer\{81BE0B17-563B-45D4-B198-5721E6C665CD}\ocpubmgr.exe
+ 2011-09-18 03:39 . 2011-01-27 11:18 40223232 c:\windows\Installer\_{0E95DA08-2514-4399-AD87-349C350FA9DE}\Intel PROSet Wireless.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2007-11-21 06:25 557056 ------r- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2007-11-21 06:25 557056 ------r- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2007-11-21 06:25 557056 ------r- c:\program files\Perforce\p4exp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EpsonUpdate"="c:\documents and settings\aramanath\Application Data\Epson\EpsonUpdate\Epsonupdt32.exe" [2011-09-03 55296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-05-08 77616]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2011-05-18 12022544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-20 202256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2010-06-30 815704]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-01-12 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-12 1210640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"EpsonUpdate"="c:\documents and settings\aramanath\Application Data\Epson\EpsonUpdate\Epsonupdt32.exe" [2011-09-03 55296]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-12 576104]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-18 291896]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-8-2 610120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 23:08 281088 ------w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^aramanath^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\aramanath\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
2007-05-15 23:08 293168 ------w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-07 04:10 135664 ----atw- c:\documents and settings\aramanath\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 13:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-07 02:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 18:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRESET]
2001-10-24 17:36 45056 ----a-w- c:\program files\Avaya\Avaya IP Softphone\IP Service Provider\pwreset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-14 18:26 177456 ------w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-06-26 19:22 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17 61440 ------w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-27 18:28 1040384 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-20 04:06 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"ose"=3 (0x3)
"noded"=2 (0x2)
"gupdate1cac7e28faa31b4"=2 (0x2)
"SQLWriter"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"IxAdminAgent"=2 (0x2)
"IxiaLicenseServer"=2 (0x2)
"AgereModemAudio"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Avaya\\Avaya IP Softphone\\ipsoftphone.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\aramanath\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\aramanath\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
.
R2 clr_optimization_v4.0.30128_32;Microsoft .NET Framework NGEN v4.0.30128_X86;c:\windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe [2010-01-28 130384]
R2 gupdate1cac7e28faa31b4;Google Update Service (gupdate1cac7e28faa31b4);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 133104]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 133104]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.SYS [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-11 48128]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [2010-01-28 738656]
R3 XIRLINK;Veo PC Camera;c:\windows\system32\DRIVERS\ucdnt.sys [2002-03-13 899884]
R4 IxAdminAgent;IxAdminAgent;c:\program files\Ixia\IxAdmin\bin\IxAdminAgent.exe [2007-06-15 286720]
R4 IxiaLicenseServer;IxiaLicenseServer;c:\program files\Ixia\licensing\lmgrd.exe [2008-12-11 1423440]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 noded;noded;c:\program files\Ixia\licensing\noded.exe [2008-12-11 799744]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-03-28 24064]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\aramanath\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [2011-07-08 563216]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-08-17 1542560]
S2 Perforce;Perforce;c:\program files\Perforce\Server\p4s.exe [2011-03-25 1482752]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2010-06-30 815704]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-05-15 475520]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y5132.sys [2009-08-04 240344]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2007-04-04 41216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
S3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETwNx32.sys [2011-01-19 6878848]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 04:05]
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 04:05]
.
2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051655345-4156703607-3122439400-3707Core.job
- c:\documents and settings\aramanath\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-07 04:10]
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051655345-4156703607-3122439400-3707UA.job
- c:\documents and settings\aramanath\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-07 04:10]
.
2011-10-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3051655345-4156703607-3122439400-22262.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
2011-10-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3051655345-4156703607-3122439400-3707.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
2011-09-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3051655345-4156703607-3122439400-22262.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
2011-09-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3051655345-4156703607-3122439400-3707.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: microsoft.com\onlinehelp
Trusted Zone: microsoftonline.com\portal
Trusted Zone: msecnd.net\bposast.vo
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\aramanath\Application Data\Mozilla\Firefox\Profiles\z8qoufpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://finderquery.com/?tmp=redir_bho_bing&prt=whitesmokefqbho&keywords=
FF - prefs.js: keyword.enabled - false
FF - user.js: keyword.URL - hxxp://finderquery.com/?tmp=redir_bho_bing&prt=whitesmokefqbho&keywords=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-01 11:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.cdrom]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3051655345-4156703607-3122439400-3707\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*!# %v*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3051655345-4156703607-3122439400-3707\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*!# %v*\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1924)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(7248)
c:\program files\Perforce\p4exp.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\btmmhook.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\msdtc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\QosServM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\SAgent4.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-10-01 11:43:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-01 18:43
ComboFix2.txt 2011-09-11 23:00
ComboFix3.txt 2011-09-11 22:39
ComboFix4.txt 2011-09-11 20:37
ComboFix5.txt 2011-10-01 17:39
.
Pre-Run: 22,673,141,760 bytes free
Post-Run: 22,680,940,544 bytes free
.
- - End Of File - - 5B0B2725E39DF906048CDE7A5E12E4F7

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 AM

Posted 06 October 2011 - 11:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421483 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 AM

Posted 11 October 2011 - 11:10 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users