Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having problem with this C:\Windows\CSC\d6 Unable to completely remove infection; keep finding C:\Windows


  • This topic is locked This topic is locked
9 replies to this topic

#1 deafghan04

deafghan04

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 08 December 2011 - 12:00 AM

i have the same problem as the person who posted "Running combofix every day to clean C:\Windows\CSC\d6 Unable to completely remove infection; keep finding C:\Windows"

i dont know much about removing it and i tried MWBAM and ESET and nothing was detected. But when i run combofix again same thing shows up as removed. i need some help.

thanks

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:57 AM

Posted 09 December 2011 - 04:29 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 deafghan04

deafghan04
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 11 December 2011 - 10:06 PM

thanks orange

i will run these, had a bit of a problem with backup computer kept freezing. but thats finally done i will no load the log files.

#4 deafghan04

deafghan04
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 12 December 2011 - 10:08 PM

here are the log files for DDs and Germ i also did combofix log as well

this is the DDS LOG

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by AJ at 18:21:57 on 2011-12-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1726 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [RemoTerm.exe] c:\program files\common files\pctv systems\remoterm\RemoTerm.exe
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicks~1.lnk - c:\program files\plustek\opticfilm 7600i\QuickScan.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: ams-benefits.com
Trusted Zone: ams-services.com
Trusted Zone: ams-support.com
Trusted Zone: ams360.com
Trusted Zone: ams360.com\www
Trusted Zone: amsservices.com
Trusted Zone: prevailnetwork.com
Trusted Zone: vertafore.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284959942125
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{88A3205B-8890-4ED6-8FC4-153B0C60B237} : DhcpNameServer = 192.168.0.1
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\aj\application data\mozilla\firefox\profiles\th2megrx.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\aj\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\documents and settings\aj\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\aj\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R3 azvusb;Virtual USB Hub;c:\windows\system32\drivers\azvusb.sys [2009-8-24 44544]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-13 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-13 314456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-13 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-13 44768]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-9-19 20328]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-9-1 10384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\drivers\OmniTV.sys [2010-10-25 417280]
S3 PctvVirtualNdis;Pinnacle Virtual Miniport;c:\windows\system32\drivers\PctvVirtualNdis.sys [2010-10-25 13696]
.
=============== Created Last 30 ================
.
2011-12-08 03:32:27 -------- d-s---w- C:\ComboFix
2011-12-07 03:59:03 -------- d-----w- c:\program files\SilverFast Application
2011-12-07 03:57:48 -------- d-----w- c:\documents and settings\aj\application data\Lasersoft Imaging
2011-12-07 03:51:59 -------- d-----w- c:\program files\common files\Comscan
2011-12-07 03:51:43 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-12-07 03:51:43 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-12-07 03:51:43 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-12-07 03:51:43 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-12-07 03:51:42 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-12-07 03:51:35 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-12-07 03:51:34 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-12-07 03:49:57 -------- d-----w- c:\documents and settings\all users\application data\Newsoft
2011-12-07 03:49:49 -------- d-----w- c:\program files\common files\NewSoft
2011-12-07 03:49:46 -------- d-----w- c:\program files\Plustek
2011-12-07 03:45:26 57344 ----a-r- c:\windows\system32\MidrvA28.dll
2011-12-07 03:45:26 15360 ----a-r- c:\windows\system32\GetInst32.dll
2011-12-07 03:45:09 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-12-07 03:45:09 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-11-13 09:22:27 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-13 09:22:16 41184 ----a-w- c:\windows\avastSS.scr
2011-11-13 09:22:07 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-11-13 09:22:06 -------- d-----w- c:\program files\AVAST Software
2011-11-13 00:51:46 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-13 00:51:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-03 13:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 10:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-16 08:01:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:23:02.59 ===============





ATTACH LOG

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/19/2010 8:24:32 PM
System Uptime: 12/11/2011 6:17:47 PM (0 hours ago)
.
Motherboard: | | 4CoreDual-SATA2.
Processor: Intel Pentium III Xeon processor | CPUSocket | 2393/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 16.358 GiB free.
D: is FIXED (NTFS) - 77 GiB total, 33.283 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
J: is CDROM ()
L: is FIXED (NTFS) - 1863 GiB total, 1045.281 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: USB Video Device
Device ID: USB\VID_0C45&PID_6300&MI_00\6&9E3DB8C&0&0000
Manufacturer: Microsoft
Name: USB Video Device #2
PNP Device ID: USB\VID_0C45&PID_6300&MI_00\6&9E3DB8C&0&0000
Service: usbvideo
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 3.3
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Reader 8.1.0
Adobe Reader 9.3.4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AMS 360 Client Rev 3
ArcSoft PhotoStudio 5.5
Ashampoo Burning Studio Elements 10.0.9
Asus_LCD_ScreenSaver
AutoUpdate
avast! Free Antivirus
Call of Duty® 4 - Modern Warfare™
Canon CanoScan LiDE 600F User Registration
Canon CanoScan Toolbox 5.0
Canon iP3500 series
Canon iP3500 series User Registration
Canon My Printer
Canon RAW Codec
Canon Utilities Digital Photo Professional 1.0
Canon Utilities Digital Photo Professional 3.9
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Picture Style Editor
Canon Utilities Solution Menu
Canon Utilities WFT Utility
CanoScan LiDE 600F
CCleaner
CDBurnerXP
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Connect
CPUID CPU-Z 1.55
DistanTV Client
DivX Codec
Dropbox
DVD Flick 1.3.0.7
DVD Shrink 3.2
erLT
FormatFactory 2.70
Google Chrome
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ImgBurn
Java Auto Updater
Java™ 6 Update 29
KhalInstallWrapper
kuler
LifeFrame2
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework SDK (English) 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office Converter Pack
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package - SE
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Move Media Player
Mozilla Firefox (3.6.23)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OGA Notifier 2.0.0048.0
OpticFilm 7600i
PDF Settings CS4
Photo Story 3 for Windows
Photoshop Camera Raw
Picasa 3
Pinnacle TVCenter Pro
Pixel Bender Toolkit
PIXMA Extended Survey Program
Platform
Presto! ImageFolio 4
Presto! PageManager 7.15.14
PrimoPDF -- brought to you by Nitro PDF Software
PxMergeModule
Realtek High Definition Audio Driver
Recuva
Revo Uninstaller 1.92
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SilverFast UScan-SE 6.6.2r4
Skype™ 5.5
Spybot - Search & Destroy
Suite Shared Configuration CS4
TV DIGITAL OnGuide
TVCenter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
VLC media player 1.1.4
WD Firewire HID Driver
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 14.5
Wondershare DVD Slideshow Builder Standard(Build 6.0.4.25)
.
==== Event Viewer Messages From Past Week ========
.
12/8/2011 2:06:49 AM, error: Print [6161] - The document Farhar Studios B1.indd owned by AJ failed to print on printer Canon iP3500 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 77816076. Number of bytes printed: 32656688. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\NONE-44182351CC. Win32 error code returned by the print processor: 13 (0xd).
12/8/2011 2:01:22 AM, error: Print [6161] - The document Farhar Studios B1.indd owned by AJ failed to print on printer Canon iP3500 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 41682388. Number of bytes printed: 24398964. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\NONE-44182351CC. Win32 error code returned by the print processor: 13 (0xd).
12/7/2011 7:42:13 PM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
12/7/2011 7:02:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/7/2011 7:01:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm
12/7/2011 7:01:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/11/2011 6:20:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/11/2011 6:19:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/11/2011 6:19:48 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2011 6:19:48 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2011 6:19:48 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2011 6:19:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

Attached Files



#5 deafghan04

deafghan04
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 12 December 2011 - 10:09 PM

here is the GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-12 07:38:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-8 MAXTOR_STM3320620A rev.3.AAE
Running: y9y9ole5.exe; Driver: C:\DOCUME~1\AJ\LOCALS~1\Temp\ufryraoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1296] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1548] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E66FC35C-31A1-4958-98A9-857661A4E0CC}@DhcpRetryTime 297
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E66FC35C-31A1-4958-98A9-857661A4E0CC}@DhcpRetryStatus 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  GMER.log   17.05KB   0 downloads


#6 deafghan04

deafghan04
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 12 December 2011 - 10:11 PM

this is the combofix original log where it shows he C:\windows\csc\d6 being removed but not really.

ComboFix 11-12-06.02 - AJ 12/07/2011 19:12:23.6.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1729 [GMT -8:00]
Running from: c:\documents and settings\AJ\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
.
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-07 03:59 . 2011-12-07 04:00 -------- d-----w- c:\program files\SilverFast Application
2011-12-07 03:57 . 2011-12-07 05:03 -------- d-----w- c:\documents and settings\AJ\Application Data\Lasersoft Imaging
2011-12-07 03:51 . 2011-12-07 03:51 -------- d-----w- c:\program files\Common Files\Comscan
2011-12-07 03:51 . 2003-11-11 02:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-12-07 03:51 . 2003-11-11 02:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-12-07 03:51 . 2003-11-11 02:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-12-07 03:51 . 2003-11-11 02:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-12-07 03:51 . 2005-03-22 03:04 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-12-07 03:51 . 2011-12-07 03:51 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-12-07 03:51 . 2011-12-07 03:51 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-12-07 03:49 . 2011-12-07 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Newsoft
2011-12-07 03:49 . 2011-12-07 03:53 -------- d-----w- c:\program files\Common Files\NewSoft
2011-12-07 03:49 . 2011-12-07 03:51 -------- d-----w- c:\program files\Plustek
2011-12-07 03:45 . 2008-06-18 08:47 57344 ----a-r- c:\windows\system32\MidrvA28.dll
2011-12-07 03:45 . 2007-01-26 03:56 15360 ----a-r- c:\windows\system32\GetInst32.dll
2011-12-07 03:45 . 2001-08-18 06:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-12-07 03:45 . 2001-08-18 06:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-11-27 08:50 . 2011-11-27 08:50 -------- d-----w- c:\program files\Common Files\Java
2011-11-13 09:22 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-13 09:22 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-13 09:22 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-13 09:22 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-13 09:22 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-13 09:22 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-13 09:22 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-13 09:22 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-13 09:22 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-11-13 09:22 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-13 09:22 . 2011-11-13 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-11-13 09:22 . 2011-11-13 09:22 -------- d-----w- c:\program files\AVAST Software
2011-11-13 00:51 . 2011-11-13 00:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-13 00:51 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2010-09-20 03:20 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-03 13:06 . 2010-11-03 19:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 10:37 . 2010-11-03 19:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-16 08:01 . 2011-06-11 08:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-13_00.37.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-11-14 22:25 . 2006-09-20 00:05 24576 c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
+ 2010-11-14 22:25 . 2006-10-31 00:59 24576 c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
- 2010-11-14 22:25 . 2006-09-26 04:04 53248 c:\windows\system32\spool\drivers\w32x86\3\PDFWrtDrv.dll
+ 2010-11-14 22:25 . 2007-01-19 18:29 53248 c:\windows\system32\spool\drivers\w32x86\3\PDFWrtDrv.dll
+ 2010-11-14 22:25 . 2006-11-07 23:11 25600 c:\windows\system32\spool\drivers\w32x86\3\NSUNI.dll
- 2010-10-09 08:47 . 2008-04-13 18:45 15104 c:\windows\system32\drivers\usbscan.sys
+ 2010-10-09 08:47 . 2008-04-13 19:45 15104 c:\windows\system32\drivers\usbscan.sys
+ 2010-10-09 08:47 . 2008-04-13 19:45 15104 c:\windows\system32\dllcache\usbscan.sys
- 2010-10-09 08:47 . 2008-04-13 18:45 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2005-11-11 10:43 . 2005-11-11 10:43 172032 c:\windows\system32\libssl32.dll
+ 2005-11-11 10:43 . 2005-11-11 10:43 887296 c:\windows\system32\libeay32.dll
+ 2005-11-11 10:43 . 2005-11-11 10:43 626688 c:\windows\system32\libcurl.dll
- 2011-05-30 20:53 . 2011-04-14 12:08 157472 c:\windows\system32\javaws.exe
+ 2011-11-27 08:50 . 2011-10-03 13:06 157472 c:\windows\system32\javaws.exe
+ 2011-11-27 08:50 . 2011-10-03 13:06 145184 c:\windows\system32\javaw.exe
- 2011-05-30 20:53 . 2011-04-14 12:08 145184 c:\windows\system32\javaw.exe
- 2011-05-30 20:53 . 2011-04-14 12:08 145184 c:\windows\system32\java.exe
+ 2011-11-27 08:50 . 2011-10-03 13:06 145184 c:\windows\system32\java.exe
+ 2011-11-13 00:44 . 2011-11-13 00:44 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2011-11-27 08:50 . 2011-11-27 08:50 203776 c:\windows\Installer\85836.msi
+ 2006-05-30 13:18 . 2006-05-30 13:18 1645320 c:\windows\system32\gdiplus.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoTerm.exe"="c:\program files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-06-10 226576]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-29 13145448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-9-1 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
QuickScan (OpticFilm 7600i).lnk - c:\program files\Plustek\OpticFilm 7600i\QuickScan.exe [2011-12-6 339968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 10:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"IJPLMSVC"=2 (0x2)
"gusvc"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\AJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\PCTV Systems\\TVCenter\\TVCenter.exe"=
"c:\\Program Files\\Common Files\\PCTV Systems\\PVR\\VideoControl.exe"=
"c:\\Program Files\\Common Files\\PCTV Systems\\StreamingServer\\StrmServer.exe"=
"c:\\Documents and Settings\\AJ\\Local Settings\\Application Data\\AMS Services, Inc\\AMS 360\\WorkstationCoordinator.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\AJ\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R3 azvusb;Virtual USB Hub;c:\windows\system32\drivers\azvusb.sys [8/24/2009 9:14 AM 44544]
R3 PctvVirtualNdis;Pinnacle Virtual Miniport;c:\windows\system32\drivers\PctvVirtualNdis.sys [10/25/2010 7:30 PM 13696]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/13/2011 1:22 AM 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/13/2011 1:22 AM 314456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/13/2011 1:22 AM 20568]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [9/19/2010 9:07 PM 20328]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9/1/2011 6:51 PM 10384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]
S3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\drivers\OmniTV.sys [10/25/2010 7:31 PM 417280]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LBEEPKE
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-616249376-725345543-1003Core.job
- c:\documents and settings\AJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-29 02:54]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-616249376-725345543-1003UA.job
- c:\documents and settings\AJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-29 02:54]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: ams-benefits.com
Trusted Zone: ams-services.com
Trusted Zone: ams-support.com
Trusted Zone: ams360.com
Trusted Zone: ams360.com\www
Trusted Zone: amsservices.com
Trusted Zone: prevailnetwork.com
Trusted Zone: vertafore.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\AJ\Application Data\Mozilla\Firefox\Profiles\th2megrx.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\AJ\Application Data\Move Networks
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 19:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1280)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-12-07 19:21:54
ComboFix-quarantined-files.txt 2011-12-08 03:21
ComboFix2.txt 2011-11-26 23:13
ComboFix3.txt 2011-11-13 00:39
ComboFix4.txt 2011-08-03 16:24
ComboFix5.txt 2011-12-08 03:10
.
Pre-Run: 8,287,645,696 bytes free
Post-Run: 8,306,356,224 bytes free
.
- - End Of File - - AB1EED0B82DCAA327CF85ED00ACD55A0

Attached Files



#7 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 13 December 2011 - 12:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431279 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#8 deafghan04

deafghan04
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 14 December 2011 - 11:53 PM

hello

so i ran dds and Gmer

here is DDs

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by AJ at 18:53:54 on 2011-12-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1637 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [RemoTerm.exe] c:\program files\common files\pctv systems\remoterm\RemoTerm.exe
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicks~1.lnk - c:\program files\plustek\opticfilm 7600i\QuickScan.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: ams-benefits.com
Trusted Zone: ams-services.com
Trusted Zone: ams-support.com
Trusted Zone: ams360.com
Trusted Zone: ams360.com\www
Trusted Zone: amsservices.com
Trusted Zone: prevailnetwork.com
Trusted Zone: vertafore.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284959942125
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{88A3205B-8890-4ED6-8FC4-153B0C60B237} : DhcpNameServer = 192.168.0.1
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\aj\application data\mozilla\firefox\profiles\th2megrx.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\aj\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\documents and settings\aj\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\aj\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R3 azvusb;Virtual USB Hub;c:\windows\system32\drivers\azvusb.sys [2009-8-24 44544]
R3 PctvVirtualNdis;Pinnacle Virtual Miniport;c:\windows\system32\drivers\PctvVirtualNdis.sys [2010-10-25 13696]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-13 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-13 314456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-13 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-13 44768]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-9-19 20328]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-9-1 10384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\drivers\OmniTV.sys [2010-10-25 417280]
.
=============== Created Last 30 ================
.
2011-12-08 03:32:27 -------- d-s---w- C:\ComboFix
2011-12-07 03:59:03 -------- d-----w- c:\program files\SilverFast Application
2011-12-07 03:57:48 -------- d-----w- c:\documents and settings\aj\application data\Lasersoft Imaging
2011-12-07 03:51:59 -------- d-----w- c:\program files\common files\Comscan
2011-12-07 03:51:43 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-12-07 03:51:43 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-12-07 03:51:43 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-12-07 03:51:43 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-12-07 03:51:42 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-12-07 03:51:35 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-12-07 03:51:34 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-12-07 03:49:57 -------- d-----w- c:\documents and settings\all users\application data\Newsoft
2011-12-07 03:49:49 -------- d-----w- c:\program files\common files\NewSoft
2011-12-07 03:49:46 -------- d-----w- c:\program files\Plustek
2011-12-07 03:45:26 57344 ----a-r- c:\windows\system32\MidrvA28.dll
2011-12-07 03:45:26 15360 ----a-r- c:\windows\system32\GetInst32.dll
2011-12-07 03:45:09 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-12-07 03:45:09 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
.
==================== Find3M ====================
.
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-03 13:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 10:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-16 08:01:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:54:47.12 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/19/2010 8:24:32 PM
System Uptime: 12/14/2011 12:39:50 AM (18 hours ago)
.
Motherboard: | | 4CoreDual-SATA2.
Processor: Intel Pentium III Xeon processor | CPUSocket | 2394/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 15.939 GiB free.
D: is FIXED (NTFS) - 77 GiB total, 33.283 GiB free.
I: is CDROM ()
J: is CDROM ()
L: is FIXED (NTFS) - 1863 GiB total, 1045.281 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: USB Video Device
Device ID: USB\VID_0C45&PID_6300&MI_00\6&9E3DB8C&0&0000
Manufacturer: Microsoft
Name: USB Video Device #2
PNP Device ID: USB\VID_0C45&PID_6300&MI_00\6&9E3DB8C&0&0000
Service: usbvideo
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 3.3
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Reader 8.1.0
Adobe Reader 9.3.4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AMS 360 Client Rev 3
ArcSoft PhotoStudio 5.5
Ashampoo Burning Studio Elements 10.0.9
Asus_LCD_ScreenSaver
AutoUpdate
avast! Free Antivirus
Call of Duty® 4 - Modern Warfare™
Canon CanoScan LiDE 600F User Registration
Canon CanoScan Toolbox 5.0
Canon iP3500 series
Canon iP3500 series User Registration
Canon My Printer
Canon RAW Codec
Canon Utilities Digital Photo Professional 1.0
Canon Utilities Digital Photo Professional 3.9
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Picture Style Editor
Canon Utilities Solution Menu
Canon Utilities WFT Utility
CanoScan LiDE 600F
CCleaner
CDBurnerXP
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Connect
CPUID CPU-Z 1.55
DistanTV Client
DivX Codec
Dropbox
DVD Flick 1.3.0.7
DVD Shrink 3.2
erLT
FormatFactory 2.70
Google Chrome
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ImgBurn
Java Auto Updater
Java™ 6 Update 29
KhalInstallWrapper
kuler
LifeFrame2
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework SDK (English) 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office Converter Pack
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package - SE
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Move Media Player
Mozilla Firefox (3.6.23)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OGA Notifier 2.0.0048.0
OpticFilm 7600i
PDF Settings CS4
Photo Story 3 for Windows
Photoshop Camera Raw
Picasa 3
Pinnacle TVCenter Pro
Pixel Bender Toolkit
PIXMA Extended Survey Program
Platform
Presto! ImageFolio 4
Presto! PageManager 7.15.14
PrimoPDF -- brought to you by Nitro PDF Software
PxMergeModule
Realtek High Definition Audio Driver
Recuva
Revo Uninstaller 1.92
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SilverFast UScan-SE 6.6.2r4
Skype™ 5.5
Spybot - Search & Destroy
Suite Shared Configuration CS4
TV DIGITAL OnGuide
TVCenter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
VLC media player 1.1.4
WD Firewire HID Driver
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 14.5
Wondershare DVD Slideshow Builder Standard(Build 6.0.4.25)
.
==== Event Viewer Messages From Past Week ========
.
12/8/2011 2:06:49 AM, error: Print [6161] - The document Farhar Studios B1.indd owned by AJ failed to print on printer Canon iP3500 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 77816076. Number of bytes printed: 32656688. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\NONE-44182351CC. Win32 error code returned by the print processor: 13 (0xd).
12/8/2011 2:01:22 AM, error: Print [6161] - The document Farhar Studios B1.indd owned by AJ failed to print on printer Canon iP3500 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 41682388. Number of bytes printed: 24398964. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\NONE-44182351CC. Win32 error code returned by the print processor: 13 (0xd).
12/7/2011 7:54:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/7/2011 7:42:13 PM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
12/7/2011 7:01:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm
12/7/2011 10:07:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/11/2011 6:20:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/11/2011 6:19:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/11/2011 6:19:48 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2011 6:19:48 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2011 6:19:48 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2011 6:19:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

Attached Files



#9 deafghan04

deafghan04
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 14 December 2011 - 11:54 PM

here is GMER


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-14 18:41:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-8 MAXTOR_STM3320620A rev.3.AAE
Running: y9y9ole5.exe; Driver: C:\DOCUME~1\AJ\LOCALS~1\Temp\ufryraoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E66FC35C-31A1-4958-98A9-857661A4E0CC}@DhcpRetryTime 288
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E66FC35C-31A1-4958-98A9-857661A4E0CC}@DhcpRetryStatus 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- EOF - GMER 1.0.15 ----

Attached Files



#10 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 18 December 2011 - 12:10 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users