Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access was/is on the system.


  • This topic is locked This topic is locked
5 replies to this topic

#1 BASystems

BASystems

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 22 February 2012 - 01:28 PM

Here is the DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by MHeath at 13:09:31 on 2012-02-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.2318 [GMT -5:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe
C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
C:\UPS\WSTD\UPSNA1Msgr.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Provide Support\Live Support Chat for Web Site\ProvideSupportConsole.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
C:\UPS\WSTD\WSTDMessaging.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\MHeath.TD\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.dell.com
uStart Page = hxxp://www.thoroughbreddiesel.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ProvideSupportOperatorConsole] c:\progra~1\provid~1\livesu~1\PROVID~1.EXE
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP LaserJet Professional M1530 MFP Series Fax] c:\program files\hp\digital imaging\fax\fax driver 0.6 base\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax"
mRun: [NA1Messenger] c:\ups\wstd\UPSNA1Msgr.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [SBAMTray] "c:\program files\gfi software\gfiagent\SBAMTray.exe"
mRun: [SBRegRebootCleaner] "c:\program files\gfi software\gfiagent\SBRC.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\phonem~1.lnk - c:\program files\avaya\ip office\phone manager\PhoneManager.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbwebconnector\QBWebConnector.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\upswor~2.lnk - c:\ups\wstd\WSTDMessaging.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\upswor~1.lnk - c:\ups\wstd\wstdPldReminder.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qb.webex.com/client/v_mywebex-qb20/support/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 10.10.10.2
TCP: Interfaces\{9AF44CC5-F6ED-4112-8CC8-4A0275F77016} : DhcpNameServer = 10.10.10.2
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks enterprise solutions 10.0\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-8-30 101624]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-2-12 78936]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2010-6-29 127488]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-9-26 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-10-31 47640]
R2 SBAMSvc;VIPRE Business;c:\program files\gfi software\gfiagent\SBAMSvc.exe [2011-10-12 2804312]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-8-30 74104]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\gfiagent\SBPIMSvc.exe [2011-10-12 181616]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-12-1 349224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-11-1 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1.0\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1.0\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-02-22 18:09:32 -------- d-----w- c:\windows\system32\catroot2
2012-02-22 17:01:14 -------- d-----w- c:\users\mheath.td\appdata\local\ElevatedDiagnostics
2012-02-22 16:58:17 -------- d-----w- c:\windows\system32\CatRoot2_2012222125454
2012-02-22 16:46:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-22 16:43:35 -------- d-----w- c:\windows\system32\appmgmt
2012-02-22 16:34:59 -------- d-----w- c:\program files\CCleaner
2012-02-22 13:34:33 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-22 13:18:00 -------- d-----w- c:\users\mheath.td\appdata\local\{BD9251FE-4FE5-4A5E-B854-751C05B0A951}
2012-02-22 13:17:50 -------- d-----w- c:\users\mheath.td\appdata\local\{C53EE3EC-647A-4D2C-837C-BBFE8F170559}
2012-02-21 19:18:47 98816 ----a-w- c:\windows\sed.exe
2012-02-21 19:18:47 518144 ----a-w- c:\windows\SWREG.exe
2012-02-21 19:18:47 256000 ----a-w- c:\windows\PEV.exe
2012-02-21 19:18:47 208896 ----a-w- c:\windows\MBR.exe
2012-02-21 19:18:43 -------- d-s---w- C:\ComboFix
2012-02-21 16:14:12 -------- d-----w- c:\users\mheath.td\appdata\roaming\Malwarebytes
2012-02-21 16:14:09 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-21 16:14:09 -------- d-----w- c:\programdata\Malwarebytes
2012-02-21 16:14:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-21 13:25:39 -------- d-----w- c:\users\mheath.td\appdata\local\{BBDF8CA4-20E2-45CB-8EDF-7E623B9917AF}
2012-02-21 13:25:29 -------- d-----w- c:\users\mheath.td\appdata\local\{8185F91E-F245-4BA7-B7E7-CA3CDB4E1FF1}
2012-02-21 00:52:05 -------- d-----w- c:\users\mheath.td\appdata\local\{99F505DD-86D1-4920-82B6-DC941CF5C3F8}
2012-02-21 00:51:55 -------- d-----w- c:\users\mheath.td\appdata\local\{9A7E2609-0C90-4B7B-82CD-E862612B45C4}
2012-02-20 12:51:32 -------- d-----w- c:\users\mheath.td\appdata\local\{E865A45E-8D79-413A-BB7A-8421B8EF3E43}
2012-02-20 12:51:22 -------- d-----w- c:\users\mheath.td\appdata\local\{4FA9C624-81A9-4ADA-A225-4273546377E9}
2012-02-17 16:53:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-17 16:50:28 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-17 16:49:14 -------- d-sh--w- c:\users\mheath.td\appdata\local\4e20bfee
2012-02-17 13:44:48 -------- d-----w- c:\users\mheath.td\appdata\local\{836C0645-8CAA-4FE4-9564-1776EE02EA05}
2012-02-17 13:44:38 -------- d-----w- c:\users\mheath.td\appdata\local\{65B51377-1B0C-41E1-ABA7-C61FA523C88E}
2012-02-17 01:44:27 -------- d-----w- c:\users\mheath.td\appdata\local\{4AEC3102-D8B0-431B-A9A5-3C0DA6EE478D}
2012-02-17 01:44:16 -------- d-----w- c:\users\mheath.td\appdata\local\{6E578E93-1421-4E91-8DA8-205D8B331472}
2012-02-16 13:44:04 -------- d-----w- c:\users\mheath.td\appdata\local\{28BF093E-E347-4C2F-A3D6-5D62FE647EDF}
2012-02-16 13:43:54 -------- d-----w- c:\users\mheath.td\appdata\local\{01F58A53-BE1A-4ADC-B2C3-222EF3CF658A}
2012-02-15 12:36:52 -------- d-----w- c:\users\mheath.td\appdata\local\{A501B8F2-63FC-40A4-BEFC-0F2056D75799}
2012-02-15 12:36:41 -------- d-----w- c:\users\mheath.td\appdata\local\{D4B2C0B8-B61A-404E-9AD4-0D12B2D2C8B8}
2012-02-14 13:35:05 -------- d-----w- c:\users\mheath.td\appdata\local\{E5A02F42-4E0E-4019-90D7-99005DA3C074}
2012-02-14 13:34:54 -------- d-----w- c:\users\mheath.td\appdata\local\{E6331FF1-646E-45D5-BDA7-875DBB27D5BA}
2012-02-13 14:15:06 -------- d-----w- c:\users\mheath.td\appdata\local\{77042513-44EC-4CA8-948C-0587A653CD59}
2012-02-13 14:14:56 -------- d-----w- c:\users\mheath.td\appdata\local\{C1BDB640-A85E-46DF-A6FE-436B53B32B3B}
2012-02-13 02:14:31 -------- d-----w- c:\users\mheath.td\appdata\local\{6001F3A7-4592-481C-B348-55F76ECD3078}
2012-02-13 02:14:21 -------- d-----w- c:\users\mheath.td\appdata\local\{FFF40FC4-CD2E-462F-81A8-5168BD0E5B4F}
2012-02-13 02:14:06 -------- d-----w- c:\users\mheath.td\appdata\roaming\GFI Software
2012-02-13 01:50:53 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-02-13 01:48:58 -------- d-----w- c:\program files\GFI Software
2012-02-11 04:37:26 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4f439f2f-9a0f-4dde-9842-2616b64a4d65}\mpengine.dll
2012-02-10 13:53:43 -------- d-----w- c:\users\mheath.td\appdata\local\{0E40BB1D-6E82-4467-9140-5B918AF9D1AF}
2012-02-10 13:53:33 -------- d-----w- c:\users\mheath.td\appdata\local\{81777442-AB35-43FD-A323-032BF2AC196A}
2012-02-09 18:14:30 -------- d-----w- c:\users\mheath.td\appdata\local\{9D942FA8-EDB6-42BF-9B50-67DDC9F87353}
2012-02-09 18:14:20 -------- d-----w- c:\users\mheath.td\appdata\local\{8F9190A8-9AB2-43A6-B9A5-A9568BA9486C}
2012-02-08 13:41:52 -------- d-----w- c:\users\mheath.td\appdata\local\{CCC1F5FF-E2C9-4F33-8EBC-5E36FC0119BD}
2012-02-08 13:41:42 -------- d-----w- c:\users\mheath.td\appdata\local\{3942E577-4CED-42DF-BD1B-94C88D29EF8C}
2012-02-07 12:53:56 -------- d-----w- c:\users\mheath.td\appdata\local\{91940BEB-E4E9-41AE-82FA-A451564DCDD9}
2012-02-07 12:53:45 -------- d-----w- c:\users\mheath.td\appdata\local\{0E28D805-B631-4A6C-9251-7013D086E396}
2012-02-06 15:11:30 -------- d-----w- c:\users\mheath.td\appdata\local\{26A44BF8-6D33-4F0F-B711-97184698CD2A}
2012-02-06 15:11:19 -------- d-----w- c:\users\mheath.td\appdata\local\{4F36EBB9-37B2-481A-AFCB-F7E14833753E}
2012-02-03 12:39:11 -------- d-----w- c:\users\mheath.td\appdata\local\{D7948F89-8ED4-4AB0-99B0-878F5AAC93F0}
2012-02-03 12:38:58 -------- d-----w- c:\users\mheath.td\appdata\local\{7E0D4385-901D-4369-9FF1-31D32BCD9370}
2012-02-03 01:49:47 -------- d-----w- c:\programdata\GFI Software
2012-02-02 14:06:46 -------- d-----w- c:\users\mheath.td\appdata\local\{EAF7F3A6-17E9-42E4-8F82-BEF1908DB495}
2012-02-02 14:06:34 -------- d-----w- c:\users\mheath.td\appdata\local\{E7E166D0-7428-4FE3-9169-E4F83D8EB0C4}
2012-02-01 13:11:31 -------- d-----w- c:\users\mheath.td\appdata\local\{71221296-D34D-4CB3-B2E9-A6F8BDBA1012}
2012-02-01 13:11:21 -------- d-----w- c:\users\mheath.td\appdata\local\{6F0479E2-D7A4-4B87-8C5C-78E975B88368}
2012-02-01 01:11:09 -------- d-----w- c:\users\mheath.td\appdata\local\{9276BF42-FF93-4C48-936C-3E488973B060}
2012-02-01 01:10:59 -------- d-----w- c:\users\mheath.td\appdata\local\{2D607299-91C5-4EAB-817C-F9DE061661BB}
2012-01-31 13:10:47 -------- d-----w- c:\users\mheath.td\appdata\local\{049A8473-AACE-455C-96CF-702764934DCB}
2012-01-31 13:10:37 -------- d-----w- c:\users\mheath.td\appdata\local\{EF31DA04-0026-4EF4-9306-354045B27D5F}
2012-01-30 13:42:00 -------- d-----w- c:\users\mheath.td\appdata\local\{0EAF5361-E4B1-41FF-8600-39CF7BFF2E3D}
2012-01-30 13:41:50 -------- d-----w- c:\users\mheath.td\appdata\local\{B6A81FBE-1162-40B0-9F43-9C90F9EDCD39}
2012-01-27 12:55:29 -------- d-----w- c:\users\mheath.td\appdata\local\{9BF1484A-AB43-4B64-8699-A38FB78095E1}
2012-01-27 12:55:18 -------- d-----w- c:\users\mheath.td\appdata\local\{048E4DC8-E833-4D1F-8423-72400382A1DD}
2012-01-26 14:10:11 -------- d-----w- c:\users\mheath.td\appdata\local\{80EACC83-66AF-48E7-9E03-3C673F479DE9}
2012-01-26 14:10:01 -------- d-----w- c:\users\mheath.td\appdata\local\{4E5555FA-8091-4523-AAEB-7EF669EA0B53}
2012-01-25 13:15:07 -------- d-----w- c:\users\mheath.td\appdata\local\{E6B57507-345D-453C-B9B1-7149E0077A37}
2012-01-25 13:14:57 -------- d-----w- c:\users\mheath.td\appdata\local\{65068B4F-77C6-471B-890C-CA35678CD359}
2012-01-24 13:29:27 -------- d-----w- c:\users\mheath.td\appdata\local\{D7B6AC17-5B8B-47EE-A361-867F52932B65}
2012-01-24 13:29:17 -------- d-----w- c:\users\mheath.td\appdata\local\{8E01BEA1-28BE-4795-9065-19C7B412DC2A}
.
==================== Find3M ====================
.
2012-02-17 16:53:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-07 14:50:57 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-07 14:50:57 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-02-07 14:50:56 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-07 14:50:56 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-03 13:10:50 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2012-01-03 13:10:48 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-12-19 14:50:50 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-16 07:54:22 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
2011-12-16 06:09:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-30 18:59:17 72080 ----a-w- c:\users\mheath.td\g2mdlhlpx.exe
.
============= FINISH: 13:10:29.13 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:10:32 PM

Posted 28 February 2012 - 10:12 AM

Hello again BASystems,

My name's ratman. I'll be helping resolve your computer issues.

Logs take a while to analyze so please be patient while I study your logs.

What issues are you having apart from Windows update problem?

Can you copy/paste your last ComboFix log please?

Edited by ratman, 28 February 2012 - 12:41 PM.

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 BASystems

BASystems
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 01 March 2012 - 04:40 PM

The only issue I know of right now is that the windows updates won't run or install. I'll try to get you the combo fix log soon.

Thanks,

BA

#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:10:32 PM

Posted 01 March 2012 - 04:57 PM

Hi,

While I wait for CF log:

...is that the windows updates won't run or install.

What error messages are seen when window's update is attempted?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:10:32 PM

Posted 04 March 2012 - 03:40 PM

Hello BASystems,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#6 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:10:32 PM

Posted 06 March 2012 - 05:38 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users