Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran ComboFix on my own


  • This topic is locked This topic is locked
11 replies to this topic

#1 Joe1212

Joe1212

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 26 February 2012 - 10:30 PM

Someone linked me to ComboFix from another site so I didn't see any of the warnings about only running it if someone here tells me to. Now I'm worried it may have done things to my computer I didn't want it to. I already noticed that it took everything out of my hosts file, and changed my desktop color from black to blue, and also says it cant load BOOT.INI at startup.

Also I ran ComboFix in the first place because I ran a "passwords.exe" from an old iPod by mistake the other day. It had the icon of a text file, and also had an autorun.inf and a green icon file with a yellow arrow in it. Ever since then Microsoft Security Essentials has been giving me virus warnings, saying it cleaned them, and then more would pop up. It seemed to be a differently named virus each time. I haven't seen a warning since I ran ComboFix but it hasn't been very long.



ComboFix 12-02-25.02 - Andrew 02/26/2012 21:15:27.1.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2344 [GMT -4:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\Andrew\Application Data\Bitcoin
c:\documents and settings\Andrew\Application Data\Bitcoin\.lock
c:\documents and settings\Andrew\Application Data\Bitcoin\__db.001
c:\documents and settings\Andrew\Application Data\Bitcoin\__db.002
c:\documents and settings\Andrew\Application Data\Bitcoin\__db.003
c:\documents and settings\Andrew\Application Data\Bitcoin\__db.004
c:\documents and settings\Andrew\Application Data\Bitcoin\__db.005
c:\documents and settings\Andrew\Application Data\Bitcoin\__db.006
c:\documents and settings\Andrew\Application Data\Bitcoin\addr.dat
c:\documents and settings\Andrew\Application Data\Bitcoin\blk0001.dat
c:\documents and settings\Andrew\Application Data\Bitcoin\blkindex.dat
c:\documents and settings\Andrew\Application Data\Bitcoin\database\log.0000000053
c:\documents and settings\Andrew\Application Data\Bitcoin\db.log
c:\documents and settings\Andrew\Application Data\Bitcoin\debug.log
c:\documents and settings\Andrew\Application Data\Bitcoin\wallet.dat
c:\documents and settings\Andrew\Application Data\PriceGong
c:\documents and settings\Andrew\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Andrew\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Andrew\Local Settings\Application Data\Windows Server
c:\documents and settings\Andrew\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Andrew\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\Andrew\WINDOWS
c:\documents and settings\Charles\WINDOWS
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\1.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\a.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\b.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\c.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\d.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\e.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\f.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\g.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\h.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\i.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\j.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\k.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\l.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\m.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\n.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\o.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\p.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\q.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\r.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\s.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\t.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\u.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\v.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\w.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\x.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\y.xml
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\PriceGong\Data\z.xml
c:\program files\Common
c:\program files\Common\VsoVprev.ax
c:\windows\SET6E3.tmp
c:\windows\SET6EA.tmp
c:\windows\system32\1219383585.dat
c:\windows\system32\SET85.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET9A.tmp
c:\windows\system32\SET9C.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA2.tmp
c:\windows\system32\SETA4.tmp
c:\windows\system32\SETB3.tmp
c:\windows\system32\SETD2.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD7.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 01:37 . 2012-02-27 01:37 29904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7B0F1491-A0FD-4926-8F56-CF3976D80F5C}\MpKslb5358c14.sys
2012-02-27 01:35 . 2012-02-27 01:35 7271 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-02-27 01:35 . 2012-02-27 01:35 8782 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-02-25 22:03 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7B0F1491-A0FD-4926-8F56-CF3976D80F5C}\mpengine.dll
2012-02-25 21:01 . 2012-02-25 21:01 -------- d-----w- C:\.bzvol
2012-02-25 20:59 . 2012-02-25 21:01 -------- d-----w- c:\program files\Backblaze
2012-02-25 20:59 . 2012-02-25 20:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Backblaze
2012-02-24 18:21 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-19 02:16 . 2012-02-19 02:23 -------- d-----w- c:\program files\JDownloader
2012-02-19 00:40 . 2012-02-19 00:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-18 13:23 . 2012-01-29 09:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 13:18 . 2012-02-18 13:19 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-18 12:50 . 2012-02-18 12:50 -------- d-----w- c:\windows\C8BB491212D942AEB571E580D8CD1B5B.TMP
2012-02-17 13:52 . 2012-02-17 13:52 -------- d-----w- c:\documents and settings\Andrew\Calibre Library
2012-02-16 12:02 . 2012-02-16 12:03 -------- d-----w- c:\program files\Calibre2
2012-02-13 11:42 . 2012-02-13 11:42 -------- d-----w- c:\documents and settings\Andrew\Local Settings\Application Data\Skyrim
2012-02-13 11:37 . 2010-02-04 14:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-02-13 11:37 . 2010-02-04 14:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-02-13 11:37 . 2010-02-04 14:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-02-13 11:37 . 2010-02-04 14:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-02-12 18:07 . 2012-02-12 18:07 -------- d-----r- C:\Sandbox
2012-02-12 18:05 . 2012-02-12 18:05 -------- d-----w- c:\program files\Sandboxie
2012-02-12 16:34 . 2006-11-14 11:28 86016 ----a-w- c:\windows\system32\cttele.dll
2012-02-12 10:06 . 2012-02-12 10:06 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-12 10:06 . 2012-02-17 10:34 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-12 10:06 . 2012-02-12 10:06 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-12 10:05 . 2012-02-17 10:34 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-02-12 10:05 . 2012-02-17 10:34 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-02-12 10:05 . 2012-02-17 10:34 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-02-12 10:05 . 2012-02-17 10:34 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-02-12 10:05 . 2012-02-17 10:34 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-02-12 10:05 . 2012-02-17 10:34 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-12 10:05 . 2012-02-12 10:05 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-12 10:05 . 2012-02-12 10:05 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-12 10:05 . 2012-02-12 10:05 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-12 06:11 . 2007-07-26 20:15 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-02-12 06:10 . 2012-02-12 06:10 -------- d-----w- C:\Intel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 23:59 . 2010-05-19 16:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:53 . 2002-08-29 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-23 23:32 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2002-08-29 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 19:24 . 2009-05-24 12:49 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-01-23 17:07 . 2007-08-10 18:17 1847296 ----a-w- c:\program files\mozilla firefox\plugins\Seadragon.dll
2012-02-17 10:34 . 2012-02-12 10:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2007-08-15 12:44 . 2007-08-15 12:44 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"Deskview (small icons)"="c:\documents and settings\Andrew\My Documents\Briefcase\Misc\apps\deskview.exe" [2002-09-25 36864]
"AlcoholAutomount"="c:\program files\Alcohol 120\axcmd.exe" [2008-12-08 4608]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2008-10-09 200136]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-02-07 451856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 68856]
"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2012-02-25 495400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
.
c:\documents and settings\Andrew\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Andrew\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
HotKeys.lnk - c:\documents and settings\Andrew\My Documents\Briefcase\Misc\backups\Dropbox\scripts\AutoHotkey macros\hotkeys\hotkeys.ahk [2011-6-16 4234]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-8-10 81997]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 00:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"igndlm.exe"=c:\program files\IGN Download Manager\dlm.exe /windowsstart /startifwork
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\Andrew\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\mIRC2\\mirc.exe"=
"c:\\Documents and Settings\\Andrew\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Documents and Settings\\Andrew\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Andrew\\My Documents\\Briefcase\\Misc\\apps\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/3/2007 7:50 PM 717296]
R1 MpKslb5358c14;MpKslb5358c14;c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7B0F1491-A0FD-4926-8F56-CF3976D80F5C}\MpKslb5358c14.sys [2/26/2012 9:37 PM 29904]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 bzserv;Backblaze Service;c:\program files\Backblaze\bzserv.exe [2/25/2012 5:00 PM 211240]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [4/10/2007 4:32 AM 16168]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/11/2008 5:10 PM 24652]
S0 uvqme;uvqme;c:\windows\system32\drivers\bocqlf.sys --> c:\windows\system32\drivers\bocqlf.sys [?]
S0 vpgdwta;vpgdwta;c:\windows\system32\drivers\eslst.sys --> c:\windows\system32\drivers\eslst.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\Andrew\Desktop\winxpvirtualcdcontrolpanel_21\VCdRom.sys --> c:\documents and settings\Andrew\Desktop\winxpvirtualcdcontrolpanel_21\VCdRom.sys [?]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/21/2010 1:11 PM 135664]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\Andrew\LOCALS~1\Temp\cdiskdun.sys --> c:\docume~1\Andrew\LOCALS~1\Temp\cdiskdun.sys [?]
S3 EzInstall;EzInstall;\??\d:\ezinstall\EzInstall.sys --> d:\ezinstall\EzInstall.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/21/2010 1:11 PM 135664]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [7/7/2008 8:04 PM 47360]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\progra~1\AIRLIN~1\POWERL~1\PLCMPR5.SYS --> c:\progra~1\AIRLIN~1\POWERL~1\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\progra~1\AIRLIN~1\POWERL~1\PLCNDIS5.SYS [10/1/2006 4:21 PM 17280]
S3 SMALUSB;Creative CardCam Driver;c:\windows\system32\drivers\p1070crt.sys [4/30/2005 6:26 PM 9472]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/29/2002 8:00 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLB5358C14
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 14:50]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 17:11]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 17:11]
.
2012-02-27 c:\windows\Tasks\User_Feed_Synchronization-{B7D147F6-1007-417F-8209-E1FB3192A8A7}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=localhost:7171
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{018F09FC-637A-4D12-B3FC-4FE29251832E}: NameServer = 208.67.222.222
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\42pe73qw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{F3DF2532-A2CC-48D8-8643-A033AE4FC313} - (no file)
AddRemove-Creative CardCam - c:\windows\CtDrvIns.exe -uninstall usb\vid_041e&pid_4016 -pluginres p1070pin.crl
AddRemove-setuptools-py2.7 - c:\python27\Removesetuptools.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-26 21:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,71,c7,6f,4f,36,bb,42,ab,d6,1e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,71,c7,6f,4f,36,bb,42,ab,d6,1e,\
.
[HKEY_USERS\S-1-5-21-515967899-1085031214-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4A7979B7-ECC7-B476-00C7-660DFD496170}*]
"oacnebnallkdhflpkjcjbcnmibocec"=hex:64,61,63,70,65,64,6b,67,00,84
"oaonenkkmnpkoopogblmllaieijjod"=hex:6a,61,70,6f,64,64,6f,63,68,6d,6f,63,62,70,
6c,6b,6c,6f,6c,6b,00,02
"naeokmjipohmngcomdmnjcnfkldp"=hex:6a,61,63,70,61,64,6e,68,6a,61,6b,68,6d,6b,
62,69,6e,6d,6d,62,00,02
.
[HKEY_USERS\S-1-5-21-515967899-1085031214-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F6C5370F-BF8F-98FB-DDE5-5B2E61718CA2}*]
"oajganhnjhfhonlehdkgbklbkoapag"=hex:64,61,6d,65,6a,6b,6f,6a,00,84
"oafgmdbghjhnmpggmodhmmepjpehhg"=hex:6a,61,6b,65,6d,67,6a,62,6d,6a,69,6b,6d,6f,
6e,65,62,6b,6f,67,00,0f
"napggcaobohiffaokpnbbbjfldhm"=hex:6a,61,6a,65,68,67,65,68,6f,6a,6f,62,6e,70,
6b,64,70,64,67,6f,00,0f
.
[HKEY_USERS\S-1-5-21-515967899-1085031214-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5a,2b,91,d5,24,7b,d1,d3,85,3b,d8,4e,28,63,3d,e1,25,95,6b,1f,dd,f9,fd,
8c,55,95,02,fb,ba,f2,9c,b8,78,1a,f9,65,dc,cd,08,5b,18,c4,43,de,e5,bd,f2,0b,\
"??"=hex:4d,43,82,92,6a,78,82,f4,5a,a7,35,5c,e2,14,1e,50
.
[HKEY_USERS\S-1-5-21-515967899-1085031214-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:8f,f4,1e,be,cd,30,02,b8,6a,5e,9f,36,9b,a6,cd,5b,43,60,27,6c,d7,
a7,78,62,a5,00,2f,f1,28,19,ea,c7,95,30,59,dd,b7,5a,da,9f,a7,ee,5e,3a,f3,05,\
"rkeysecu"=hex:39,af,fa,03,5b,6b,a2,b8,78,9d,ad,f2,f4,ef,ae,4d
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(820)
c:\windows\system32\WININET.dll
c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Webroot\Washer\WasherSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Backblaze\bzfilelist.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchFilterHost.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
.
**************************************************************************
.
Completion time: 2012-02-26 22:00:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-27 02:00
.
Pre-Run: 74,953,465,856 bytes free
Post-Run: 71,908,864,000 bytes free
.
- - End Of File - - 7B0D771DE7868EB326C60CB7C1E7FF26

Edited by Joe1212, 27 February 2012 - 03:43 AM.


BC AdBot (Login to Remove)

 


#2 Joe1212

Joe1212
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 27 February 2012 - 02:24 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Andrew at 23:59:10 on 2012-02-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2164 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
C:\windows\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Backblaze\bzserv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\SOUNDMAN.EXE
C:\windows\ALCWZRD.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\windows\system32\CTHELPER.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\Macros\AutoHotkey\AutoHotkey.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Backblaze\bzfilelist.exe
C:\windows\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=localhost:7171
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spyware\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [Deskview (small icons)] c:\documents and settings\andrew\my documents\briefcase\misc\apps\deskview.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Backblaze] "c:\program files\backblaze\bzbui.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\andrew\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\hotkeys.lnk - c:\documents and settings\andrew\my documents\briefcase\misc\backups\dropbox\scripts\autohotkey macros\hotkeys\hotkeys.ahk
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\progra~1\icq\ICQ.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spyware\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{018F09FC-637A-4D12-B3FC-4FE29251832E} : NameServer = 208.67.222.222
TCP: Interfaces\{018F09FC-637A-4D12-B3FC-4FE29251832E} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{71BF20FF-A8CB-491F-A491-A8C3FF1F67AE} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E2F14F46-578D-413B-A56E-4A197DB4B1A0} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\andrew\application data\mozilla\firefox\profiles\42pe73qw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - plugin: c:\documents and settings\andrew\local settings\application data\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\ign download manager\npfpdlm.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\photosynth\nppsynth.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, true
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 bzserv;Backblaze Service;c:\program files\backblaze\bzserv.exe [2012-2-25 211240]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2007-4-10 16168]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-11 24652]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-8-20 598856]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-2-7 133392]
S0 uvqme;uvqme;c:\windows\system32\drivers\bocqlf.sys --> c:\windows\system32\drivers\bocqlf.sys [?]
S0 vpgdwta;vpgdwta;c:\windows\system32\drivers\eslst.sys --> c:\windows\system32\drivers\eslst.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\andrew\desktop\winxpvirtualcdcontrolpanel_21\vcdrom.sys --> c:\documents and settings\andrew\desktop\winxpvirtualcdcontrolpanel_21\VCdRom.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-21 135664]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\andrew\locals~1\temp\cdiskdun.sys --> c:\docume~1\andrew\locals~1\temp\cdiskdun.sys [?]
S3 EzInstall;EzInstall;\??\d:\ezinstall\ezinstall.sys --> d:\ezinstall\EzInstall.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-21 135664]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\progra~1\airlin~1\powerl~1\plcmpr5.sys --> c:\progra~1\airlin~1\powerl~1\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\progra~1\airlin~1\powerl~1\PLCNDIS5.SYS [2006-10-1 17280]
S3 SMALUSB;Creative CardCam Driver;c:\windows\system32\drivers\p1070crt.sys [2005-4-30 9472]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-27 03:02:10 6552120 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{1c22e99a-ec8b-4c6e-8923-cb9f6517e28c}\mpengine.dll
2012-02-25 21:01:14 -------- d-----w- C:\.bzvol
2012-02-25 20:59:58 -------- d-----w- c:\program files\Backblaze
2012-02-25 20:59:58 -------- d-----w- c:\documents and settings\all users.windows\application data\Backblaze
2012-02-24 20:22:50 208896 ----a-w- c:\windows\MBR.exe
2012-02-24 20:22:49 98816 ----a-w- c:\windows\sed.exe
2012-02-24 20:22:49 518144 ----a-w- c:\windows\SWREG.exe
2012-02-24 20:22:49 256000 ----a-w- c:\windows\PEV.exe
2012-02-24 18:21:11 6552120 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-02-19 02:16:04 -------- d-----w- c:\program files\JDownloader
2012-02-19 00:40:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-18 13:23:56 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 13:18:24 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-18 12:50:43 -------- d-----w- c:\windows\C8BB491212D942AEB571E580D8CD1B5B.TMP
2012-02-17 13:52:39 -------- d-----w- c:\documents and settings\andrew\Calibre Library
2012-02-16 12:02:51 -------- d-----w- c:\program files\Calibre2
2012-02-13 11:42:41 -------- d-----w- c:\documents and settings\andrew\local settings\application data\Skyrim
2012-02-13 11:37:12 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-02-13 11:37:12 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-02-13 11:37:12 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-02-13 11:37:11 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-02-12 18:07:51 -------- d-----r- C:\Sandbox
2012-02-12 18:05:03 -------- d-----w- c:\program files\Sandboxie
2012-02-12 16:34:29 86016 ----a-w- c:\windows\system32\cttele.dll
2012-02-12 10:06:05 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-12 10:06:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-12 10:06:01 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-12 10:05:58 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-02-12 10:05:57 437208 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-02-12 10:05:57 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-02-12 10:05:56 1911768 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-02-12 10:05:55 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-02-12 10:05:55 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-12 10:05:54 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-12 10:05:54 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-12 10:05:54 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-12 06:11:04 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-02-12 06:10:26 -------- d-----w- C:\Intel
.
==================== Find3M ====================
.
2012-02-25 23:59:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 19:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 0:05:47.68 ===============

Attached Files



#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:55 PM

Posted 29 February 2012 - 06:44 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 Joe1212

Joe1212
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 29 February 2012 - 11:36 PM

I am here.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:55 PM

Posted 01 March 2012 - 07:45 PM

Please start with a check for rootkits

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#6 Joe1212

Joe1212
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 03 March 2012 - 04:29 PM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 16:03:20
-----------------------------
16:03:20.625 OS Version: Windows 5.1.2600 Service Pack 3
16:03:20.625 Number of processors: 1 586 0x409
16:03:20.625 ComputerName: ANDREW UserName: Andrew
16:03:26.156 Initialize success
16:04:01.921 AVAST engine defs: 12030300
16:05:59.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-e
16:05:59.562 Disk 0 Vendor: WDC_WD2500JD-75FYB0 02.05D02 Size: 238418MB BusType: 3
16:05:59.562 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T1L0-19
16:05:59.562 Disk 1 Vendor: WDC_WD5000KS-00MNB0 07.02E07 Size: 476940MB BusType: 3
16:05:59.609 Disk 0 MBR read successfully
16:05:59.625 Disk 0 MBR scan
16:05:59.812 Disk 0 Windows XP default MBR code
16:05:59.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
16:05:59.843 Disk 0 Partition - 00 0F Extended LBA 107356 MB offset 268414020
16:05:59.937 Disk 0 scanning sectors +488279610
16:06:00.203 Disk 0 scanning C:\windows\system32\drivers
16:06:57.921 Service scanning
16:07:21.546 Service EzInstall D:\ezinstall\EzInstall.sys **LOCKED** 21
16:07:34.937 Service MpKsl6b0a70f0 C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70D78F8B-6FDC-4718-9745-F3727C5EDC32}\MpKsl6b0a70f0.sys **LOCKED** 32
16:07:51.078 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
16:08:16.406 Modules scanning
16:08:37.031 Disk 0 trace - called modules:
16:08:37.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys atapi.sys spjo.sys >>UNKNOWN [0x8b09a938]<<
16:08:37.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b040ab8]
16:08:37.062 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\00000093[0x8b04e328]
16:08:37.062 5 ACPI.sys[b9e67620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-e[0x8b046d98]
16:08:37.078 \Driver\atapi[0x8b04fba0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xba5b0661]
16:08:40.093 AVAST engine scan C:\windows
16:09:33.125 AVAST engine scan C:\windows\system32
16:26:39.281 AVAST engine scan C:\windows\system32\drivers
16:27:55.640 AVAST engine scan C:\Documents and Settings\Andrew
17:26:24.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andrew\Desktop\bleepcomp\MBR.dat"
17:26:24.546 The log file has been saved successfully to "C:\Documents and Settings\Andrew\Desktop\bleepcomp\aswMBR.txt"

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:55 PM

Posted 03 March 2012 - 05:04 PM

There is an unknown showing in aswMBR so we need to see the Master Boot Record when Windows is not booted.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download dumpit to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

Posted Image
m0le is a proud member of UNITE

#8 Joe1212

Joe1212
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 04 March 2012 - 06:57 PM

  • Click on sdb1 (sdb1 represents the USB drive).

sdb1 is my second hard drive (E:)

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:55 PM

Posted 04 March 2012 - 07:25 PM

It may be sdb2.
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:55 PM

Posted 07 March 2012 - 08:12 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Please note that I may not be able to reply between 9 and 11 March 2012

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:55 PM

Posted 11 March 2012 - 06:54 PM

Hello Joe1212,

I am back so please reply to let me know that you still need help with your machine?
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:55 PM

Posted 12 March 2012 - 07:19 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users