Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Redirect Virus, No malware program will find it


  • This topic is locked This topic is locked
22 replies to this topic

#1 Dave Dewhurst

Dave Dewhurst

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 03 March 2012 - 05:25 PM

Hi,
In the last couple of days my search results on IE and FF have been getting redirected to thealtimes.com
Ive tried looking for the virus with Housecall and Malwarebytes but neither reports any problem.
Ive left malwarebytes running as it is blocking outgoing requests to an IP address (109.206.185.165) every time the redirect occurs
Ive read the what to do post and have pasted my DDS.txt below.
Thanks for looking and for any help you can give
Dave

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Waxrose at 22:09:52 on 2012-03-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.196 [GMT 0:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{39B70D6F-1AED-47DA-9678-540D5FEADDD9} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\waxrose\application data\mozilla\firefox\profiles\493kny1a.default\
FF - prefs.js: browser.startup.homepage - hxxp://battlelog.battlefield.com/bf3/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\battlelog web plugins\1.104.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2012-1-9 11264]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-1-9 21992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-2 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-2 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-14 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-14 136176]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-02 22:56:43 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-02 22:51:22 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-03-02 21:49:46 -------- d-sha-r- C:\cmdcons
2012-03-02 21:48:04 98816 ----a-w- c:\windows\sed.exe
2012-03-02 21:48:04 518144 ----a-w- c:\windows\SWREG.exe
2012-03-02 21:48:04 256000 ----a-w- c:\windows\PEV.exe
2012-03-02 21:48:04 208896 ----a-w- c:\windows\MBR.exe
2012-03-02 16:49:54 388096 ----a-r- c:\documents and settings\waxrose\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-02 16:49:50 -------- d-----w- c:\program files\Trend Micro
2012-03-02 16:44:20 -------- d-----w- c:\windows\pss
2012-03-02 16:20:15 -------- d-----w- c:\documents and settings\waxrose\application data\Malwarebytes
2012-03-02 16:20:06 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-02 16:20:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 16:20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-02 13:22:53 14664 ----a-w- c:\windows\stinger.sys
2012-03-02 13:20:32 159608 ----a-w- c:\windows\system32\mfevtps.exe.3bce.deleteme
2012-03-02 13:19:47 -------- d-----w- c:\program files\stinger
2012-03-02 08:12:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-02 08:12:48 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-03-02 00:27:24 150016 --sha-r- c:\windows\system32\rdpwsx4.dll
2012-02-20 21:42:45 -------- d-----w- c:\documents and settings\waxrose\vw
2012-02-20 21:40:22 -------- d-----w- c:\program files\Visual Trace Route
2012-02-20 21:18:14 -------- d-----w- c:\documents and settings\waxrose\application data\NetStats
2012-02-16 02:11:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-16 02:11:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 11:53:42 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 11:53:42 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-10 10:12:39 -------- d-sh--w- c:\documents and settings\waxrose\IECompatCache
2012-02-07 12:01:45 175616 ----a-w- c:\windows\system32\unrar.dll
2012-02-07 12:01:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-02-05 22:07:59 -------- d-----w- c:\documents and settings\waxrose\local settings\application data\SKIDROW
2012-02-05 22:05:39 -------- d-----w- c:\windows\system32\AGEIA
2012-02-05 22:05:15 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-02-05 21:43:07 -------- d-----w- c:\program files\RailSimulator.com
2012-02-05 21:42:19 -------- d-----w- c:\program files\Alcohol Soft
2012-02-05 21:36:52 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
.
==================== Find3M ====================
.
2012-02-12 11:54:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-21 14:25:22 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:26:44 0 ----a-w- c:\windows\ativpsrm.bin
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 22:11:25.67 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 04 March 2012 - 02:35 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dave Dewhurst

Dave Dewhurst
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 March 2012 - 04:35 AM

Hi Gringo thanks for taking the time to help.
Ive pasted the Combofix log below.
Whilst running Combofix I had about 5 "Windows Explorer has encountered a problem and needs to close" errors but Combofix carried on running.
Checked IE and FF after running Combofix and redirects are still occurring.
Also just noticed that Windows Firewall is disabled but I'm pretty sure I enabled it. (Have re-enabled it now)

Dave

ComboFix 12-03-03.02 - Waxrose 03/04/2012 9:12.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.443 [GMT 0:00]
Running from: c:\documents and settings\Waxrose\Desktop\virus\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-02 22:56 . 2012-03-02 22:56 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-02 22:51 . 2012-03-02 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-03-02 16:49 . 2012-03-02 16:49 388096 ----a-r- c:\documents and settings\Waxrose\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-02 16:49 . 2012-03-02 16:49 -------- d-----w- c:\program files\Trend Micro
2012-03-02 16:20 . 2012-03-02 16:20 -------- d-----w- c:\documents and settings\Waxrose\Application Data\Malwarebytes
2012-03-02 16:20 . 2012-03-02 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-02 16:20 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 16:20 . 2012-03-02 22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-02 13:22 . 2012-03-02 13:26 14664 ----a-w- c:\windows\stinger.sys
2012-03-02 13:20 . 2012-03-02 13:20 159608 ----a-w- c:\windows\system32\mfevtps.exe.3bce.deleteme
2012-03-02 13:19 . 2012-03-02 15:12 -------- d-----w- c:\program files\stinger
2012-03-02 08:12 . 2012-03-02 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-03-02 08:12 . 2012-03-02 08:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-02 00:27 . 2012-03-02 00:27 150016 --sha-r- c:\windows\system32\rdpwsx4.dll
2012-02-20 21:42 . 2012-02-20 21:42 -------- d-----w- c:\documents and settings\Waxrose\vw
2012-02-20 21:40 . 2012-02-20 21:45 -------- d-----w- c:\program files\Visual Trace Route
2012-02-20 21:18 . 2012-02-20 21:18 -------- d-----w- c:\documents and settings\Waxrose\Application Data\NetStats
2012-02-16 02:12 . 2012-02-16 02:12 -------- d-----w- c:\windows\Sun
2012-02-16 02:12 . 2012-02-16 02:12 -------- d-----w- c:\program files\Common Files\Java
2012-02-16 02:11 . 2012-02-16 02:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-16 02:11 . 2012-02-16 02:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-16 02:11 . 2012-02-16 02:11 -------- d-----w- c:\program files\Java
2012-02-15 11:53 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 11:53 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-12 11:53 . 2012-02-12 11:53 -------- d-----w- c:\documents and settings\Waxrose\Local Settings\Application Data\Mozilla
2012-02-10 10:12 . 2012-02-10 10:12 -------- d-sh--w- c:\documents and settings\Waxrose\IECompatCache
2012-02-07 12:01 . 2011-03-02 11:43 175616 ----a-w- c:\windows\system32\unrar.dll
2012-02-07 12:01 . 2012-02-07 12:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-02-05 22:07 . 2012-02-05 22:07 -------- d-----w- c:\documents and settings\Waxrose\Local Settings\Application Data\SKIDROW
2012-02-05 22:05 . 2012-02-05 22:05 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-05 22:05 . 2012-02-05 22:05 -------- d-----w- c:\program files\AGEIA Technologies
2012-02-05 22:05 . 2012-02-05 22:05 -------- d-----w- c:\windows\system32\AGEIA
2012-02-05 22:05 . 2012-02-05 22:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-02-05 21:43 . 2012-02-05 21:43 -------- d-----w- c:\program files\RailSimulator.com
2012-02-05 21:42 . 2012-03-03 22:09 -------- d-----w- c:\program files\Alcohol Soft
2012-02-05 21:36 . 2012-02-05 21:36 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 11:54 . 2012-01-09 16:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-21 14:25 . 2012-01-21 14:25 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2012-01-12 16:53 . 2006-02-28 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-18 12:40 . 2012-02-12 11:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-02_22.03.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-04 09:06 . 2012-03-04 09:06 16384 c:\windows\Temp\Perflib_Perfdata_6f8.dat
+ 2011-01-14 07:10 . 2011-01-14 07:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 07:10 . 2011-01-14 07:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2011-07-21 12:34 . 2011-07-21 12:34 3456000 c:\windows\Installer\f9710.msp
+ 2011-01-14 07:10 . 2011-01-14 07:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 07:10 . 2011-01-14 07:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 07:10 . 2011-01-14 07:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Battlelog Web Plugins\\Sonar\\0.70.4\\SonarHost.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"27553:TCP"= 27553:TCP:Windows Core Service
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/9/2012 4:41 PM 21992]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/2/2012 4:20 PM 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/2/2012 4:20 PM 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2012 8:58 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2012 8:58 AM 136176]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 12:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 08:58]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 08:58]
.
2012-03-04 c:\windows\Tasks\Pfrlrc.job
- c:\windows\system32\rdpwsx4.dll [2012-03-02 00:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Waxrose\Application Data\Mozilla\Firefox\Profiles\493kny1a.default\
FF - prefs.js: browser.startup.homepage - hxxp://battlelog.battlefield.com/bf3/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 09:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1660)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-03-04 09:27:34
ComboFix-quarantined-files.txt 2012-03-04 09:27
ComboFix2.txt 2012-03-02 22:12
.
Pre-Run: 36,990,504,960 bytes free
Post-Run: 37,018,857,472 bytes free
.
- - End Of File - - 981A41F42EC7FCCCB632678A630015C3

Edited by Dave Dewhurst, 04 March 2012 - 04:38 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 04 March 2012 - 05:06 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Dave Dewhurst

Dave Dewhurst
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 March 2012 - 05:41 AM

Logs below

TDSS LOG
10:15:45.0812 2864 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
10:15:45.0906 2864 ============================================================
10:15:45.0906 2864 Current date / time: 2012/03/04 10:15:45.0906
10:15:45.0906 2864 SystemInfo:
10:15:45.0906 2864
10:15:45.0906 2864 OS Version: 5.1.2600 ServicePack: 3.0
10:15:45.0906 2864 Product type: Workstation
10:15:45.0906 2864 ComputerName: DAVESPC
10:15:45.0906 2864 UserName: Waxrose
10:15:45.0906 2864 Windows directory: C:\WINDOWS
10:15:45.0906 2864 System windows directory: C:\WINDOWS
10:15:45.0906 2864 Processor architecture: Intel x86
10:15:45.0906 2864 Number of processors: 2
10:15:45.0906 2864 Page size: 0x1000
10:15:45.0906 2864 Boot type: Normal boot
10:15:45.0906 2864 ============================================================
10:15:49.0500 2864 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:15:49.0500 2864 \Device\Harddisk0\DR0:
10:15:49.0500 2864 MBR used
10:15:49.0500 2864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A7FAD
10:15:49.0531 2864 Initialize success
10:15:49.0531 2864 ============================================================
10:15:56.0890 0852 ============================================================
10:15:56.0890 0852 Scan started
10:15:56.0890 0852 Mode: Manual;
10:15:56.0890 0852 ============================================================
10:15:57.0421 0852 Abiosdsk - ok
10:15:57.0562 0852 abp480n5 - ok
10:15:57.0750 0852 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:15:57.0765 0852 ACPI - ok
10:15:57.0968 0852 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:15:57.0968 0852 ACPIEC - ok
10:15:58.0156 0852 adpu160m - ok
10:15:58.0343 0852 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:15:58.0343 0852 aec - ok
10:15:58.0531 0852 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:15:58.0531 0852 AFD - ok
10:15:58.0765 0852 Aha154x - ok
10:15:58.0906 0852 aic78u2 - ok
10:15:59.0046 0852 aic78xx - ok
10:15:59.0343 0852 ALCXWDM (93f93a8e3e14cbbf1ce9a5af1a70c095) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
10:15:59.0468 0852 ALCXWDM - ok
10:15:59.0656 0852 AliIde - ok
10:15:59.0796 0852 amsint - ok
10:15:59.0937 0852 asc - ok
10:16:00.0093 0852 asc3350p - ok
10:16:00.0234 0852 asc3550 - ok
10:16:00.0453 0852 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:16:00.0453 0852 AsyncMac - ok
10:16:00.0656 0852 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:16:00.0656 0852 atapi - ok
10:16:00.0812 0852 Atdisk - ok
10:16:01.0171 0852 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:16:01.0312 0852 ati2mtag - ok
10:16:01.0515 0852 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:16:01.0515 0852 Atmarpc - ok
10:16:01.0718 0852 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:16:01.0718 0852 audstub - ok
10:16:01.0921 0852 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:16:01.0921 0852 Beep - ok
10:16:02.0046 0852 catchme - ok
10:16:02.0265 0852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:16:02.0265 0852 cbidf2k - ok
10:16:02.0437 0852 cd20xrnt - ok
10:16:02.0625 0852 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:16:02.0625 0852 Cdaudio - ok
10:16:02.0812 0852 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:16:02.0812 0852 Cdfs - ok
10:16:03.0000 0852 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:16:03.0000 0852 Cdrom - ok
10:16:03.0140 0852 Changer - ok
10:16:03.0328 0852 CmdIde - ok
10:16:03.0515 0852 Cpqarray - ok
10:16:03.0718 0852 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
10:16:03.0718 0852 cpuz135 - ok
10:16:03.0906 0852 dac2w2k - ok
10:16:04.0046 0852 dac960nt - ok
10:16:04.0265 0852 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:16:04.0265 0852 Disk - ok
10:16:04.0468 0852 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:16:04.0500 0852 dmboot - ok
10:16:04.0750 0852 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:16:04.0750 0852 dmio - ok
10:16:04.0968 0852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:16:04.0968 0852 dmload - ok
10:16:05.0156 0852 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:16:05.0156 0852 DMusic - ok
10:16:05.0343 0852 dpti2o - ok
10:16:05.0546 0852 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:16:05.0546 0852 drmkaud - ok
10:16:05.0796 0852 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:16:05.0796 0852 Fastfat - ok
10:16:06.0031 0852 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:16:06.0031 0852 Fdc - ok
10:16:06.0234 0852 FETND5BV (a7415a0edf891613f0f27e2d56976f13) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
10:16:06.0250 0852 FETND5BV - ok
10:16:06.0437 0852 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
10:16:06.0437 0852 FETNDIS - ok
10:16:06.0671 0852 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:16:06.0671 0852 Fips - ok
10:16:06.0906 0852 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:16:06.0906 0852 Flpydisk - ok
10:16:07.0140 0852 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:16:07.0140 0852 FltMgr - ok
10:16:07.0406 0852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:16:07.0406 0852 Fs_Rec - ok
10:16:07.0703 0852 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:16:07.0703 0852 Ftdisk - ok
10:16:07.0921 0852 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:16:07.0921 0852 Gpc - ok
10:16:08.0156 0852 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:16:08.0156 0852 hidusb - ok
10:16:08.0312 0852 hpn - ok
10:16:08.0531 0852 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:16:08.0531 0852 HTTP - ok
10:16:08.0734 0852 i2omgmt - ok
10:16:08.0875 0852 i2omp - ok
10:16:09.0078 0852 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
10:16:09.0078 0852 i8042prt - ok
10:16:09.0265 0852 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:16:09.0265 0852 Imapi - ok
10:16:09.0453 0852 ini910u - ok
10:16:09.0609 0852 IntelIde - ok
10:16:09.0796 0852 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:16:09.0796 0852 intelppm - ok
10:16:09.0968 0852 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:16:09.0968 0852 Ip6Fw - ok
10:16:10.0171 0852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:16:10.0171 0852 IpFilterDriver - ok
10:16:10.0375 0852 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:16:10.0375 0852 IpInIp - ok
10:16:10.0578 0852 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:16:10.0578 0852 IpNat - ok
10:16:10.0812 0852 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:16:10.0812 0852 IPSec - ok
10:16:11.0031 0852 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:16:11.0031 0852 IRENUM - ok
10:16:11.0265 0852 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:16:11.0265 0852 isapnp - ok
10:16:11.0453 0852 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:16:11.0453 0852 Kbdclass - ok
10:16:11.0640 0852 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:16:11.0640 0852 kbdhid - ok
10:16:11.0828 0852 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:16:11.0828 0852 kmixer - ok
10:16:12.0015 0852 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
10:16:12.0015 0852 KMWDFILTER - ok
10:16:12.0203 0852 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:16:12.0203 0852 KSecDD - ok
10:16:12.0390 0852 lbrtfdc - ok
10:16:12.0609 0852 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
10:16:12.0625 0852 MBAMProtector - ok
10:16:12.0859 0852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:16:12.0859 0852 mnmdd - ok
10:16:13.0046 0852 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:16:13.0046 0852 Modem - ok
10:16:13.0250 0852 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:16:13.0250 0852 Mouclass - ok
10:16:13.0421 0852 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:16:13.0421 0852 mouhid - ok
10:16:13.0656 0852 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:16:13.0656 0852 MountMgr - ok
10:16:13.0812 0852 mraid35x - ok
10:16:14.0000 0852 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:16:14.0000 0852 MRxDAV - ok
10:16:14.0203 0852 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:16:14.0218 0852 MRxSmb - ok
10:16:14.0453 0852 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:16:14.0468 0852 Msfs - ok
10:16:14.0640 0852 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:16:14.0640 0852 MSKSSRV - ok
10:16:14.0828 0852 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:16:14.0828 0852 MSPCLOCK - ok
10:16:15.0015 0852 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:16:15.0015 0852 MSPQM - ok
10:16:15.0234 0852 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:16:15.0234 0852 mssmbios - ok
10:16:15.0406 0852 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
10:16:15.0406 0852 MTsensor - ok
10:16:15.0640 0852 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:16:15.0640 0852 Mup - ok
10:16:15.0828 0852 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:16:15.0843 0852 NDIS - ok
10:16:16.0015 0852 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:16:16.0015 0852 NdisTapi - ok
10:16:16.0187 0852 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:16:16.0187 0852 Ndisuio - ok
10:16:16.0375 0852 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:16:16.0390 0852 NdisWan - ok
10:16:16.0640 0852 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:16:16.0656 0852 NDProxy - ok
10:16:16.0843 0852 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:16:16.0843 0852 NetBIOS - ok
10:16:17.0015 0852 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:16:17.0031 0852 NetBT - ok
10:16:17.0250 0852 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:16:17.0250 0852 Npfs - ok
10:16:17.0453 0852 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:16:17.0500 0852 Ntfs - ok
10:16:17.0703 0852 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:16:17.0703 0852 Null - ok
10:16:17.0875 0852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:16:17.0875 0852 NwlnkFlt - ok
10:16:18.0062 0852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:16:18.0062 0852 NwlnkFwd - ok
10:16:18.0281 0852 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:16:18.0281 0852 Parport - ok
10:16:18.0515 0852 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:16:18.0515 0852 PartMgr - ok
10:16:18.0703 0852 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:16:18.0703 0852 ParVdm - ok
10:16:18.0890 0852 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:16:18.0890 0852 PCI - ok
10:16:19.0046 0852 PCIDump - ok
10:16:19.0234 0852 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:16:19.0234 0852 PCIIde - ok
10:16:19.0406 0852 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:16:19.0406 0852 Pcmcia - ok
10:16:19.0578 0852 PDCOMP - ok
10:16:19.0734 0852 PDFRAME - ok
10:16:19.0875 0852 PDRELI - ok
10:16:20.0031 0852 PDRFRAME - ok
10:16:20.0171 0852 perc2 - ok
10:16:20.0328 0852 perc2hib - ok
10:16:20.0546 0852 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:16:20.0546 0852 PptpMiniport - ok
10:16:20.0734 0852 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:16:20.0750 0852 PSched - ok
10:16:20.0937 0852 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:16:20.0937 0852 Ptilink - ok
10:16:21.0078 0852 ql1080 - ok
10:16:21.0250 0852 Ql10wnt - ok
10:16:21.0390 0852 ql12160 - ok
10:16:21.0578 0852 ql1240 - ok
10:16:21.0734 0852 ql1280 - ok
10:16:21.0937 0852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:16:21.0937 0852 RasAcd - ok
10:16:22.0156 0852 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:16:22.0156 0852 Rasl2tp - ok
10:16:22.0375 0852 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:16:22.0375 0852 RasPppoe - ok
10:16:22.0562 0852 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:16:22.0562 0852 Raspti - ok
10:16:22.0750 0852 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:16:22.0765 0852 Rdbss - ok
10:16:22.0984 0852 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:16:22.0984 0852 RDPCDD - ok
10:16:23.0187 0852 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:16:23.0187 0852 rdpdr - ok
10:16:23.0406 0852 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:16:23.0406 0852 RDPWD - ok
10:16:23.0625 0852 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:16:23.0625 0852 redbook - ok
10:16:23.0843 0852 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:16:23.0843 0852 Secdrv - ok
10:16:24.0046 0852 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:16:24.0046 0852 serenum - ok
10:16:24.0234 0852 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:16:24.0234 0852 Serial - ok
10:16:24.0437 0852 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:16:24.0437 0852 Sfloppy - ok
10:16:24.0593 0852 Simbad - ok
10:16:24.0781 0852 Sparrow - ok
10:16:24.0984 0852 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:16:24.0984 0852 splitter - ok
10:16:25.0234 0852 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\WINDOWS\System32\Drivers\sptd.sys
10:16:25.0234 0852 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
10:16:25.0234 0852 sptd ( LockedFile.Multi.Generic ) - warning
10:16:25.0234 0852 sptd - detected LockedFile.Multi.Generic (1)
10:16:25.0468 0852 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:16:25.0468 0852 sr - ok
10:16:25.0703 0852 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:16:25.0734 0852 Srv - ok
10:16:25.0968 0852 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:16:25.0968 0852 swenum - ok
10:16:26.0171 0852 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:16:26.0171 0852 swmidi - ok
10:16:26.0328 0852 symc810 - ok
10:16:26.0500 0852 symc8xx - ok
10:16:26.0656 0852 sym_hi - ok
10:16:26.0812 0852 sym_u3 - ok
10:16:27.0000 0852 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:16:27.0015 0852 sysaudio - ok
10:16:27.0250 0852 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:16:27.0265 0852 Tcpip - ok
10:16:27.0468 0852 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:16:27.0468 0852 TDPIPE - ok
10:16:27.0671 0852 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:16:27.0671 0852 TDTCP - ok
10:16:27.0890 0852 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:16:27.0890 0852 TermDD - ok
10:16:28.0046 0852 TosIde - ok
10:16:28.0281 0852 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
10:16:28.0281 0852 uagp35 - ok
10:16:28.0453 0852 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:16:28.0453 0852 Udfs - ok
10:16:28.0609 0852 ultra - ok
10:16:28.0828 0852 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:16:28.0859 0852 Update - ok
10:16:29.0109 0852 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:16:29.0109 0852 usbccgp - ok
10:16:29.0296 0852 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:16:29.0296 0852 usbehci - ok
10:16:29.0500 0852 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:16:29.0500 0852 usbhub - ok
10:16:29.0687 0852 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:16:29.0687 0852 USBSTOR - ok
10:16:29.0890 0852 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:16:29.0906 0852 usbuhci - ok
10:16:30.0078 0852 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:16:30.0078 0852 VgaSave - ok
10:16:30.0265 0852 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:16:30.0265 0852 ViaIde - ok
10:16:30.0437 0852 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys
10:16:30.0437 0852 videX32 - ok
10:16:30.0625 0852 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:16:30.0625 0852 VolSnap - ok
10:16:30.0859 0852 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:16:30.0859 0852 Wanarp - ok
10:16:31.0046 0852 WDICA - ok
10:16:31.0250 0852 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:16:31.0250 0852 wdmaud - ok
10:16:31.0500 0852 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:16:31.0500 0852 WS2IFSL - ok
10:16:31.0718 0852 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:16:31.0718 0852 WudfPf - ok
10:16:31.0906 0852 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:16:31.0921 0852 WudfRd - ok
10:16:32.0187 0852 xfilt (fcbc27869092850cdb75139f3818653a) C:\WINDOWS\system32\DRIVERS\xfilt.sys
10:16:32.0187 0852 xfilt - ok
10:16:32.0234 0852 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:16:32.0375 0852 \Device\Harddisk0\DR0 - ok
10:16:32.0406 0852 Boot (0x1200) (0121592796b656d5b93daf28f4a2194a) \Device\Harddisk0\DR0\Partition0
10:16:32.0406 0852 \Device\Harddisk0\DR0\Partition0 - ok
10:16:32.0406 0852 ============================================================
10:16:32.0406 0852 Scan finished
10:16:32.0406 0852 ============================================================
10:16:32.0421 2416 Detected object count: 1
10:16:32.0421 2416 Actual detected object count: 1
10:16:39.0734 2416 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:16:39.0734 2416 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

aswMBR LOG
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 10:17:41
-----------------------------
10:17:41.281 OS Version: Windows 5.1.2600 Service Pack 3
10:17:41.281 Number of processors: 2 586 0x407
10:17:41.281 ComputerName: DAVESPC UserName: Waxrose
10:17:41.656 Initialize success
10:18:27.500 AVAST engine defs: 12030301
10:18:32.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-a
10:18:32.609 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 78167MB BusType: 3
10:18:32.625 Disk 0 MBR read successfully
10:18:32.625 Disk 0 MBR scan
10:18:32.671 Disk 0 Windows XP default MBR code
10:18:32.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78159 MB offset 63
10:18:32.671 Disk 0 scanning sectors +160071660
10:18:32.734 Disk 0 scanning C:\WINDOWS\system32\drivers
10:18:49.859 Service scanning
10:19:14.328 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
10:19:22.015 Modules scanning
10:19:39.125 Disk 0 trace - called modules:
10:19:39.140 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys videX32.sys PCIIDEX.SYS
10:19:39.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86763ab8]
10:19:39.171 3 CLASSPNP.SYS[f786ffd7] -> nt!IofCallDriver -> \Device\0000006c[0x8677a9e8]
10:19:39.171 5 ACPI.sys[f76d6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-a[0x86778940]
10:19:39.406 AVAST engine scan C:\WINDOWS
10:19:56.515 AVAST engine scan C:\WINDOWS\system32
10:21:09.515 File: C:\WINDOWS\system32\rdpwsx4.dll **INFECTED** Win32:Diller-CJ [Trj]
10:23:27.234 AVAST engine scan C:\WINDOWS\system32\drivers
10:23:49.687 AVAST engine scan C:\Documents and Settings\Waxrose
10:35:28.859 AVAST engine scan C:\Documents and Settings\All Users
10:37:30.109 Scan finished successfully
10:39:04.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Waxrose\Desktop\virus\MBR.dat"
10:39:04.984 The log file has been saved successfully to "C:\Documents and Settings\Waxrose\Desktop\virus\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 04 March 2012 - 12:30 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\WINDOWS\system32\rdpwsx4.dll
c:\windows\Tasks\Pfrlrc.job

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Dave Dewhurst

Dave Dewhurst
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 March 2012 - 12:59 PM

Combofix just hangs at the scanning phase, no HDD activity and clicking anything else freezes the computer and I need to hard reset.
Just tested Combofix without a script and that still works so its not Combofix.

Edited by Dave Dewhurst, 04 March 2012 - 01:10 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 04 March 2012 - 01:51 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Dave Dewhurst

Dave Dewhurst
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 March 2012 - 02:03 PM

OTL Log Below

OTL logfile created on: 3/4/2012 6:54:06 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Waxrose\Desktop\virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 510.77 Mb Available Physical Memory | 49.92% Memory free
2.40 Gb Paging File | 1.97 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 34.09 Gb Free Space | 44.66% Space Free | Partition Type: NTFS

Computer Name: DAVESPC | User Name: Waxrose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Waxrose\Desktop\virus\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe ()
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3693.42470__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3693.42470__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (cpuz135) -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys (CPUID)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (KMWDFILTER) -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2000478354-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2000478354-1844237615-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2000478354-1844237615-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2000478354-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://battlelog.battlefield.com/bf3/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 12:40:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/12 11:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Waxrose\Application Data\Mozilla\Extensions
[2012/02/18 12:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/18 12:40:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/08 17:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/08 17:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/02 22:03:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2000478354-1844237615-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1844237615-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39B70D6F-1AED-47DA-9678-540D5FEADDD9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Waxrose\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Waxrose\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/09 00:18:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/04 18:15:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/04 18:13:17 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/04 17:34:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/04 17:33:24 | 004,425,722 | R--- | C] (Swearware) -- C:\Documents and Settings\Waxrose\Desktop\ComboFix.exe
[2012/03/04 16:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\StarCalc
[2012/03/04 16:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\Start Menu\Programs\StarCalc
[2012/03/04 16:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\Desktop\sc573en
[2012/03/04 13:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\Local Settings\Application Data\ESN Sonar
[2012/03/02 22:56:43 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/03/02 22:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/03/02 22:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\Desktop\virus
[2012/03/02 21:49:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/02 21:48:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/02 21:48:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/02 21:48:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/02 21:48:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/02 21:47:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/02 21:47:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/02 21:47:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Waxrose\Start Menu\Programs\Administrative Tools
[2012/03/02 21:37:55 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Waxrose\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/02 16:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\Start Menu\Programs\HiJackThis
[2012/03/02 16:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/02 16:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/02 16:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\Application Data\Malwarebytes
[2012/03/02 16:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/02 16:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/02 16:20:03 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/02 16:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/02 13:22:53 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/03/02 13:20:32 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.3bce.deleteme
[2012/03/02 13:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/03/02 12:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\My Documents\Anti-Malware
[2012/03/02 08:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/02 08:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/02 08:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/02/20 21:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\vw
[2012/02/20 21:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Visual Trace Route
[2012/02/20 21:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\Application Data\NetStats
[2012/02/20 00:17:31 | 000,088,064 | ---- | C] (BC Software) -- C:\Documents and Settings\Waxrose\Desktop\uotrace.exe
[2012/02/16 02:12:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/02/16 02:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/02/16 02:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/16 02:11:50 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/02/16 02:11:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/02/16 02:11:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/02/16 02:11:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/02/16 02:11:50 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/02/16 02:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/16 02:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\Application Data\Sun
[2012/02/12 11:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\Local Settings\Application Data\Mozilla
[2012/02/12 11:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\Application Data\Mozilla
[2012/02/12 11:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/02/10 10:12:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Waxrose\IECompatCache
[2012/02/07 12:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2012/02/07 12:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/02/05 22:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\Local Settings\Application Data\SKIDROW
[2012/02/05 22:05:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/02/05 22:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AGEIA
[2012/02/05 22:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2012/02/05 22:05:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2012/02/05 22:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/02/05 22:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RailSimulator.com
[2012/02/05 21:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\RailSimulator.com
[2012/02/05 21:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2012/02/05 14:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Waxrose\My Documents\Chainlink
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 18:25:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/04 18:25:46 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/04 18:25:25 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Pfrlrc.job
[2012/03/04 18:25:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/04 17:08:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/04 16:41:34 | 000,781,730 | ---- | M] () -- C:\Documents and Settings\Waxrose\Desktop\sc573en.zip
[2012/03/04 09:10:05 | 004,425,722 | R--- | M] (Swearware) -- C:\Documents and Settings\Waxrose\Desktop\ComboFix.exe
[2012/03/03 10:13:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/02 22:56:43 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/03/02 22:03:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/02 21:38:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/02 21:38:21 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Waxrose\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/02 16:49:52 | 000,001,988 | ---- | M] () -- C:\Documents and Settings\Waxrose\Desktop\HiJackThis.lnk
[2012/03/02 13:26:24 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/03/02 13:20:06 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.3bce.deleteme
[2012/03/02 12:49:04 | 000,298,971 | ---- | M] () -- C:\Documents and Settings\Waxrose\Local Settings\Application Data\census.cache
[2012/03/02 12:49:02 | 000,176,845 | ---- | M] () -- C:\Documents and Settings\Waxrose\Local Settings\Application Data\ars.cache
[2012/03/02 10:18:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Waxrose\Local Settings\Application Data\housecall.guid.cache
[2012/03/02 08:12:53 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Waxrose\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/02 08:12:53 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Waxrose\Desktop\Spybot - Search & Destroy.lnk
[2012/03/02 00:27:24 | 000,150,016 | RHS- | M] () -- C:\WINDOWS\System32\rdpwsx4.dll
[2012/03/01 09:51:57 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Waxrose\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/21 13:49:38 | 000,000,460 | ---- | M] () -- C:\Documents and Settings\Waxrose\Desktop\UOTRACE.INI
[2012/02/20 00:17:34 | 000,088,064 | ---- | M] (BC Software) -- C:\Documents and Settings\Waxrose\Desktop\uotrace.exe
[2012/02/16 02:11:37 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/02/16 02:11:37 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/02/16 02:11:37 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/02/16 02:11:37 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/02/16 02:11:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/02/16 01:07:56 | 003,566,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 19:06:55 | 000,484,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/15 19:06:55 | 000,080,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/15 19:01:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/12 21:01:56 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Waxrose\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/12 13:31:09 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\Waxrose\My Documents\ax_files.xml
[2012/02/12 11:54:24 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/12 11:53:38 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Waxrose\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/12 11:53:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/07 12:01:14 | 012,461,031 | ---- | M] ( ) -- C:\Documents and Settings\Waxrose\Desktop\K-Lite_Codec_Pack_830_Standard.exe
[2012/02/05 22:22:40 | 000,699,729 | ---- | M] () -- C:\Program Files\RailSimulatorc.TgPcDx
[2012/02/05 22:22:39 | 005,593,133 | ---- | M] () -- C:\Program Files\RailSimulator.TgPcDx
[2012/02/05 22:04:26 | 000,001,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RailWorks 2.lnk
[2012/02/05 21:59:24 | 000,000,046 | ---- | M] () -- C:\WINDOWS\ACE.Ini
[2012/02/05 15:10:11 | 000,547,487 | ---- | M] () -- C:\Documents and Settings\Waxrose\My Documents\Chainlink.rar
[2012/02/05 14:55:32 | 000,551,651 | ---- | M] () -- C:\Documents and Settings\Waxrose\Desktop\Chainlink.rar
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/04 16:41:22 | 000,781,730 | ---- | C] () -- C:\Documents and Settings\Waxrose\Desktop\sc573en.zip
[2012/03/02 21:49:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/02 21:49:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/02 21:48:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/02 21:48:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/02 21:48:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/02 21:48:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/02 21:48:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/02 16:49:51 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\Waxrose\Desktop\HiJackThis.lnk
[2012/03/02 16:20:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/02 10:27:02 | 000,298,971 | ---- | C] () -- C:\Documents and Settings\Waxrose\Local Settings\Application Data\census.cache
[2012/03/02 10:26:43 | 000,176,845 | ---- | C] () -- C:\Documents and Settings\Waxrose\Local Settings\Application Data\ars.cache
[2012/03/02 10:18:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Waxrose\Local Settings\Application Data\housecall.guid.cache
[2012/03/02 08:12:53 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Waxrose\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/02 08:12:53 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Waxrose\Desktop\Spybot - Search & Destroy.lnk
[2012/03/02 00:27:24 | 000,150,016 | RHS- | C] () -- C:\WINDOWS\System32\rdpwsx4.dll
[2012/03/02 00:27:24 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\Pfrlrc.job
[2012/02/20 01:08:16 | 000,000,460 | ---- | C] () -- C:\Documents and Settings\Waxrose\Desktop\UOTRACE.INI
[2012/02/15 11:53:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 11:53:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/12 11:53:38 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Waxrose\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/12 11:53:38 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/12 11:53:38 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/07 12:01:45 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/07 12:01:04 | 012,461,031 | ---- | C] ( ) -- C:\Documents and Settings\Waxrose\Desktop\K-Lite_Codec_Pack_830_Standard.exe
[2012/02/07 11:40:39 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Waxrose\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/05 22:11:01 | 000,699,729 | ---- | C] () -- C:\Program Files\RailSimulatorc.TgPcDx
[2012/02/05 22:10:59 | 005,593,133 | ---- | C] () -- C:\Program Files\RailSimulator.TgPcDx
[2012/02/05 22:04:26 | 000,001,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RailWorks 2.lnk
[2012/02/05 21:45:00 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\Waxrose\My Documents\ax_files.xml
[2012/02/05 15:10:11 | 000,547,487 | ---- | C] () -- C:\Documents and Settings\Waxrose\My Documents\Chainlink.rar
[2012/02/05 14:55:31 | 000,551,651 | ---- | C] () -- C:\Documents and Settings\Waxrose\Desktop\Chainlink.rar
[2012/01/27 22:40:23 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Waxrose\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/01/22 21:10:46 | 000,000,046 | ---- | C] () -- C:\WINDOWS\ACE.Ini
[2012/01/21 14:25:33 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2012/01/11 12:38:05 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Waxrose\Application Data\Adobe Targa Format CS5 Prefs
[2012/01/09 23:46:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/09 23:43:03 | 003,566,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/09 16:45:23 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2012/01/09 16:45:13 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/01/09 16:44:46 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/01/09 16:44:38 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2012/01/09 16:42:07 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2012/01/09 16:42:05 | 000,013,939 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/01/09 16:42:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2012/01/09 16:26:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/01/09 16:24:21 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/01/09 00:21:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/09 00:15:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 04 March 2012 - 02:16 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    :otl
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    [2012/03/02 00:27:24 | 000,150,016 | RHS- | M] () -- C:\WINDOWS\System32\rdpwsx4.dll  
    [2012/03/04 18:25:25 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Pfrlrc.job
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Dave Dewhurst

Dave Dewhurst
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 March 2012 - 03:18 PM

I had to run OTL in Safe mode to get it to not hang,
but it seemed to run OK in Safe mode
Report below

Tried a few search results on FF and they dont seem to be getting redirected, Fingers crossed

All processes killed
========== OTL ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
File move failed. C:\WINDOWS\system32\rdpwsx4.dll scheduled to be moved on reboot.
C:\WINDOWS\tasks\Pfrlrc.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Waxrose\Desktop\virus\cmd.bat deleted successfully.
C:\Documents and Settings\Waxrose\Desktop\virus\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5242236 bytes
->Flash cache emptied: 56958 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Waxrose
->Temp folder emptied: 52373319 bytes
->Temporary Internet Files folder emptied: 125385984 bytes
->Java cache emptied: 177454 bytes
->FireFox cache emptied: 896245319 bytes
->Flash cache emptied: 8210408 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,040.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Waxrose
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Waxrose
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.35.1 log created on 03042012_200702

Files\Folders moved on Reboot...
C:\WINDOWS\system32\rdpwsx4.dll moved successfully.

Registry entries deleted on Reboot...

Edited by Dave Dewhurst, 04 March 2012 - 03:20 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 04 March 2012 - 04:06 PM

How are things running now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Dave Dewhurst

Dave Dewhurst
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 March 2012 - 04:12 PM

I ve been using a mixture of IE and FF and havent had any redirects since running OTL with your script.
Malwarebytes has also stopped reporting blocked outgoing requests.

Just checked windows firewall again. I mentioned earlier something had turned it off, it was off again so I switched it back on and will keep an eye on it

Edited by Dave Dewhurst, 04 March 2012 - 04:33 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 04 March 2012 - 04:39 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Dave Dewhurst

Dave Dewhurst
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 March 2012 - 04:48 PM

3dsmax ancillary install
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.1.2)
AGEIA PhysX v6.10.25
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Autodesk 3ds Max 9 32-bit
Autodesk DWF Viewer 7
Backburner
Battlelog Web Plugins
BitTorrent
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CPUID CPU-Z 1.59
ESN Sonar
FBX Plugin 2006.08 for Max 9.0
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java™ 6 Update 31
Jigsaw Puzzle Platinum
K-Lite Codec Pack 8.3.0 (Standard)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 10.0.2 (x86 en-US)
NVIDIA Photoshop Plug-ins
Origin
PDF Settings CS5
Platform
RailWorks 2
Realtek AC'97 Audio
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skins
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.10 (32-bit)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users