Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

blocked access to potentialy malicious website: 206.161.121.5 Type: outgoing


  • This topic is locked This topic is locked
22 replies to this topic

#1 michaelbajko

michaelbajko

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 16 March 2012 - 01:22 AM

Kia Ora! thanks for your good work!
Please note: no attach.txt appeared from DDS.
Cheers Michael

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by michael at 19:01:14 on 2012-03-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1224 [GMT 13:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe
C:\PROGRA~1\Uniblue\POWERS~1\powersuite.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\UCT\HDR Expose\HDRExposeService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\PROGRA~1\Uniblue\SPEEDU~1\sump.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe
C:\Program Files\PTGui\PTGui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\michael\My Documents\Downloads\gmer\gmer.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.nz/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs5.1\Bridge.exe" -stealth
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [PowerSuite] "c:\progra~1\uniblue\powers~1\launcher.exe" delay 20000 -m
mRun: [EPSON Stylus Photo R1800] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9LE.EXE /P24 "EPSON Stylus Photo R1800" /O6 "USB001" /M "Stylus Photo R1800"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hueypr~1.lnk - c:\program files\pantone\hueypro\hueyPROTray.exe
uPolicies-explorer: NoCommonGroups = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292027784282
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292029916656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 122.56.237.1 210.55.111.1
TCP: Interfaces\{C4566437-3CA2-4816-9EF6-FFEA5741FF38} : DhcpNameServer = 122.56.237.1 210.55.111.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michael\application data\mozilla\firefox\profiles\yoxih13r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R2 AcuWVSSchedulerv8;Acunetix WVS Scheduler v8;c:\program files\acunetix\web vulnerability scanner 8\WVSScheduler.exe [2012-2-16 911496]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-2-6 748440]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 HDRExposeService;HDRExposeService;c:\program files\uct\hdr expose\HDRExposeService.exe [2010-9-18 21784]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-2 652360]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-2-15 66560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-3-1 2214504]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-1-18 737184]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-2 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-27 136176]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2012-3-1 99416]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2012-3-1 555096]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2012-3-1 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2012-3-1 566360]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-27 136176]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Meipsvrv;Meipsvrv; [x]
.
=============== Created Last 30 ================
.
2012-03-16 04:43:02 3996672 ----a-w- C:\NH57599_2872_2572.tmp
2012-03-16 04:43:01 3997696 ----a-w- C:\NH630000_2872_2572.tmp
2012-03-16 04:43:01 3996672 ----a-w- C:\NH206998_2872_2572.tmp
2012-03-16 04:43:00 3997696 ----a-w- C:\NH366202_2872_2572.tmp
2012-03-16 04:41:49 75975680 ----a-w- C:\NH201019_2872_2572.tmp
2012-03-16 04:40:39 75975680 ----a-w- C:\NH385884_2872_2572.tmp
2012-03-16 04:40:38 75975680 ----a-w- C:\NH42188_2872_2572.tmp
2012-03-16 04:40:38 680448 ----a-w- C:\NH922616_2872_2572.tmp
2012-03-16 04:40:38 23040 ----a-w- C:\NH205432_2872_2572.tmp
2012-03-16 04:40:38 1008128 ----a-w- C:\NH477083_2872_2572.tmp
2012-03-16 04:40:26 75975680 ----a-w- C:\NH861326_2872_2572.tmp
2012-03-16 04:40:25 1008128 ----a-w- C:\NH662652_2872_2572.tmp
2012-03-16 04:40:24 680448 ----a-w- C:\NH907275_2872_2572.tmp
2012-03-16 04:40:23 680448 ----a-w- C:\NH451090_2872_2572.tmp
2012-03-16 04:40:22 23040 ----a-w- C:\NH650441_2872_2572.tmp
2012-03-16 04:40:21 1008128 ----a-w- C:\NH731431_2872_2572.tmp
2012-03-16 04:40:20 23040 ----a-w- C:\NH255169_2872_2572.tmp
2012-03-16 04:38:55 680448 ----a-w- C:\NH132657_2872_2572.tmp
2012-03-16 04:37:45 75975680 ----a-w- C:\NH663325_2872_2572.tmp
2012-03-16 04:37:41 680448 ----a-w- C:\NH786948_2872_2572.tmp
2012-03-16 04:37:41 1008128 ----a-w- C:\NH865156_2872_2572.tmp
2012-03-16 04:37:41 1008128 ----a-w- C:\NH634766_2872_2572.tmp
2012-03-16 04:37:40 680448 ----a-w- C:\NH592481_2872_2572.tmp
2012-03-16 04:37:38 1172992 ----a-w- C:\NH989025_2872_2572.tmp
2012-03-16 04:37:30 1527808 ----a-w- C:\NH140555_2872_2572.tmp
2012-03-16 04:37:06 75975680 ----a-w- C:\NH144620_2872_2572.tmp
2012-03-16 04:36:56 75975680 ----a-w- C:\NH313970_2872_2572.tmp
2012-03-16 04:36:51 0 ----a-w- C:\NH247989_2872_2572.tmp
2012-03-16 04:27:08 122880 ----a-w- C:\NH964344_2872_2572.tmp
2012-03-16 03:53:26 0 ----a-w- C:\NH951366_2872_2572.tmp
2012-03-16 03:53:25 0 ----a-w- C:\NH971260_2872_2572.tmp
2012-03-16 03:52:55 19921920 ----a-w- C:\NH155094_2872_2572.tmp
2012-03-16 03:52:52 19921920 ----a-w- C:\NH486735_2872_2572.tmp
2012-03-16 03:39:31 75975680 ----a-w- C:\NH450687_2872_2572.tmp
2012-03-16 03:38:16 75975680 ----a-w- C:\NH337223_2872_2572.tmp
2012-03-15 21:25:53 4608 ----a-w- C:\NH997521_2872_2572.tmp
2012-03-15 21:10:51 4608 ----a-w- C:\NH996826_2872_2572.tmp
2012-03-15 02:32:20 286720 ----a-w- c:\windows\iun506.exe
2012-03-15 02:32:18 -------- d-----w- c:\program files\PSP SpringVerb CM
2012-03-15 02:31:07 -------- d-----w- c:\program files\CM Vocoder
2012-03-15 02:30:02 -------- d-----w- c:\windows\Start Menu
2012-03-14 01:18:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-12 02:31:34 -------- d-----w- c:\documents and settings\michael\application data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-03-12 02:31:34 -------- d-----w- c:\documents and settings\michael\application data\Adobe Mini Bridge CS5.1
2012-03-08 04:03:04 -------- d-sha-r- C:\cmdcons
2012-03-08 03:50:34 98816 ----a-w- c:\windows\sed.exe
2012-03-08 03:50:34 518144 ----a-w- c:\windows\SWREG.exe
2012-03-08 03:50:34 256000 ----a-w- c:\windows\PEV.exe
2012-03-08 03:50:34 208896 ----a-w- c:\windows\MBR.exe
2012-03-08 03:49:11 -------- d-s---w- C:\ComboFix
2012-03-06 18:49:54 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-03-06 18:49:54 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-03-06 18:49:53 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-03-06 18:49:53 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-03-06 18:49:53 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-03-06 18:49:53 187352 ----a-w- c:\program files\mozilla firefox\nspr4.dll
2012-03-06 18:49:52 646104 ----a-w- c:\program files\mozilla firefox\nss3.dll
2012-03-06 18:49:52 371672 ----a-w- c:\program files\mozilla firefox\nssckbi.dll
2012-03-06 18:49:52 109528 ----a-w- c:\program files\mozilla firefox\nssdbm3.dll
2012-03-06 18:49:52 105432 ----a-w- c:\program files\mozilla firefox\nssutil3.dll
2012-03-05 03:19:33 -------- d-----w- c:\documents and settings\michael\local settings\application data\Nik Software
2012-03-05 03:19:33 -------- d-----w- c:\documents and settings\all users\application data\Nik Software
2012-03-05 03:19:31 -------- d-----w- c:\program files\Nik Software
2012-03-02 06:46:14 -------- d-----w- c:\documents and settings\michael\application data\Malwarebytes
2012-03-02 06:45:58 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-02 06:45:57 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 06:45:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-01 02:08:43 45056 ----a-w- c:\windows\system32\drivers\HECI.sys
2012-03-01 02:08:09 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2012-03-01 02:08:09 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2012-03-01 01:56:35 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2012-03-01 01:56:15 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2012-03-01 01:49:19 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-03-01 01:49:18 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-03-01 01:49:18 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-03-01 01:49:12 -------- d-----w- c:\program files\NVIDIA Corporation
2012-03-01 01:49:02 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2012-03-01 01:49:02 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2012-03-01 01:49:02 61440 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 01:49:02 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 01:49:02 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 01:49:02 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 01:45:21 -------- d-----w- c:\documents and settings\michael\application data\Pantone
2012-03-01 00:49:08 -------- d-----w- c:\program files\Orologi Solari
2012-02-29 02:16:07 -------- d-----w- C:\newlynn
2012-02-29 02:15:13 -------- d-----w- c:\program files\Microsoft Calculator Plus
2012-02-28 19:03:19 -------- d-----w- c:\program files\Citrix
2012-02-28 19:02:51 60304 ----a-w- c:\documents and settings\michael\g2mdlhlpx.exe
2012-02-27 03:40:18 -------- d-----w- c:\documents and settings\michael\application data\Usenet.nl
2012-02-27 03:40:12 -------- d-----w- c:\program files\Usenet.nl
2012-02-26 07:00:09 -------- d-----w- C:\Python32
2012-02-24 23:56:20 -------- d-----w- c:\documents and settings\michael\application data\YouTube Downloader
2012-02-21 22:36:49 -------- d-----w- c:\documents and settings\michael\application data\Search Settings
2012-02-21 22:36:44 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-02-21 22:36:44 -------- d-----w- c:\program files\common files\Spigot
2012-02-21 22:36:44 -------- d-----w- c:\program files\Application Updater
2012-02-21 22:36:17 -------- d-----w- c:\documents and settings\all users\application data\YouTube Downloader
2012-02-21 22:36:11 -------- d-----w- c:\program files\YouTube Downloader
2012-02-20 07:30:36 -------- d-----w- c:\documents and settings\michael\application data\MPC
2012-02-20 07:29:18 -------- d-----w- c:\documents and settings\michael\.JxBrowser
2012-02-20 07:29:15 -------- d-----w- c:\documents and settings\michael\.digilabs
2012-02-20 07:28:41 -------- d-----w- c:\program files\Pikto BOOKit
2012-02-18 01:01:43 -------- d-----w- c:\program files\WXTide32
2012-02-16 08:46:00 -------- d-----w- c:\documents and settings\michael\AcunetixScanner
2012-02-16 08:45:23 -------- d-----w- c:\program files\Acunetix
2012-02-16 08:45:05 -------- d-----w- c:\documents and settings\all users\application data\Acunetix WVS 8
2012-02-16 03:54:08 -------- d-----w- c:\program files\common files\FreeFrame
2012-02-15 09:31:13 -------- d-----w- c:\documents and settings\michael\local settings\application data\Cycling '74
2012-02-15 08:12:12 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 08:12:12 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-03-16 04:41:43 75975680 ----a-w- C:\NH133420_2872_2572.tmp
2012-03-16 04:39:46 75975680 ----a-w- C:\NH920872_2872_2572.tmp
2012-03-16 04:38:55 1008128 ----a-w- C:\NH53036_2872_2572.tmp
2012-03-15 21:32:40 4608 ----a-w- C:\NH862232_2872_2572.tmp
2012-03-15 21:25:53 4608 ----a-w- C:\NH960148_2872_2572.tmp
2012-03-15 21:10:51 4608 ----a-w- C:\NH955929_2872_2572.tmp
2012-03-14 01:18:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 02:04:35 86528 ----a-w- c:\windows\system32\SET111.tmp
2012-02-17 20:32:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
============= FINISH: 19:07:46.95 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-16 18:46:26
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\michael\LOCALS~1\Temp\aweoiuob.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{018B120E-D271-76C9-312C-606954507828}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{018B120E-D271-76C9-312C-606954507828}@iaklkpcgdnoeelbbpc 0x6B 0x61 0x6A 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{018B120E-D271-76C9-312C-606954507828}@haanifpnanhljjnj 0x6B 0x61 0x6A 0x6B ...

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:28 PM

Posted 16 March 2012 - 02:22 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.


Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 michaelbajko

michaelbajko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 16 March 2012 - 09:28 PM

Many thanks for your quick reply Gringo.
Have followed your instructions.
Done back up,
shut down security software,
downloaded combofix.
When double clicked,
produces small box with
scrolling green writing on black.
Takes 30-40 seconds.
(no Recovery Console request)
Extracts to
file 32788R22FWJFW IN THE C\: DIRECTORY
this file contains a copy of the directories as shown by My Computer.
That's it.
Where have I gone wrong?
Cheers Michael

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:28 PM

Posted 16 March 2012 - 09:47 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 michaelbajko

michaelbajko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 17 March 2012 - 03:00 AM

Kia Ora Gringo,
I disabled avg free addition in the start menu
restarted in safe mode
ran combofix
after awhile box appeared 'stop avg free addition'
I couldn't find it on taskmanager so
restarted in normal
uninstalled avg free addition
restarted in safe mode
ran combofix
again
after awhile box appeared 'stop avg free addition'
I ignored and carried on

Cheers Michael

ComboFix 12-03-16.05 - michael 17/03/2012 19:47:14.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.3027 [GMT 13:00]
Running from: c:\documents and settings\michael\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 256 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\michael\WINDOWS
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\SET111.tmp
c:\windows\system32\SETC2.tmp
c:\windows\system32\SETC4.tmp
c:\windows\system32\SETC8.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 04:30 . 2006-05-23 10:48 24576 ----a-w- c:\windows\system32\StkAUSD.dll
2012-03-17 04:00 . 2001-08-17 09:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2012-03-17 04:00 . 2001-08-17 09:36 99328 ----a-w- c:\windows\system32\srusd.dll
2012-03-17 04:00 . 2001-08-17 09:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2012-03-17 04:00 . 2001-08-17 09:36 71680 ----a-w- c:\windows\system32\fnfilter.dll
2012-03-17 03:27 . 2012-03-17 03:29 -------- d-----w- c:\documents and settings\michael\Application Data\Ulead Systems
2012-03-17 03:17 . 2010-05-28 04:43 25608 ----a-w- c:\windows\system32\drivers\StkCSam.sys
2012-03-17 03:17 . 2010-03-29 07:35 84616 ----a-w- c:\windows\StkUnist.exe
2012-03-17 03:15 . 2008-04-14 00:12 20992 ----a-w- c:\windows\system32\dshowext.ax
2012-03-17 03:12 . 2012-03-17 03:12 -------- d-----w- c:\program files\honestech VHS to DVD 2.0 SE
2012-03-17 03:11 . 2012-03-17 03:11 -------- d-----w- c:\program files\honestech
2012-03-17 03:00 . 2012-03-17 03:00 -------- d-----w- c:\windows\system32\windows media
2012-03-17 02:59 . 2012-03-17 03:00 -------- d--h--w- c:\windows\msdownld.tmp
2012-03-17 02:57 . 2012-03-17 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2012-03-17 02:57 . 2005-06-10 02:44 81920 ------r- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2012-03-17 02:57 . 2005-06-10 02:44 368640 ------r- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2012-03-17 02:57 . 2005-06-10 02:44 278528 ------r- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2012-03-17 02:57 . 2012-03-17 02:57 -------- d-----w- c:\program files\Windows Media Components
2012-03-17 02:56 . 2012-03-17 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2012-03-17 02:56 . 2012-03-17 02:56 -------- d-----w- c:\program files\Common Files\Ulead Systems
2012-03-17 02:56 . 2012-03-17 02:56 -------- d-----w- c:\program files\Ulead Systems
2012-03-16 09:07 . 2012-03-16 09:07 -------- d-----w- c:\program files\Cobian Backup 11
2012-03-15 02:32 . 2012-03-15 09:14 286720 ----a-w- c:\windows\iun506.exe
2012-03-15 02:32 . 2012-03-15 02:32 -------- d-----w- c:\program files\PSP SpringVerb CM
2012-03-15 02:31 . 2012-03-15 02:31 -------- d-----w- c:\program files\CM Vocoder
2012-03-15 02:30 . 2012-03-15 02:30 -------- d-----w- c:\windows\Start Menu
2012-03-14 01:20 . 2012-03-14 01:20 -------- d-----w- c:\program files\Common Files\Java
2012-03-14 01:18 . 2012-03-14 01:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-12 02:31 . 2012-03-12 02:31 -------- d-----w- c:\documents and settings\michael\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-03-12 02:31 . 2012-03-12 02:31 -------- d-----w- c:\documents and settings\michael\Application Data\Adobe Mini Bridge CS5.1
2012-03-06 18:49 . 2012-03-06 18:49 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-03-02 06:46 . 2012-03-02 06:46 -------- d-----w- c:\documents and settings\michael\Application Data\Malwarebytes
2012-03-02 06:45 . 2012-03-02 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-02 06:45 . 2012-03-02 06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-02 06:45 . 2011-12-10 02:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 02:08 . 2012-03-01 02:08 45056 ----a-w- c:\windows\system32\drivers\HECI.sys
2012-03-01 02:08 . 2008-04-13 18:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2012-03-01 02:08 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2012-03-01 01:56 . 2012-03-01 01:56 -------- d-----w- c:\documents and settings\UpdatusUser
2012-03-01 01:56 . 2012-03-01 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2012-03-01 01:56 . 2012-03-01 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2012-03-01 01:56 . 2011-05-20 17:01 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2012-03-01 01:49 . 2012-03-01 01:56 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-03-01 01:49 . 2012-03-01 01:56 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-03-01 01:49 . 2012-03-01 01:55 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-03-01 01:49 . 2012-03-01 01:56 -------- d-----w- c:\program files\NVIDIA Corporation
2012-03-01 01:49 . 2011-05-20 17:01 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2012-03-01 01:49 . 2011-05-20 17:01 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2012-03-01 01:49 . 2011-05-20 17:01 61440 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 01:49 . 2011-05-20 17:01 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 01:49 . 2011-05-20 17:01 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 01:49 . 2011-05-20 17:01 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 01:45 . 2012-03-01 01:45 -------- d-----w- c:\documents and settings\michael\Application Data\Pantone
2012-03-01 00:49 . 2012-03-01 00:49 -------- d-----w- c:\program files\Orologi Solari
2012-02-29 02:16 . 2012-02-29 05:18 -------- d-----w- C:\newlynn
2012-02-29 02:15 . 2012-02-29 02:15 -------- d-----w- c:\program files\Microsoft Calculator Plus
2012-02-28 19:03 . 2012-02-28 19:03 -------- d-----w- c:\program files\Citrix
2012-02-28 19:02 . 2012-02-28 19:02 60304 ------w- c:\documents and settings\michael\g2mdlhlpx.exe
2012-02-27 03:40 . 2012-03-05 07:55 -------- d-----w- c:\documents and settings\michael\Application Data\Usenet.nl
2012-02-27 03:40 . 2012-02-27 03:40 -------- d-----w- c:\program files\Usenet.nl
2012-02-26 07:00 . 2012-02-26 07:00 -------- d-----w- C:\Python32
2012-02-24 23:56 . 2012-02-24 23:56 -------- d-----w- c:\documents and settings\michael\Application Data\YouTube Downloader
2012-02-21 22:36 . 2012-02-21 22:37 -------- d-----w- c:\documents and settings\michael\Application Data\Search Settings
2012-02-21 22:36 . 2012-02-21 22:36 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-02-21 22:36 . 2012-02-21 22:36 -------- d-----w- c:\program files\Application Updater
2012-02-21 22:36 . 2012-02-21 22:36 -------- d-----w- c:\program files\Common Files\Spigot
2012-02-21 22:36 . 2012-02-21 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
2012-02-21 22:36 . 2012-02-21 22:36 -------- d-----w- c:\program files\YouTube Downloader
2012-02-20 07:30 . 2012-02-20 07:30 -------- d-----w- c:\documents and settings\michael\Application Data\MPC
2012-02-20 07:29 . 2012-02-20 07:29 -------- d-----w- c:\documents and settings\michael\.JxBrowser
2012-02-20 07:29 . 2012-02-20 07:29 -------- d-----w- c:\documents and settings\michael\.digilabs
2012-02-20 07:28 . 2012-02-20 07:28 -------- d-----w- c:\program files\Pikto BOOKit
2012-02-18 01:01 . 2012-02-18 01:01 -------- d-----w- c:\program files\WXTide32
2012-02-16 08:46 . 2012-02-29 08:35 -------- d-----w- c:\documents and settings\michael\AcunetixScanner
2012-02-16 08:45 . 2012-02-16 08:45 -------- d-----w- c:\program files\Acunetix
2012-02-16 08:45 . 2012-02-16 08:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Acunetix WVS 8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 01:18 . 2010-12-11 08:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-17 20:32 . 2011-05-22 01:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-13 00:52 . 2012-02-13 00:52 110080 ------w- c:\documents and settings\michael\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-02-13 00:52 . 2012-02-13 00:52 110080 ------w- c:\documents and settings\michael\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-02-13 00:52 . 2012-02-13 00:52 110080 ------w- c:\documents and settings\michael\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-02-03 09:22 . 2001-08-23 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 08:12 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-12-11 00:23 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-06 18:49 . 2012-03-02 20:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ------w- c:\documents and settings\michael\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ------w- c:\documents and settings\michael\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ------w- c:\documents and settings\michael\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ------w- c:\documents and settings\michael\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R1800"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE" [2004-09-08 98304]
"CTHelper"="CTHELPER.EXE" [2007-04-08 19456]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-20 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-20 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Cobian Backup 11 interface"="c:\program files\Cobian Backup 11\cbInterface.exe" [2012-03-14 4419584]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ&inst=NzctNjE2MzY0MTU0LVFJWDErMy1GMTBNMTBDKzItTElDKzExLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLUREVCs0Mjk0OTQ4Njg0LUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJEVCsxLVRCTisxLVUxMCsxLUwxME1JKzItRjEwTTEySU4rMQ&prod=90&ver=10.0.1424" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2010-12-11 1081344]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCommonGroups"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^michael^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\michael\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^michael^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\michael\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^michael^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\michael\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-09-05 17:04 2904984 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-09-05 17:04 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2008-04-01 00:21 61440 ----a-w- c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 05:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2011-03-02 09:35 12008296 ----a-w- c:\program files\Adobe\Adobe Bridge CS5.1\Bridge.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-11 19:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 16:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-17 12:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-07-01 21:03 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-06-12 16:20 127036 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 01:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-07 23:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2011-11-01 02:35 67448 ----a-w- c:\progra~1\Uniblue\POWERS~1\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 01:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-03 05:06 45056 ----a-w- c:\program files\Creative\SB Drive Det\SBDrvDet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2012-02-06 04:57 934240 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-06-22 02:21 1044480 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
2011-10-19 03:27 67960 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
2012-01-17 17:22 4767648 ----a-w- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 01:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 01:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\michael\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\xerox\\nwwia\\XrxFTPLt.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S2 AcuWVSSchedulerv8;Acunetix WVS Scheduler v8;c:\program files\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe [16/02/2012 9:45 p.m. 911496]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [6/02/2012 5:49 p.m. 748440]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [16/03/2012 10:07 p.m. 67584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 2:16 p.m. 130384]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files\Cobian Backup 11\cbService.exe [16/03/2012 10:07 p.m. 1131008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/04/2011 2:33 p.m. 136176]
S2 HDRExposeService;HDRExposeService;c:\program files\UCT\HDR Expose\HDRExposeService.exe [18/09/2010 6:23 a.m. 21784]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/03/2012 7:45 p.m. 652360]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [15/02/2011 11:11 p.m. 66560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1/03/2012 2:56 p.m. 2214504]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [18/01/2012 6:21 a.m. 737184]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [1/03/2012 3:04 p.m. 99416]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [1/03/2012 3:04 p.m. 555096]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [1/03/2012 3:04 p.m. 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [1/03/2012 3:04 p.m. 566360]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [6/05/2011 3:57 p.m. 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27/04/2011 2:33 p.m. 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/03/2012 7:45 p.m. 20464]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 2:37 p.m. 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 2:16 p.m. 753504]
S4 Meipsvrv;Meipsvrv; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 c:\windows\Tasks\AdobeAAMUpdater-1.0-FOTOBAJKO-1VGWT-michael.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-08-29 05:42]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 01:32]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 01:32]
.
2011-08-16 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-03-29 18:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 122.56.237.1 210.55.111.1
FF - ProfilePath - c:\documents and settings\michael\Application Data\Mozilla\Firefox\Profiles\yoxih13r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
MSConfigStartUp-nwiz - nwiz.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-17 20:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1482476501-1390067357-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1482476501-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{018B120E-D271-76C9-312C-606954507828}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaklkpcgdnoeelbbpc"=hex:6b,61,6a,6b,6d,6e,70,6a,66,66,6b,6d,63,6a,6c,68,63,6e,
66,65,61,69,00,00
"haanifpnanhljjnj"=hex:6b,61,6a,6b,6d,6e,70,6a,66,66,6b,6d,63,6a,6c,68,63,6e,
66,65,61,69,00,00
.
Completion time: 2012-03-17 20:46:31
ComboFix-quarantined-files.txt 2012-03-17 07:46
.
Pre-Run: 38,282,235,904 bytes free
Post-Run: 38,761,549,824 bytes free
.
- - End Of File - - 705FC79FA039502FC3CB6423C89DD33D

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:28 PM

Posted 17 March 2012 - 03:33 AM

be well

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 michaelbajko

michaelbajko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 17 March 2012 - 03:56 AM

Hi Gringo
Downloaded tdsskiller to desktop
can't get it to start
Michael

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:28 PM

Posted 17 March 2012 - 04:53 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 michaelbajko

michaelbajko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 17 March 2012 - 03:35 PM

Kia Ora Gringo
ran fixTDSkiller
'***infected MBR detected'
clicked repair button
repaired

TDSkiller worked!
Cheers Michael


09:31:12.0406 3004 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
09:31:13.0015 3004 ============================================================
09:31:13.0015 3004 Current date / time: 2012/03/18 09:31:13.0015
09:31:13.0015 3004 SystemInfo:
09:31:13.0015 3004
09:31:13.0015 3004 OS Version: 5.1.2600 ServicePack: 3.0
09:31:13.0015 3004 Product type: Workstation
09:31:13.0015 3004 ComputerName: FOTOBAJKO-1VGWT
09:31:13.0015 3004 UserName: michael
09:31:13.0015 3004 Windows directory: C:\WINDOWS
09:31:13.0015 3004 System windows directory: C:\WINDOWS
09:31:13.0015 3004 Processor architecture: Intel x86
09:31:13.0015 3004 Number of processors: 2
09:31:13.0015 3004 Page size: 0x1000
09:31:13.0015 3004 Boot type: Normal boot
09:31:13.0015 3004 ============================================================
09:31:14.0875 3004 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:31:14.0890 3004 Drive \Device\Harddisk1\DR2 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:31:15.0296 3004 \Device\Harddisk0\DR0:
09:31:15.0312 3004 MBR used
09:31:15.0312 3004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
09:31:15.0312 3004 \Device\Harddisk1\DR2:
09:31:15.0312 3004 MBR used
09:31:15.0312 3004 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
09:31:15.0421 3004 Initialize success
09:31:15.0421 3004 ============================================================
09:31:17.0656 3324 ============================================================
09:31:17.0656 3324 Scan started
09:31:17.0656 3324 Mode: Manual;
09:31:17.0656 3324 ============================================================
09:31:19.0046 3324 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
09:31:19.0062 3324 61883 - ok
09:31:19.0078 3324 Abiosdsk - ok
09:31:19.0093 3324 abp480n5 - ok
09:31:19.0125 3324 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:31:19.0125 3324 ACPI - ok
09:31:19.0171 3324 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:31:19.0187 3324 ACPIEC - ok
09:31:19.0343 3324 ADIHdAudAddService (307f5e03b02a3022d664c36d1ea25f2c) C:\WINDOWS\system32\drivers\ADIHdAud.sys
09:31:19.0343 3324 ADIHdAudAddService - ok
09:31:19.0437 3324 adpu160m - ok
09:31:19.0515 3324 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:31:19.0531 3324 aec - ok
09:31:19.0671 3324 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:31:19.0671 3324 AFD - ok
09:31:19.0687 3324 Aha154x - ok
09:31:19.0765 3324 aic78u2 - ok
09:31:19.0812 3324 aic78xx - ok
09:31:19.0843 3324 AliIde - ok
09:31:19.0890 3324 amsint - ok
09:31:20.0375 3324 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:31:20.0390 3324 Arp1394 - ok
09:31:20.0421 3324 asc - ok
09:31:20.0453 3324 asc3350p - ok
09:31:20.0468 3324 asc3550 - ok
09:31:20.0562 3324 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:31:20.0593 3324 AsyncMac - ok
09:31:20.0625 3324 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:31:20.0625 3324 atapi - ok
09:31:20.0703 3324 Atdisk - ok
09:31:20.0750 3324 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:31:20.0765 3324 Atmarpc - ok
09:31:20.0859 3324 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:31:20.0859 3324 audstub - ok
09:31:20.0937 3324 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
09:31:20.0968 3324 Avc - ok
09:31:21.0062 3324 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
09:31:21.0078 3324 BANTExt - ok
09:31:21.0203 3324 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:31:21.0218 3324 Beep - ok
09:31:21.0406 3324 catchme - ok
09:31:21.0468 3324 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:31:21.0484 3324 cbidf2k - ok
09:31:21.0531 3324 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:31:21.0546 3324 CCDECODE - ok
09:31:21.0562 3324 cd20xrnt - ok
09:31:21.0625 3324 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:31:21.0625 3324 Cdaudio - ok
09:31:21.0671 3324 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:31:21.0703 3324 Cdfs - ok
09:31:21.0718 3324 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:31:21.0718 3324 Cdrom - ok
09:31:21.0765 3324 Changer - ok
09:31:21.0812 3324 CmdIde - ok
09:31:21.0906 3324 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
09:31:21.0906 3324 COMMONFX - ok
09:31:22.0031 3324 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
09:31:22.0031 3324 COMMONFX.DLL - ok
09:31:22.0140 3324 Cpqarray - ok
09:31:22.0281 3324 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
09:31:22.0281 3324 CT20XUT.DLL - ok
09:31:22.0328 3324 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
09:31:22.0328 3324 ctac32k - ok
09:31:22.0375 3324 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
09:31:22.0375 3324 ctaud2k - ok
09:31:22.0437 3324 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
09:31:22.0453 3324 CTAUDFX - ok
09:31:22.0500 3324 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
09:31:22.0500 3324 CTAUDFX.DLL - ok
09:31:22.0562 3324 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
09:31:22.0578 3324 ctdvda2k - ok
09:31:22.0640 3324 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
09:31:22.0656 3324 CTEAPSFX.DLL - ok
09:31:22.0765 3324 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
09:31:22.0796 3324 CTEDSPFX.DLL - ok
09:31:22.0828 3324 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
09:31:22.0843 3324 CTEDSPIO.DLL - ok
09:31:22.0953 3324 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
09:31:22.0953 3324 CTEDSPSY.DLL - ok
09:31:23.0062 3324 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
09:31:23.0093 3324 CTERFXFX - ok
09:31:23.0125 3324 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
09:31:23.0140 3324 CTERFXFX.DLL - ok
09:31:23.0406 3324 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
09:31:23.0531 3324 CTEXFIFX.DLL - ok
09:31:23.0687 3324 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
09:31:23.0687 3324 CTHWIUT.DLL - ok
09:31:23.0765 3324 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
09:31:23.0765 3324 ctprxy2k - ok
09:31:24.0000 3324 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
09:31:24.0031 3324 CTSBLFX - ok
09:31:24.0218 3324 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
09:31:24.0218 3324 CTSBLFX.DLL - ok
09:31:24.0343 3324 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
09:31:24.0343 3324 ctsfm2k - ok
09:31:24.0390 3324 dac2w2k - ok
09:31:24.0421 3324 dac960nt - ok
09:31:24.0500 3324 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:31:24.0531 3324 Disk - ok
09:31:24.0671 3324 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:31:24.0703 3324 DLABOIOM - ok
09:31:24.0750 3324 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:31:24.0750 3324 DLACDBHM - ok
09:31:24.0906 3324 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
09:31:24.0906 3324 DLADResN - ok
09:31:25.0015 3324 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:31:25.0015 3324 DLAIFS_M - ok
09:31:25.0078 3324 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:31:25.0109 3324 DLAOPIOM - ok
09:31:25.0187 3324 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:31:25.0187 3324 DLAPoolM - ok
09:31:25.0296 3324 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:31:25.0312 3324 DLARTL_N - ok
09:31:25.0359 3324 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:31:25.0375 3324 DLAUDFAM - ok
09:31:25.0421 3324 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:31:25.0421 3324 DLAUDF_M - ok
09:31:25.0546 3324 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:31:25.0687 3324 dmboot - ok
09:31:25.0812 3324 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:31:25.0843 3324 dmio - ok
09:31:25.0968 3324 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:31:25.0968 3324 dmload - ok
09:31:26.0171 3324 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:31:26.0171 3324 DMusic - ok
09:31:26.0203 3324 dpti2o - ok
09:31:26.0312 3324 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:31:26.0328 3324 drmkaud - ok
09:31:26.0453 3324 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:31:26.0468 3324 DRVMCDB - ok
09:31:26.0531 3324 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:31:26.0531 3324 DRVNDDM - ok
09:31:26.0578 3324 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
09:31:26.0593 3324 e1express - ok
09:31:26.0687 3324 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
09:31:26.0687 3324 emupia - ok
09:31:26.0765 3324 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
09:31:26.0781 3324 esgiguard - ok
09:31:26.0828 3324 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:31:26.0828 3324 Fastfat - ok
09:31:26.0890 3324 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:31:26.0921 3324 Fdc - ok
09:31:26.0953 3324 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:31:26.0953 3324 Fips - ok
09:31:27.0000 3324 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:31:27.0000 3324 Flpydisk - ok
09:31:27.0015 3324 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:31:27.0031 3324 FltMgr - ok
09:31:27.0109 3324 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:31:27.0125 3324 Fs_Rec - ok
09:31:27.0250 3324 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:31:27.0281 3324 Ftdisk - ok
09:31:27.0484 3324 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
09:31:27.0515 3324 gameenum - ok
09:31:27.0687 3324 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:31:27.0703 3324 Gpc - ok
09:31:28.0031 3324 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
09:31:28.0046 3324 ha10kx2k - ok
09:31:28.0140 3324 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
09:31:28.0140 3324 hap16v2k - ok
09:31:28.0234 3324 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
09:31:28.0250 3324 hap17v2k - ok
09:31:28.0296 3324 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:31:28.0296 3324 HDAudBus - ok
09:31:28.0359 3324 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
09:31:28.0359 3324 HECI - ok
09:31:28.0468 3324 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:31:28.0484 3324 hidusb - ok
09:31:28.0531 3324 hpn - ok
09:31:28.0546 3324 hpt3xx - ok
09:31:28.0593 3324 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:31:28.0593 3324 HTTP - ok
09:31:28.0593 3324 i2omgmt - ok
09:31:28.0687 3324 i2omp - ok
09:31:28.0781 3324 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
09:31:28.0781 3324 i8042prt - ok
09:31:28.0796 3324 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
09:31:28.0796 3324 Imapi - ok
09:31:28.0812 3324 ini910u - ok
09:31:28.0859 3324 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:31:28.0859 3324 IntelIde - ok
09:31:29.0062 3324 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:31:29.0093 3324 intelppm - ok
09:31:29.0234 3324 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:31:29.0250 3324 ip6fw - ok
09:31:29.0359 3324 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:31:29.0390 3324 IpFilterDriver - ok
09:31:29.0515 3324 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:31:29.0531 3324 IpInIp - ok
09:31:29.0656 3324 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:31:29.0687 3324 IpNat - ok
09:31:29.0812 3324 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:31:29.0843 3324 IPSec - ok
09:31:29.0953 3324 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:31:29.0968 3324 IRENUM - ok
09:31:30.0140 3324 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:31:30.0171 3324 isapnp - ok
09:31:30.0234 3324 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:31:30.0265 3324 Kbdclass - ok
09:31:30.0437 3324 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:31:30.0453 3324 kbdhid - ok
09:31:30.0671 3324 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:31:30.0703 3324 kmixer - ok
09:31:30.0765 3324 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:31:30.0765 3324 KSecDD - ok
09:31:30.0812 3324 lbrtfdc - ok
09:31:30.0921 3324 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
09:31:30.0921 3324 MBAMProtector - ok
09:31:31.0062 3324 Meipsvrv - ok
09:31:31.0171 3324 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:31:31.0171 3324 mnmdd - ok
09:31:31.0265 3324 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:31:31.0296 3324 Modem - ok
09:31:31.0406 3324 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:31:31.0421 3324 Mouclass - ok
09:31:31.0531 3324 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:31:31.0531 3324 mouhid - ok
09:31:31.0640 3324 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:31:31.0640 3324 MountMgr - ok
09:31:31.0734 3324 mraid35x - ok
09:31:31.0843 3324 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:31:31.0890 3324 MRxDAV - ok
09:31:32.0046 3324 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:31:32.0093 3324 MRxSmb - ok
09:31:32.0187 3324 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
09:31:32.0203 3324 MSDV - ok
09:31:32.0296 3324 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:31:32.0328 3324 Msfs - ok
09:31:32.0531 3324 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:31:32.0562 3324 MSKSSRV - ok
09:31:32.0656 3324 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:31:32.0671 3324 MSPCLOCK - ok
09:31:32.0828 3324 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:31:32.0859 3324 MSPQM - ok
09:31:33.0000 3324 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:31:33.0000 3324 mssmbios - ok
09:31:33.0093 3324 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:31:33.0093 3324 MSTEE - ok
09:31:33.0171 3324 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:31:33.0187 3324 Mup - ok
09:31:33.0359 3324 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:31:33.0375 3324 NABTSFEC - ok
09:31:33.0500 3324 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:31:33.0531 3324 NDIS - ok
09:31:33.0609 3324 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:31:33.0625 3324 NdisIP - ok
09:31:33.0734 3324 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:31:33.0750 3324 NdisTapi - ok
09:31:33.0843 3324 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:31:33.0875 3324 Ndisuio - ok
09:31:33.0984 3324 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:31:34.0015 3324 NdisWan - ok
09:31:34.0125 3324 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:31:34.0140 3324 NDProxy - ok
09:31:34.0203 3324 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:31:34.0218 3324 NetBIOS - ok
09:31:34.0312 3324 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:31:34.0359 3324 NetBT - ok
09:31:34.0515 3324 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:31:34.0515 3324 NIC1394 - ok
09:31:34.0640 3324 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:31:34.0656 3324 Npfs - ok
09:31:34.0906 3324 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:31:34.0984 3324 Ntfs - ok
09:31:35.0109 3324 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:31:35.0140 3324 Null - ok
09:31:37.0343 3324 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:31:42.0265 3324 nv - ok
09:31:42.0453 3324 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:31:42.0484 3324 NwlnkFlt - ok
09:31:42.0640 3324 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:31:42.0656 3324 NwlnkFwd - ok
09:31:42.0734 3324 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:31:42.0765 3324 ohci1394 - ok
09:31:42.0968 3324 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
09:31:42.0968 3324 ossrv - ok
09:31:43.0140 3324 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:31:43.0156 3324 Parport - ok
09:31:43.0312 3324 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:31:43.0328 3324 PartMgr - ok
09:31:43.0531 3324 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:31:43.0546 3324 ParVdm - ok
09:31:43.0703 3324 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:31:43.0750 3324 PCI - ok
09:31:43.0859 3324 PCIDump - ok
09:31:44.0031 3324 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:31:44.0062 3324 PCIIde - ok
09:31:44.0250 3324 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:31:44.0250 3324 Pcmcia - ok
09:31:44.0312 3324 PDCOMP - ok
09:31:44.0359 3324 PDFRAME - ok
09:31:44.0390 3324 PDRELI - ok
09:31:44.0437 3324 PDRFRAME - ok
09:31:44.0484 3324 perc2 - ok
09:31:44.0515 3324 perc2hib - ok
09:31:44.0593 3324 Point32 (60a044879c4fa76314494f5fddc43b93) C:\WINDOWS\system32\DRIVERS\point32.sys
09:31:44.0593 3324 Point32 - ok
09:31:44.0687 3324 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:31:44.0687 3324 PptpMiniport - ok
09:31:44.0765 3324 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:31:44.0765 3324 Processor - ok
09:31:44.0828 3324 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:31:44.0859 3324 PSched - ok
09:31:44.0921 3324 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:31:44.0921 3324 Ptilink - ok
09:31:45.0000 3324 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:31:45.0000 3324 PxHelp20 - ok
09:31:45.0078 3324 ql1080 - ok
09:31:45.0140 3324 Ql10wnt - ok
09:31:45.0234 3324 ql12160 - ok
09:31:45.0312 3324 ql1240 - ok
09:31:45.0390 3324 ql1280 - ok
09:31:45.0515 3324 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:31:45.0531 3324 RasAcd - ok
09:31:45.0671 3324 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:31:45.0703 3324 Rasl2tp - ok
09:31:45.0781 3324 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:31:45.0812 3324 RasPppoe - ok
09:31:45.0953 3324 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:31:45.0968 3324 Raspti - ok
09:31:46.0109 3324 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:31:46.0156 3324 Rdbss - ok
09:31:46.0203 3324 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:31:46.0203 3324 RDPCDD - ok
09:31:46.0343 3324 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:31:46.0343 3324 rdpdr - ok
09:31:46.0484 3324 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:31:46.0484 3324 RDPWD - ok
09:31:46.0687 3324 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:31:46.0718 3324 redbook - ok
09:31:46.0781 3324 SANDRA - ok
09:31:46.0984 3324 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:31:47.0015 3324 Secdrv - ok
09:31:47.0125 3324 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:31:47.0140 3324 serenum - ok
09:31:47.0203 3324 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:31:47.0218 3324 Serial - ok
09:31:47.0328 3324 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:31:47.0359 3324 Sfloppy - ok
09:31:47.0453 3324 Simbad - ok
09:31:47.0578 3324 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:31:47.0609 3324 SLIP - ok
09:31:47.0656 3324 Sparrow - ok
09:31:47.0750 3324 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:31:47.0765 3324 splitter - ok
09:31:47.0859 3324 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:31:47.0906 3324 sr - ok
09:31:47.0953 3324 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:31:48.0015 3324 Srv - ok
09:31:48.0265 3324 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
09:31:48.0281 3324 StillCam - ok
09:31:48.0500 3324 StkAMini (36ed459e9130e6d07fa66faca1e491d0) C:\WINDOWS\system32\Drivers\StkAMini.sys
09:31:48.0531 3324 StkAMini - ok
09:31:48.0796 3324 StkScan (df29245097f6de1ca9861c75df7fbe42) C:\WINDOWS\system32\Drivers\StkScan.sys
09:31:48.0796 3324 StkScan - ok
09:31:48.0859 3324 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:31:48.0890 3324 streamip - ok
09:31:48.0968 3324 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:31:48.0984 3324 swenum - ok
09:31:49.0093 3324 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:31:49.0125 3324 swmidi - ok
09:31:49.0250 3324 symc810 - ok
09:31:49.0328 3324 symc8xx - ok
09:31:49.0437 3324 sym_hi - ok
09:31:49.0546 3324 sym_u3 - ok
09:31:49.0718 3324 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:31:49.0750 3324 sysaudio - ok
09:31:49.0984 3324 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:31:50.0062 3324 Tcpip - ok
09:31:50.0281 3324 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:31:50.0296 3324 TDPIPE - ok
09:31:50.0421 3324 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:31:50.0437 3324 TDTCP - ok
09:31:50.0562 3324 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:31:50.0578 3324 TermDD - ok
09:31:50.0640 3324 TosIde - ok
09:31:50.0765 3324 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:31:50.0781 3324 Udfs - ok
09:31:50.0812 3324 ultra - ok
09:31:51.0031 3324 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:31:51.0093 3324 Update - ok
09:31:51.0312 3324 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:31:51.0312 3324 usbaudio - ok
09:31:51.0453 3324 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:31:51.0468 3324 usbccgp - ok
09:31:51.0625 3324 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:31:51.0625 3324 usbehci - ok
09:31:51.0734 3324 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:31:51.0750 3324 usbhub - ok
09:31:51.0812 3324 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:31:51.0843 3324 usbprint - ok
09:31:51.0906 3324 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:31:51.0906 3324 usbscan - ok
09:31:52.0015 3324 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:31:52.0015 3324 usbstor - ok
09:31:52.0125 3324 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:31:52.0125 3324 usbuhci - ok
09:31:52.0203 3324 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:31:52.0218 3324 VgaSave - ok
09:31:52.0296 3324 ViaIde - ok
09:31:52.0375 3324 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:31:52.0390 3324 VolSnap - ok
09:31:52.0437 3324 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:31:52.0437 3324 Wanarp - ok
09:31:52.0640 3324 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:31:52.0640 3324 Wdf01000 - ok
09:31:52.0687 3324 WDICA - ok
09:31:52.0796 3324 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:31:52.0812 3324 wdmaud - ok
09:31:53.0000 3324 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:31:53.0015 3324 WS2IFSL - ok
09:31:53.0171 3324 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:31:53.0171 3324 WSTCODEC - ok
09:31:53.0265 3324 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:31:55.0250 3324 \Device\Harddisk0\DR0 - ok
09:31:55.0250 3324 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
09:31:55.0250 3324 \Device\Harddisk1\DR2 - ok
09:31:55.0265 3324 Boot (0x1200) (e79d5cb7c6750734ec4bb6971e932d38) \Device\Harddisk0\DR0\Partition0
09:31:55.0281 3324 \Device\Harddisk0\DR0\Partition0 - ok
09:31:55.0296 3324 Boot (0x1200) (90056e362fdeb20df6a4567fd5621407) \Device\Harddisk1\DR2\Partition0
09:31:55.0296 3324 \Device\Harddisk1\DR2\Partition0 - ok
09:31:55.0296 3324 ============================================================
09:31:55.0296 3324 Scan finished
09:31:55.0296 3324 ============================================================
09:31:55.0296 3316 Detected object count: 0
09:31:55.0296 3316 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:28 PM

Posted 17 March 2012 - 03:40 PM

Hello


try and run aswMBR now for me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 michaelbajko

michaelbajko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 17 March 2012 - 06:48 PM

Cheers Gringo

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-18 12:27:14
-----------------------------
12:27:14.593 OS Version: Windows 5.1.2600 Service Pack 3
12:27:14.593 Number of processors: 2 586 0xF0B
12:27:14.593 ComputerName: FOTOBAJKO-1VGWT UserName: michael
12:27:15.171 Initialize success
12:27:18.656 AVAST engine defs: 12031700
12:27:30.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
12:27:30.578 Disk 0 Vendor: WDC_WD2500AAJS-75VWA0 12.01B02 Size: 238418MB BusType: 3
12:27:30.640 Disk 0 MBR read successfully
12:27:30.640 Disk 0 MBR scan
12:27:30.640 Disk 0 Windows XP default MBR code
12:27:30.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
12:27:30.687 Disk 0 scanning sectors +268414020
12:27:30.828 Disk 0 scanning C:\WINDOWS\system32\drivers
12:27:59.625 Service scanning
12:28:17.203 Modules scanning
12:28:42.125 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
12:28:44.671 Disk 0 trace - called modules:
12:28:44.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
12:28:44.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aecbab8]
12:28:44.703 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8aeb8b00]
12:28:45.312 AVAST engine scan C:\WINDOWS
12:29:06.390 AVAST engine scan C:\WINDOWS\system32
12:35:24.234 AVAST engine scan C:\WINDOWS\system32\drivers
12:36:11.296 AVAST engine scan C:\Documents and Settings\michael
12:45:11.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\michael\Desktop\MBR.dat"
12:45:11.375 The log file has been saved successfully to "C:\Documents and Settings\michael\Desktop\aswMBR.txt"
12:46:29.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\michael\Desktop\MBR.dat"
12:46:29.015 The log file has been saved successfully to "C:\Documents and Settings\michael\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:28 PM

Posted 18 March 2012 - 01:27 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\documents and settings\michael\Application Data\Search Settings
c:\program files\YouTube Downloader Toolbar
c:\program files\Application Updater
c:\program files\Common Files\Spigot
c:\documents and settings\All Users\Application Data\YouTube Downloader

Driver::
Application Updater

RegNull::
[HKEY_USERS\S-1-5-21-1482476501-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{018B120E-D271-76C9-312C-606954507828}*]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 michaelbajko

michaelbajko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 18 March 2012 - 06:54 PM

Kia Ora Gringo,
I ran combofix with the script.
The report is below.
The computer is not sluggish anymore.
No notices re malware trying to contact out,
or in for that matter.
A much happier computer and user.
Many thanks to your expertise and persistence.
Cheers Michael

ComboFix 12-03-16.05 - michael 19/03/2012 11:53:38.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2848 [GMT 13:00]
Running from: c:\documents and settings\michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\michael\Desktop\CFScript.txt
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\YouTube Downloader
c:\documents and settings\All Users\Application Data\YouTube Downloader\scripts0.yds
c:\documents and settings\michael\Application Data\Search Settings
c:\documents and settings\michael\g2mdlhlpx.exe
c:\program files\Application Updater
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Application Updater\config.ini
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\wth.dll
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\install.rdf
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
c:\program files\YouTube Downloader Toolbar
c:\program files\YouTube Downloader Toolbar\FF\chrome.manifest
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\brwobj.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\chevron.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\chevron.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\JSWidget.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\login.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\login.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\parser.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\RadioWidget.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\RadioWidget.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\searchbox.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\searchbox.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\utils.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgichevron.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgicomm.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgihandling.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgiui.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\amazon.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\chevron.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\dailymotion.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\dropinsavings.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\dropinsavingsabt.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\ebay.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\facebook.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\googleplus.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\hulu.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\metacafe.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\radio-close.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\radio-minimize.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\radiobeta.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-button.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-wmrk-baidu.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-wmrk-yahoo.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-wmrk-yandex.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_baidu.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_yandex.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_youtube.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\searchbox.css
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\splitter.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\twitter.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\veoh.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\youtube.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\ytd.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\ytd_logo.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\ytd_logo_hover.gif
c:\program files\YouTube Downloader Toolbar\FF\install.rdf
c:\program files\YouTube Downloader Toolbar\IE\5.0\config.ini
c:\program files\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll
c:\program files\YouTube Downloader Toolbar\Res\amazon.gif
c:\program files\YouTube Downloader Toolbar\Res\dailymotion.gif
c:\program files\YouTube Downloader Toolbar\Res\dropinsavings.gif
c:\program files\YouTube Downloader Toolbar\Res\dropinsavingsabt.gif
c:\program files\YouTube Downloader Toolbar\Res\ebay.gif
c:\program files\YouTube Downloader Toolbar\Res\facebook.gif
c:\program files\YouTube Downloader Toolbar\Res\googleplus.gif
c:\program files\YouTube Downloader Toolbar\Res\hulu.gif
c:\program files\YouTube Downloader Toolbar\Res\icon_settings.gif
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1031.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1033.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1034.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1036.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1040.ini
c:\program files\YouTube Downloader Toolbar\Res\metacafe.gif
c:\program files\YouTube Downloader Toolbar\Res\radio-close.gif
c:\program files\YouTube Downloader Toolbar\Res\radio-minimize.gif
c:\program files\YouTube Downloader Toolbar\Res\radiobeta.gif
c:\program files\YouTube Downloader Toolbar\Res\search-button-hover.gif
c:\program files\YouTube Downloader Toolbar\Res\search-button.gif
c:\program files\YouTube Downloader Toolbar\Res\search-chevron-hover.gif
c:\program files\YouTube Downloader Toolbar\Res\search-chevron.gif
c:\program files\YouTube Downloader Toolbar\Res\search_amazon.gif
c:\program files\YouTube Downloader Toolbar\Res\search_baidu.gif
c:\program files\YouTube Downloader Toolbar\Res\search_ebay.gif
c:\program files\YouTube Downloader Toolbar\Res\search_yahoo.gif
c:\program files\YouTube Downloader Toolbar\Res\search_yandex.gif
c:\program files\YouTube Downloader Toolbar\Res\search_youtube.gif
c:\program files\YouTube Downloader Toolbar\Res\twitter.gif
c:\program files\YouTube Downloader Toolbar\Res\veoh.gif
c:\program files\YouTube Downloader Toolbar\Res\widgets.xml
c:\program files\YouTube Downloader Toolbar\Res\youtube.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd_logo.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd_logo_hover.gif
c:\program files\YouTube Downloader Toolbar\WidgiHelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APPLICATION_UPDATER
-------\Service_Application Updater
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-18 08:40 . 2012-03-18 08:40 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 08:40 . 2012-03-18 08:40 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-18 03:26 . 2012-03-18 03:26 -------- d-----w- c:\documents and settings\michael\Application Data\AVG2012
2012-03-18 03:17 . 2012-03-18 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-03-18 02:13 . 2012-03-18 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-03-18 02:13 . 2012-03-18 02:13 -------- d-----w- c:\program files\AVAST Software
2012-03-18 01:52 . 2012-03-18 01:52 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\WMTools Downloaded Files
2012-03-17 04:30 . 2006-05-23 10:48 24576 ----a-w- c:\windows\system32\StkAUSD.dll
2012-03-17 04:00 . 2001-08-17 09:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2012-03-17 04:00 . 2001-08-17 09:36 99328 ----a-w- c:\windows\system32\srusd.dll
2012-03-17 04:00 . 2001-08-17 09:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2012-03-17 04:00 . 2001-08-17 09:36 71680 ----a-w- c:\windows\system32\fnfilter.dll
2012-03-17 03:27 . 2012-03-17 03:29 -------- d-----w- c:\documents and settings\michael\Application Data\Ulead Systems
2012-03-17 03:17 . 2010-05-28 04:43 25608 ----a-w- c:\windows\system32\drivers\StkCSam.sys
2012-03-17 03:17 . 2010-03-29 07:35 84616 ----a-w- c:\windows\StkUnist.exe
2012-03-17 03:15 . 2008-04-14 00:12 20992 ----a-w- c:\windows\system32\dshowext.ax
2012-03-17 03:12 . 2012-03-17 03:12 -------- d-----w- c:\program files\honestech VHS to DVD 2.0 SE
2012-03-17 03:11 . 2012-03-17 03:11 -------- d-----w- c:\program files\honestech
2012-03-17 03:00 . 2012-03-17 03:00 -------- d-----w- c:\windows\system32\windows media
2012-03-17 02:59 . 2012-03-17 03:00 -------- d--h--w- c:\windows\msdownld.tmp
2012-03-17 02:57 . 2012-03-17 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2012-03-17 02:57 . 2005-06-10 02:44 81920 ------r- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2012-03-17 02:57 . 2005-06-10 02:44 368640 ------r- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2012-03-17 02:57 . 2005-06-10 02:44 278528 ------r- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2012-03-17 02:57 . 2012-03-17 02:57 -------- d-----w- c:\program files\Windows Media Components
2012-03-17 02:56 . 2012-03-17 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2012-03-17 02:56 . 2012-03-17 02:56 -------- d-----w- c:\program files\Common Files\Ulead Systems
2012-03-17 02:56 . 2012-03-17 02:56 -------- d-----w- c:\program files\Ulead Systems
2012-03-16 09:07 . 2012-03-16 09:07 -------- d-----w- c:\program files\Cobian Backup 11
2012-03-15 02:32 . 2012-03-15 09:14 286720 ----a-w- c:\windows\iun506.exe
2012-03-15 02:32 . 2012-03-15 02:32 -------- d-----w- c:\program files\PSP SpringVerb CM
2012-03-15 02:31 . 2012-03-15 02:31 -------- d-----w- c:\program files\CM Vocoder
2012-03-15 02:30 . 2012-03-15 02:30 -------- d-----w- c:\windows\Start Menu
2012-03-14 01:20 . 2012-03-14 01:20 -------- d-----w- c:\program files\Common Files\Java
2012-03-14 01:18 . 2012-03-14 01:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-12 02:31 . 2012-03-12 02:31 -------- d-----w- c:\documents and settings\michael\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-03-12 02:31 . 2012-03-12 02:31 -------- d-----w- c:\documents and settings\michael\Application Data\Adobe Mini Bridge CS5.1
2012-03-06 18:49 . 2012-03-18 08:40 818104 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-03-06 18:49 . 2012-03-18 08:40 187320 ----a-w- c:\program files\Mozilla Firefox\nspr4.dll
2012-03-06 18:49 . 2012-03-06 18:49 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-03-06 18:49 . 2012-03-06 18:49 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-06 18:49 . 2012-03-06 18:49 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-03-06 18:49 . 2012-03-18 08:40 646072 ----a-w- c:\program files\Mozilla Firefox\nss3.dll
2012-03-06 18:49 . 2012-03-18 08:40 371640 ----a-w- c:\program files\Mozilla Firefox\nssckbi.dll
2012-03-06 18:49 . 2012-03-18 08:40 109496 ----a-w- c:\program files\Mozilla Firefox\nssdbm3.dll
2012-03-06 18:49 . 2012-03-18 08:40 105400 ----a-w- c:\program files\Mozilla Firefox\nssutil3.dll
2012-03-05 03:19 . 2012-03-05 03:19 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Nik Software
2012-03-05 03:19 . 2012-03-05 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Nik Software
2012-03-05 03:19 . 2012-03-05 03:19 -------- d-----w- c:\program files\Nik Software
2012-03-02 06:46 . 2012-03-02 06:46 -------- d-----w- c:\documents and settings\michael\Application Data\Malwarebytes
2012-03-02 06:45 . 2012-03-02 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-02 06:45 . 2012-03-02 06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-02 06:45 . 2011-12-10 02:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 02:08 . 2012-03-01 02:08 45056 ----a-w- c:\windows\system32\drivers\HECI.sys
2012-03-01 02:08 . 2008-04-13 18:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2012-03-01 02:08 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2012-03-01 01:56 . 2012-03-01 01:56 -------- d-----w- c:\documents and settings\UpdatusUser
2012-03-01 01:56 . 2012-03-01 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2012-03-01 01:56 . 2012-03-01 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2012-03-01 01:56 . 2011-05-20 17:01 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2012-03-01 01:49 . 2012-03-01 01:56 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-03-01 01:49 . 2012-03-01 01:56 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-03-01 01:49 . 2012-03-01 01:55 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-03-01 01:49 . 2012-03-01 01:56 -------- d-----w- c:\program files\NVIDIA Corporation
2012-03-01 01:49 . 2011-05-20 17:01 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2012-03-01 01:49 . 2011-05-20 17:01 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2012-03-01 01:49 . 2011-05-20 17:01 61440 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 01:49 . 2011-05-20 17:01 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 01:49 . 2011-05-20 17:01 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 01:49 . 2011-05-20 17:01 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 01:45 . 2012-03-01 01:45 -------- d-----w- c:\documents and settings\michael\Application Data\Pantone
2012-03-01 00:49 . 2012-03-01 00:49 -------- d-----w- c:\program files\Orologi Solari
2012-02-29 02:16 . 2012-02-29 05:18 -------- d-----w- C:\newlynn
2012-02-29 02:15 . 2012-02-29 02:15 -------- d-----w- c:\program files\Microsoft Calculator Plus
2012-02-28 19:03 . 2012-02-28 19:03 -------- d-----w- c:\program files\Citrix
2012-02-27 03:40 . 2012-03-05 07:55 -------- d-----w- c:\documents and settings\michael\Application Data\Usenet.nl
2012-02-27 03:40 . 2012-02-27 03:40 -------- d-----w- c:\program files\Usenet.nl
2012-02-26 07:00 . 2012-02-26 07:00 -------- d-----w- C:\Python32
2012-02-24 23:56 . 2012-02-24 23:56 -------- d-----w- c:\documents and settings\michael\Application Data\YouTube Downloader
2012-02-21 22:36 . 2012-02-21 22:36 -------- d-----w- c:\program files\YouTube Downloader
2012-02-20 07:30 . 2012-02-20 07:30 -------- d-----w- c:\documents and settings\michael\Application Data\MPC
2012-02-20 07:29 . 2012-02-20 07:29 -------- d-----w- c:\documents and settings\michael\.JxBrowser
2012-02-20 07:29 . 2012-02-20 07:29 -------- d-----w- c:\documents and settings\michael\.digilabs
2012-02-20 07:28 . 2012-02-20 07:28 -------- d-----w- c:\program files\Pikto BOOKit
2012-02-18 01:01 . 2012-02-18 01:01 -------- d-----w- c:\program files\WXTide32
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 01:18 . 2010-12-11 08:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-17 20:32 . 2011-05-22 01:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-13 00:52 . 2012-02-13 00:52 110080 ------w- c:\documents and settings\michael\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-02-13 00:52 . 2012-02-13 00:52 110080 ------w- c:\documents and settings\michael\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-02-13 00:52 . 2012-02-13 00:52 110080 ------w- c:\documents and settings\michael\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-02-03 09:22 . 2001-08-23 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 08:12 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-12-11 00:23 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 08:40 . 2012-03-02 20:27 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-17_07.30.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-18 23:02 . 2012-03-18 23:02 16384 c:\windows\temp\Perflib_Perfdata_244.dat
+ 2012-03-18 23:02 . 2012-03-18 23:02 16384 c:\windows\temp\Perflib_Perfdata_1f8.dat
+ 2011-04-15 08:54 . 2007-07-27 10:11 16760 c:\windows\system32\spmsg.dll
+ 2012-03-18 02:16 . 2012-03-18 02:16 24064 c:\windows\Installer\abb4fb.msi
+ 2012-03-18 22:37 . 2012-03-18 22:37 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2012-03-18 03:21 . 2012-03-18 03:21 4698112 c:\windows\Installer\e4e38c.msi
+ 2012-03-18 03:16 . 2012-03-18 03:16 2186240 c:\windows\Installer\e4e388.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ------w- c:\documents and settings\michael\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ------w- c:\documents and settings\michael\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ------w- c:\documents and settings\michael\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ------w- c:\documents and settings\michael\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R1800"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE" [2004-09-08 98304]
"CTHelper"="CTHELPER.EXE" [2007-04-08 19456]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-20 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-20 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2010-12-11 1081344]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCommonGroups"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^michael^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\michael\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^michael^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\michael\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^michael^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\michael\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-09-05 17:04 2904984 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-09-05 17:04 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2008-04-01 00:21 61440 ----a-w- c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 05:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2011-03-02 09:35 12008296 ----a-w- c:\program files\Adobe\Adobe Bridge CS5.1\Bridge.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-11 19:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 16:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
c:\program files\AVG\AVG2012\avgtray.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 11 interface]
2012-03-14 00:02 4419584 ----a-w- c:\program files\Cobian Backup 11\cbInterface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-17 12:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-07-01 21:03 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-06-12 16:20 127036 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 01:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-07 23:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2011-11-01 02:35 67448 ----a-w- c:\progra~1\Uniblue\POWERS~1\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 01:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-03 05:06 45056 ----a-w- c:\program files\Creative\SB Drive Det\SBDrvDet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-06-22 02:21 1044480 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
2011-10-19 03:27 67960 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
2012-01-17 17:22 4767648 ----a-w- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 01:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-03-18 02:16 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 01:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-08-09 13:27 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\michael\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\xerox\\nwwia\\XrxFTPLt.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 AcuWVSSchedulerv8;Acunetix WVS Scheduler v8;c:\program files\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe [16/02/2012 9:45 p.m. 911496]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [16/03/2012 10:07 p.m. 67584]
R2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files\Cobian Backup 11\cbService.exe [16/03/2012 10:07 p.m. 1131008]
R2 HDRExposeService;HDRExposeService;c:\program files\UCT\HDR Expose\HDRExposeService.exe [18/09/2010 6:23 a.m. 21784]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/03/2012 7:45 p.m. 652360]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [15/02/2011 11:11 p.m. 66560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1/03/2012 2:56 p.m. 2214504]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [18/01/2012 6:21 a.m. 737184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/03/2012 7:45 p.m. 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 2:16 p.m. 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/04/2011 2:33 p.m. 136176]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [1/03/2012 3:04 p.m. 99416]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [1/03/2012 3:04 p.m. 555096]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [1/03/2012 3:04 p.m. 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [1/03/2012 3:04 p.m. 566360]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [6/05/2011 3:57 p.m. 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27/04/2011 2:33 p.m. 136176]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 2:37 p.m. 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 2:16 p.m. 753504]
S4 Meipsvrv;Meipsvrv; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 c:\windows\Tasks\AdobeAAMUpdater-1.0-FOTOBAJKO-1VGWT-michael.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-08-29 05:42]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 01:32]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 01:32]
.
2011-08-16 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-03-29 18:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 122.56.237.1 210.55.111.1
FF - ProfilePath - c:\documents and settings\michael\Application Data\Mozilla\Firefox\Profiles\yoxih13r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B070a0f8e-3abd-4ba4-a8d9-7eb67aa3fbde%7D&mid=abc6824c3af547d68ee4d1570942e84a-efe156ded0d5673e7ba79dd40d2ed10688e2ac55&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2012-03-18%2016%3A20%3A44&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-19 12:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1482476501-1390067357-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(292)
c:\windows\system32\WININET.dll
c:\documents and settings\michael\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\RunDLL32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CNAB3RPK.EXE
c:\windows\system32\CTsvcCDA.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-03-19 12:06:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-18 23:06
ComboFix2.txt 2012-03-17 07:46
.
Pre-Run: 36,847,661,056 bytes free
Post-Run: 36,820,291,584 bytes free
.
- - End Of File - - 127F02DA3C6D8AFD8D626E6DC2BC3871

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:28 PM

Posted 19 March 2012 - 07:58 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 michaelbajko

michaelbajko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 19 March 2012 - 03:48 PM

Kia Ora Gringo'
As requested...

7-Zip 9.20
Acunetix Web Vulnerability Scanner 8.0
Adobe Acrobat X Pro - English, Franšais, Deutsch
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Content Viewer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Assistant
Adobe Dreamweaver CS5.5
Adobe ExtendScript Toolkit 2
Adobe Fireworks CS5
Adobe Flash Catalyst CS5.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Professional CS5
Adobe Flash Professional CS5.5
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS5.1
Adobe InDesign CS5.5
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS5.1
Adobe Photoshop Lightroom 3.4.1
Adobe Reader X (10.1.2)
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Widget Browser
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Software Update
ArtRage 2 Starter Edition
ASUS nVidia Driver
Audacity 1.2.6
Belarc Advisor 8.2
BurnAware Free 3.3
CamStudio
Canon CanoScan Toolbox 4.9
Canon LBP3000
CCleaner
CM Vocoder
Cobian Backup 11 Gravity
Color Efex Pro 3.0 Complete
ColorPic
Convert VOB to AVI
Core FTP LE
Creative System Information
DesignWorkshop Lite
Diskeeper 2007 Pro Premier
Dropbox
DVD Architect Pro 5.0
EasyBluePrint
Elektronika
Emicsoft Video Converter
EPSON Attach To Email
EPSON Darkroom Print
EPSON Easy Photo Print
EPSON File Manager
EPSON Print CD
EPSON Printer Software
EPSON RAW Print
EPSON Scan Assistant
EPSON Web-To-Page
ESPR1800 Reference Guide
Free DVD Video Converter version 1.5.13.421
GeoSetter 3.4.16
GIMP 2.6.8
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.880
Gourmet (remove only)
Gtk+ Runtime Environment 2.8.8-rc2
HDR Expose
honestech VHS to DVD 2.0 SE
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
hueyPRO 1.5.1
IcoFX 1.6.4
Instant Shed and Shop Design 15
Intel® PRO Network Connections Drivers
jAlbum
Java Auto Updater
Java™ 6 Update 31
KeyTweak - Keyboard Remapper (remove only)
LAME v3.98.2 for Audacity
Lightroom
LP Recorder - Magazine CD
LuminanceHDR 2.0.2
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia FreeHand MXa
Malwarebytes Anti-Malware version 1.60.1.1000
Manual CanoScan 8400F
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Calculator Plus
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MozBackup 1.5.1
Mozilla Firefox 11.0 (x86 en-GB)
Mozilla Thunderbird 10.0.2 (x86 en-GB)
MSXML 6.0 Parser (KB925673)
MWSnap 3
NVIDIA Control Panel 275.33
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA nView 135.85
NVIDIA nView Desktop Manager
NVIDIA Update 1.3.5
NVIDIA Update Components
OhmForce Ohmygod VST2
OJOsoft VOB Converter
OmniPage SE
OpenOffice.org 3.2
Orologi Solari 26.3
Pano2VR - Garden Gnome Software
Pavtube Video Converter version 3.6.1.2350
PDF Settings
PDF Settings CS5
PDFCreator
PhotoKit Sharpener Plug-in Module
Pikto BOOKit
PosteRazor
Prism Video File Converter
PSP SpringVerb CM
PTGui Pro 9.1.3
Python 3.2.2
QuickTime
Rainlendar2 (remove only)
RonyaSoft Poster Designer (Poster Forge) 2.01
ScheduleIt V5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Silver Efex Pro 2
Sonic UDF Reader
Sony Picture Utility
Sony USB Driver
Sony Vegas Pro 8.0
Sound Blaster Audigy 2 ZS
SoundMAX
SpyHunter
swMSM
Ulead VideoStudio SE DVD
Uniblue DriverScanner
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Capture Device
Usenet.nl
VideoLAN VLC media player 0.8.6f
Viveza
WebFldrs XP
Windows Driver Package - Leaf Imaging Ltd. Image (02/11/2010 )
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows XP Service Pack 3
WXTide32
XML Paper Specification Shared Components Pack 1.0
YouTube Downloader 3.5
YouTube Downloader Toolbar v5.0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users