Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows.Tool.Disabled


  • This topic is locked This topic is locked
3 replies to this topic

#1 tld6008

tld6008

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 15 May 2012 - 01:08 PM

I have been using Malwarebytes Anti Malware (free edition)for over a year and each time I run it it finds one infected item. I originally had an infection that had the classic symptoms of the Windows Tool Malware. I had to down load, rename and run the cleaner under safe mode but ever since this lingering part has remained. It is always the same thing named "Windows.Tool.Disabled"
I just got a new laptop and after I downloaded and installed the Malwarebytes program it found it on the first run. Can this virus be on my hands? I would really like to be rid of this.

T. Davis



.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 7.0.5730.13
Run by TDavis at 13:23:00 on 2012-05-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3241.2417 [GMT -5:00]
.
AV: AVG Anti-Virus Business Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Snare\SnareCore.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Novell\ZENworks\wm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\windows\tg\ProgUn.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\DeskAlerts\deskalerts.exe
C:\Documents and Settings\TDavis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TDavis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TDavis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: System=ziswin.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: IESSOObj Class: {7de7b623-a17e-4a0b-94ba-d1b3ba646792} - c:\program files\novell\securelogin\iesso.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [NDPS] c:\windows\system32\dpmw32.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [NALExplorer] "c:\program files\novell\zenworks\NALDESK.EXE"
mRun: [AutoIt] c:\windows\tg\ProgUn.exe
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
mRun: [AffixaPersonalSettings] "c:\program files\affixa\AffixaHandler.exe" /APPLYPERSONAL
mRun: [SecureLogin] c:\program files\novell\securelogin\slproto.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskal~1.lnk - c:\program files\deskalerts\deskalerts.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{f3c1de9e-5e16-4ba9-b854-7b53a45e3579}\Icon3E5562ED7.ico
uPolicies-disallowrun: 11 = BWWEBLOADER.EXE
uPolicies-disallowrun: 12 = CLIENT4.EXE
uPolicies-disallowrun: 13 = CLUSTONE.EXE
uPolicies-disallowrun: 14 = CLUSTONE.EXE
uPolicies-disallowrun: 15 = COMBACKCONSOLE.EXE
uPolicies-disallowrun: 16 = CRAPSTER.EXE
uPolicies-disallowrun: 17 = DCPLUSPLUS.EXE
uPolicies-disallowrun: 18 = DECONPRO.EXE
uPolicies-disallowrun: 19 = edonkey.exe
uPolicies-disallowrun: 20 = edonkey2000.exe
uPolicies-disallowrun: 21 = EMULE.EXE
uPolicies-disallowrun: 22 = EVOLUTION.EXE
uPolicies-disallowrun: 23 = EVOLVER.EXE
uPolicies-disallowrun: 24 = FILEFURY.EXE
uPolicies-disallowrun: 25 = FILEMINER.EXE
uPolicies-disallowrun: 26 = FILENAVIGATOR.EXE
uPolicies-disallowrun: 27 = FILENAVIGATOR.EXE
uPolicies-disallowrun: 28 = FILESHARE.EXE
uPolicies-disallowrun: 29 = FILETO~1.EXE
uPolicies-disallowrun: 30 = FILETO~1.EXE
uPolicies-disallowrun: 31 = FILETOPIA.EXE
uPolicies-disallowrun: 33 = FLOCATOR.EXE
uPolicies-disallowrun: 34 = FREEWIRELAUNCHER.EXE
uPolicies-disallowrun: 35 = GDONKEY.EXE
uPolicies-disallowrun: 36 = GNEWTELLA.EXE
uPolicies-disallowrun: 37 = GNEWTELLA.EXE
uPolicies-disallowrun: 38 = GNOTELLA.EXE
uPolicies-disallowrun: 39 = gnucleus.exe
uPolicies-disallowrun: 40 = GNUCLEUS.EXE
uPolicies-disallowrun: 41 = GROKSTER.EXE
uPolicies-disallowrun: 42 = GTL POLIANE.EXE
uPolicies-disallowrun: 43 = imesh.exe
uPolicies-disallowrun: 44 = IMESHCLIENT.EXE
uPolicies-disallowrun: 45 = IMESHCLIENT.EXE
uPolicies-disallowrun: 46 = JITZUSHARE.EXE
uPolicies-disallowrun: 47 = KAST.EXE
uPolicies-disallowrun: 48 = kazaa.exe
uPolicies-disallowrun: 49 = KAZAA.EXE
uPolicies-disallowrun: 50 = KHTTP2T.EXE
uPolicies-disallowrun: 51 = KLIENT.EXE
uPolicies-disallowrun: 52 = k-litepro.exe
uPolicies-disallowrun: 53 = KPP.EXE
uPolicies-disallowrun: 54 = limewire.exe
uPolicies-disallowrun: 55 = MADSTER.EXE
uPolicies-disallowrun: 56 = MEDIAGRAB.EXE
uPolicies-disallowrun: 57 = MMOD.EXE
uPolicies-disallowrun: 58 = MOJO NATION.EXE
uPolicies-disallowrun: 59 = morpheus.exe
uPolicies-disallowrun: 60 = MORPHEUS.EXE
uPolicies-disallowrun: 61 = MP3 SWAPPER.EXE
uPolicies-disallowrun: 62 = MP3EASYKL.EXE
uPolicies-disallowrun: 63 = MP3FINDER.EXE
uPolicies-disallowrun: 64 = MP3STARSEARCH.EXE
uPolicies-disallowrun: 65 = MP3WOLF.EXE
uPolicies-disallowrun: 66 = MYNAPSTER.EXE
uPolicies-disallowrun: 67 = MYSTER.EXE
uPolicies-disallowrun: 68 = NAMSTER.EXE
uPolicies-disallowrun: 69 = NAPSTER.EXE
uPolicies-disallowrun: 70 = NEONAPSTER.EXE
uPolicies-disallowrun: 71 = NOVA.EXE
uPolicies-disallowrun: 72 = OVERNET.EXE
uPolicies-disallowrun: 73 = OVERNET.EXE
uPolicies-disallowrun: 74 = P2P NETWORKING.EXE
uPolicies-disallowrun: 75 = PINPOST.EXE
uPolicies-disallowrun: 76 = PIOLET.EXE
uPolicies-disallowrun: 77 = PLEBIO.EXE
uPolicies-disallowrun: 78 = PLINK.EXE
uPolicies-disallowrun: 79 = QT2.EXE
uPolicies-disallowrun: 80 = QTRAX.EXE
uPolicies-disallowrun: 81 = QUEUEMANAGER.EXE
uPolicies-disallowrun: 82 = RIDEWAY.EXE
uPolicies-disallowrun: 83 = RIFFSHARE.EXE
uPolicies-disallowrun: 84 = SHANKSTER.EXE
uPolicies-disallowrun: 85 = SHAREAZA.EXE
uPolicies-disallowrun: 86 = SLAVANAP.EXE
uPolicies-disallowrun: 87 = SMIRK.EXE
uPolicies-disallowrun: 88 = SNATCHIN.EXE
uPolicies-disallowrun: 89 = SOULSEEK.EXE
uPolicies-disallowrun: 90 = SPLOOGE.EXE
uPolicies-disallowrun: 91 = SWAPNUT.EXE
uPolicies-disallowrun: 92 = TESLA.EXE
uPolicies-disallowrun: 93 = THE BRIDGE.EXE
uPolicies-disallowrun: 94 = TOADNODE.EXE
uPolicies-disallowrun: 95 = URLBLAZE.EXE
uPolicies-disallowrun: 96 = WEBVACUUMFREE.EXE
uPolicies-disallowrun: 97 = WINMX.EXE
uPolicies-disallowrun: 98 = WIPPIT.EXE
uPolicies-disallowrun: 99 = WRAPSTER.EXE
uPolicies-disallowrun: 100 = XOLOX.EXE
uPolicies-disallowrun: 1 = AIMSTER.EXE
uPolicies-disallowrun: 2 = ARES.EXE
uPolicies-disallowrun: 3 = AUDIOMP3FIND.EXE
uPolicies-disallowrun: 4 = BADBLUE.EXE
uPolicies-disallowrun: 5 = bearshare.exe
uPolicies-disallowrun: 6 = BITCOMET.EXE
uPolicies-disallowrun: 7 = bittorrent.exe
uPolicies-disallowrun: 8 = BLACKWIDOW.EXE
uPolicies-disallowrun: 9 = BLUBSTER.EXE
uPolicies-disallowrun: 10 = BLUBSTER.EXE
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
mPolicies-system: LogonType = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {48428AD9-F53A-4c40-AC16-41DB6A2B67C6} - res://c:\program files\novell\securelogin\localhero.dll/BUTTONRUNWIZARD.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi37cd~1\office12\REFIEBAR.DLL
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
Trusted Zone: bradycorp.com\saas
Trusted Zone: google.com
Trusted Zone: learnshare.com\lms2
Trusted Zone: oceaneering.com\*.plm.oii
Trusted Zone: oceaneering.com\mail
Trusted Zone: oi-inc.com
Trusted Zone: oii.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1304964789671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: DhcpNameServer = 10.100.1.3 10.100.1.32 10.100.101.192
TCP: Interfaces\{3E6C1151-392E-48B3-8EEC-2E6A349FF7F6} : DhcpNameServer = 10.100.1.3 10.100.1.32 10.100.101.192
Notify: igfxcui - igfxdev.dll
Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll
SEH: Application Explorer: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll
LSA: Authentication Packages = msv1_0 nwv1_0
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tdavis\application data\mozilla\firefox\profiles\cealzylt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mediacomtoday.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49636
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npnipp.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2011-5-9 17648]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2012-5-7 34592]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-5-23 6899]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2010-4-30 3795560]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2006-5-9 167936]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2006-5-2 61440]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [1980-1-1 43888]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-5-9 113664]
R3 bpenum;bpenum;c:\windows\system32\drivers\bpenum.sys [1980-1-1 189568]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [1980-1-1 33832]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [1980-1-1 174248]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [1980-1-1 260864]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [1980-1-1 41088]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [1980-1-1 7391744]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfxp.sys [1980-1-1 60192]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjxp.sys [1980-1-1 63976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-7 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-15 257696]
S3 bpmp;bpmp;c:\windows\system32\drivers\bpmp.sys [1980-1-1 136192]
S3 bpusb;bpusb;c:\windows\system32\drivers\bpusb.sys [1980-1-1 69504]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [1980-1-1 166568]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-7 136176]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [1980-1-1 132352]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-14 129976]
S3 NRLogoffMonitor;NRLogoffMonitor;c:\program files\novell\securelogin\slnrmonitorserver.exe [2007-10-17 143360]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-5-9 91496]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2005-12-8 251842]
.
=============== File Associations ===============
.
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-05-15 16:50:21 -------- d-----w- c:\program files\Microsoft Project Standard
2012-05-15 16:50:21 -------- d-----w- c:\documents and settings\tdavis\local settings\application data\Microsoft Help
2012-05-15 15:35:48 -------- d-sh--w- C:\FOUND.000
2012-05-15 13:18:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 13:18:01 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 21:23:29 172032 ----a-w- c:\windows\system32\npnipp.dll
2012-05-14 21:23:28 73728 ----a-w- c:\windows\system32\iprntzip.dll
2012-05-14 21:12:49 -------- d-----w- c:\documents and settings\tdavis\application data\Malwarebytes
2012-05-14 21:12:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-14 21:12:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-14 21:12:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-14 20:51:33 -------- d-----w- c:\documents and settings\tdavis\application data\blekkotb_019
2012-05-14 20:49:15 -------- d-----w- c:\documents and settings\tdavis\local settings\application data\antiphishing-vmninternethelper1_1dn
2012-05-14 20:49:14 -------- d-----w- c:\documents and settings\all users\application data\Anti-phishing Domain Advisor
2012-05-14 20:49:05 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-05-14 19:28:01 299008 ----a-w- c:\windows\CADToolStarter.exe
2012-05-14 19:28:01 16384 ----a-w- c:\windows\IEFFocusBrowser.exe
2012-05-14 19:28:00 -------- d--h--w- c:\program files\Zero G Registry
2012-05-14 19:28:00 -------- d-----w- c:\program files\MxACadInteg
2012-05-14 19:27:59 -------- d--h--w- c:\documents and settings\tdavis\InstallAnywhere
2012-05-14 19:26:29 -------- d-----w- c:\documents and settings\tdavis\local settings\application data\Adobe
2012-05-14 19:22:22 -------- d-----w- c:\program files\common files\Autodesk Shared
2012-05-14 19:22:22 -------- d-----w- c:\program files\Autodesk
2012-05-14 19:22:22 -------- d-----w- c:\documents and settings\tdavis\local settings\application data\Autodesk
2012-05-14 19:22:22 -------- d-----w- c:\documents and settings\tdavis\application data\Autodesk
2012-05-14 19:10:17 -------- d-----w- c:\documents and settings\tdavis\application data\SecureLogin
2012-05-14 19:10:15 -------- d-----w- c:\documents and settings\tdavis\application data\AVG2012
2012-05-14 19:10:10 -------- d-----w- c:\documents and settings\tdavis\application data\DeskAlerts_{79A50622-235B-41be-BA7A-15545DE28294}
2012-05-14 19:08:48 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-05-14 19:08:48 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-05-14 19:08:46 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-05-14 19:08:46 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2012-05-14 19:08:41 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-05-14 19:08:41 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2012-05-07 21:07:41 -------- d-----w- c:\program files\common files\SolidWorks Shared
2012-05-07 21:07:33 -------- d-----w- c:\program files\common files\eDrawings2011
2012-05-07 19:40:18 -------- d-----w- C:\NSLFiles
2012-05-07 19:39:36 -------- d-----w- c:\program files\2DEditor
2012-05-07 18:12:06 -------- d-----w- c:\windows\Internet Logs
2012-05-07 18:11:37 -------- d-----w- c:\program files\common files\Deterministic Networks
2012-05-07 18:11:37 -------- d-----w- c:\program files\Cisco Systems
2012-05-07 15:23:40 -------- d-----w- c:\program files\Snare
2012-05-07 15:23:00 -------- d-----w- c:\program files\RealVNC
2012-05-07 15:22:26 -------- d-----w- c:\program files\DeskAlerts
2012-05-07 15:17:20 922112 ----a-w- c:\windows\system32\acfpdfuamd64.dll
2012-05-07 15:17:20 8013104 ----a-w- C:\Setup.exe
2012-05-07 15:17:20 438272 ----a-w- c:\windows\system32\acfpdfuiamd64.dll
2012-05-07 15:17:20 4194304 ----a-w- c:\windows\system32\cdintf400.dll
2012-05-07 15:17:20 221184 ----a-w- c:\windows\system32\Install.exe
2012-05-07 15:17:19 728243 ----a-w- c:\windows\system32\acfpdfu.dll
2012-05-07 15:17:19 4194304 ----a-w- c:\windows\system32\cdintf.dll
2012-05-07 15:17:19 414965 ----a-w- c:\windows\system32\acfpdfui.dll
2012-05-07 15:17:19 318064 ----a-w- c:\windows\system32\acfpdf.drv
2012-05-07 15:05:14 -------- d-----w- c:\windows\SHELLNEW
2012-05-07 15:04:04 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-05-07 15:03:36 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-07 15:03:36 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-05-07 15:03:28 -------- d-----w- c:\program files\AVG
2012-05-07 15:03:24 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-05-07 14:41:22 -------- d-----w- c:\program files\SolidWorks Viewer
2012-05-07 14:40:51 -------- d-----w- c:\program files\common files\SureThing Shared
2012-05-07 14:40:50 -------- d-----w- c:\program files\Sonic
2012-05-07 14:40:17 -------- d-----w- c:\windows\system32\XPSViewer
2012-05-07 14:40:09 28160 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-05-07 14:40:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-05-07 14:15:05 -------- d-----w- c:\program files\Citrix
2012-05-07 14:15:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-07 14:14:45 -------- d-----w- c:\program files\Servant Salamander
2012-05-07 14:14:41 -------- d-----w- c:\program files\MSXML 4.0
2012-05-07 14:13:08 -------- d-----w- c:\windows\TG
2012-05-07 13:45:55 -------- d-----w- c:\windows\system32\nls
2012-05-07 13:43:53 -------- d-----w- c:\program files\ZENworks
2012-05-07 13:43:49 -------- d-----w- C:\Novell
2012-05-07 13:43:18 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2012-05-07 13:43:18 61952 ----a-w- c:\windows\system32\kstvtune.ax
2012-05-07 13:43:18 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-05-07 13:43:18 43008 ----a-w- c:\windows\system32\ksxbar.ax
2012-05-07 13:43:18 20992 ----a-w- c:\windows\system32\dshowext.ax
2012-05-07 13:42:08 985728 ----a-w- c:\windows\system32\drivers\HSF_DPV.sys
2012-05-07 13:42:08 731264 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2012-05-07 13:42:08 210688 ----a-w- c:\windows\system32\drivers\HSFHWAZL.sys
2012-05-07 13:42:08 -------- d-----w- c:\program files\CONEXANT
2012-05-07 13:39:05 4644864 ----a-w- c:\windows\system32\stlang.dll
2012-05-07 13:39:05 253952 ----a-w- c:\windows\system32\AESTCtrl.cpl
2012-05-07 13:39:05 11870298 ----a-w- c:\windows\system32\idtsg.cpl
2012-05-07 13:39:02 -------- d-----w- C:\Intel
.
==================== Find3M ====================
.
.
============= FINISH: 13:23:24.76 ===============

Attached Files


Edited by tld6008, 15 May 2012 - 01:44 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 18 May 2012 - 10:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Can you please post a Malwarebytes log so that I can see what is identified each time you run the tool.

===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#3 tld6008

tld6008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 19 May 2012 - 09:25 PM

Attached File  mbam-log-2012-05-19 (20-56-25).txt   2.02KB   1 downloadsHello nasdaq, I set up and was ready to follow you directions and when I went to disable my Antivirus (AVG) that function is password protected by the administrator, This is a company laptop and unless there is some other way to do the combofix run I will need to try and get the password from the guys at work, I do know the company computers have the restore function disabled, i.g. no restore points to fall back on.
In the meantime I have attached the malwarebytes log.
I also thought I had set up a notification to my email when there was a reply to my topic, as I didn't get one I had quit a time finding this message.

T. Davis

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 20 May 2012 - 07:27 AM

I suggest you talk with the IT administrator. I will not change any of his settings.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users