Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

May be inftected but unable to find source


  • This topic is locked This topic is locked
2 replies to this topic

#1 tesh

tesh

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 01 June 2012 - 08:45 AM

Mod Edit:MOVED to Virus,Trojan and Malware Removal Logs ~~boopme


Computer acting doggy, strange, software crashes, just not like new.

Please review my combofix and hijack logs and let me know if anything abnormal stands out. I really don't want to reinstall windows xp. Just did that recently and didn't help my symptoms:

ComboFix 12-05-31.02 - Brian & Kelly 05/31/2012 11:56:27.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3199.2446 [GMT -5:00]
Running from: c:\documents and settings\Brian & Kelly\My Documents\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: GFI Software VIPRE *Enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\windows\ST6UNST.000
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2068-01-16 16:48 . 2004-01-15 20:26 4057803 ----a-w- c:\program files\Mozilla Firefox\Speed.exe
2012-05-31 16:41 . 2012-05-31 16:41 -------- d-----w- c:\program files\Atlantis Nova
2012-05-31 16:38 . 2012-05-31 16:40 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\Jarte
2012-05-31 16:38 . 2012-05-31 16:38 -------- d-----w- c:\program files\Jarte
2012-05-31 16:32 . 2012-05-31 16:32 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\PolyEdit Lite
2012-05-31 16:32 . 2012-05-31 16:32 -------- d-----w- c:\program files\PolyEdit Lite
2012-05-31 16:29 . 2012-05-31 16:29 -------- d-----w- c:\documents and settings\Brian & Kelly\Local Settings\Application Data\Kingsoft
2012-05-31 16:26 . 2012-05-31 16:26 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\Kingsoft
2012-05-31 16:26 . 2012-05-31 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kingsoft
2012-05-31 16:25 . 2012-05-31 16:25 -------- d-----w- c:\program files\Kingsoft
2012-05-31 15:36 . 2012-05-31 15:36 -------- d-----w- c:\program files\AbiSuite2
2012-05-31 00:21 . 2012-05-31 00:22 -------- d-----w- c:\program files\SlimCleaner
2012-05-31 00:11 . 2012-05-31 00:11 -------- d-----w- c:\windows\LastGood
2012-05-30 22:15 . 2012-05-30 22:15 -------- d-----w- c:\program files\SlimDrivers
2012-05-30 12:39 . 2012-05-30 12:39 -------- d-----w- c:\program files\RadarSync
2012-05-29 12:33 . 2012-05-29 12:33 1480 ----a-w- c:\windows\AUTOLNCH.REG
2012-05-29 12:09 . 2004-02-27 05:00 962612 ----a-w- c:\windows\system32\mfc42d.dll
2012-05-29 12:09 . 2004-02-17 05:00 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2012-05-28 19:50 . 2012-05-28 19:50 -------- d-----w- c:\program files\WinDirStat
2012-05-28 13:11 . 2012-05-28 13:11 -------- d-----w- C:\col1832
2012-05-28 12:53 . 2001-02-18 15:09 9312 ----a-w- c:\windows\system32\drivers\hp4200c.sys
2012-05-28 12:53 . 2000-03-15 15:41 73728 ----a-w- c:\windows\system\HPAD32.DLL
2012-05-28 12:53 . 1999-01-26 12:06 25524 ----a-w- c:\windows\system32\hpsctrlc.cpl
2012-05-28 12:53 . 2012-05-28 13:23 -------- d-----w- C:\sj654
2012-05-28 12:51 . 2012-05-28 12:51 -------- d-----w- C:\sj655
2012-05-28 12:31 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-05-28 12:31 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2012-05-28 12:31 . 2001-08-18 03:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2012-05-28 12:31 . 2001-08-18 03:36 32768 ----a-w- c:\windows\system32\hpgtmcro.dll
2012-05-28 12:31 . 2001-08-18 03:36 31232 -c--a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2012-05-28 12:31 . 2001-08-18 03:36 31232 ----a-w- c:\windows\system32\hpgt42tk.dll
2012-05-28 12:31 . 2001-08-18 03:36 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2012-05-28 12:31 . 2001-08-18 03:36 93696 ----a-w- c:\windows\system32\hpgt42.dll
2012-05-26 15:41 . 2012-05-26 15:41 -------- d-----w- c:\program files\NEC Electronics
2012-05-26 15:15 . 2012-05-26 15:15 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\Seagate
2012-05-26 15:14 . 2012-05-26 15:14 -------- d-----w- c:\program files\Seagate
2012-05-26 13:53 . 2012-05-26 13:53 -------- d-----w- c:\program files\VueSoft
2012-05-25 14:49 . 2012-05-25 13:52 12992 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2012-05-25 14:49 . 2012-05-25 13:52 16064 ----a-w- c:\windows\system32\drivers\pssnap.sys
2012-05-25 14:49 . 2012-05-25 13:52 53952 ----a-w- c:\windows\system32\drivers\psmounter.sys
2012-05-24 17:31 . 2012-05-24 17:32 -------- d-----w- c:\windows\GFIBckFUnwise
2012-05-23 21:42 . 2012-05-23 21:42 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2012-05-23 19:42 . 2012-05-23 19:42 -------- d-----w- c:\program files\Outlook Express Quick Backup
2012-05-23 13:14 . 2012-05-23 13:14 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\YCanPDF
2012-05-23 12:03 . 2011-08-29 23:20 1493608 ----a-w- c:\windows\RtlUpd.exe
2012-05-23 12:03 . 2011-06-30 23:15 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2012-05-23 12:03 . 2012-03-20 02:01 65128 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-05-23 12:03 . 2010-11-04 01:15 1833576 ----a-w- c:\windows\SkyTel.exe
2012-05-22 14:50 . 2012-05-22 14:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\Seagate
2012-05-22 13:04 . 2012-05-22 13:04 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\Easeware
2012-05-22 13:04 . 2012-05-22 13:04 -------- d-----w- c:\program files\Easeware
2012-05-22 11:55 . 2012-05-22 12:21 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\PrimoPDF
2012-05-22 11:25 . 2012-05-22 11:25 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.1
2012-05-21 14:50 . 2012-05-21 14:50 -------- d-----w- c:\program files\Softland
2012-05-21 14:45 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll
2012-05-21 13:31 . 2012-05-21 13:31 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\FileOpen
2012-05-21 13:31 . 2012-05-21 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\FileOpen
2012-05-21 13:31 . 2012-05-17 02:11 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-05-21 13:30 . 2012-05-22 12:20 -------- d-----w- c:\program files\Nitro PDF
2012-05-21 13:30 . 2012-05-21 13:30 -------- d-----w- c:\program files\Common Files\Nitro PDF
2012-05-21 11:29 . 2012-05-21 11:29 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\3v
2012-05-20 21:34 . 2012-05-20 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Zoner
2012-05-20 21:34 . 2012-05-20 21:34 -------- d-----w- c:\documents and settings\Brian & Kelly\Local Settings\Application Data\Zoner
2012-05-20 21:33 . 2012-05-20 21:33 -------- d-----w- c:\program files\Zoner
2012-05-20 19:46 . 2012-05-20 19:46 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\ASCOMP Software
2012-05-20 19:46 . 2012-05-20 19:46 -------- d-----w- c:\program files\ASCOMP Software
2012-05-20 19:24 . 2012-05-20 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Softland
2012-05-20 19:23 . 2012-05-20 19:23 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\Softland
2012-05-20 19:15 . 2012-05-24 12:18 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\enchant
2012-05-20 19:14 . 2012-05-31 16:39 -------- d-----w- c:\documents and settings\Brian & Kelly\AbiSuite
2012-05-20 19:13 . 2012-05-20 19:14 -------- d-----w- c:\program files\AbiWord
2012-05-20 18:46 . 2012-05-20 18:46 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\JGsoft
2012-05-20 18:46 . 2012-05-20 18:46 -------- d-----w- c:\program files\Just Great Software
2012-05-20 16:31 . 2012-05-20 16:31 -------- d-----w- c:\documents and settings\Brian & Kelly\DoctorWeb
2012-05-20 13:58 . 2012-05-31 16:27 -------- d-----w- c:\windows\ShellNew
2012-05-20 13:56 . 2012-05-24 20:59 -------- d-----w- c:\program files\LibreOffice 3.5
2012-05-20 00:35 . 2012-05-20 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
2012-05-16 21:05 . 2012-05-16 21:08 -------- d-----w- c:\program files\Content Manager
2012-05-16 16:10 . 2012-05-16 16:10 -------- d-----w- c:\documents and settings\Brian & Kelly\Local Settings\Application Data\fontconfig
2012-05-16 16:10 . 2012-05-16 16:10 -------- d-----w- c:\documents and settings\Brian & Kelly\Local Settings\Application Data\gegl-0.2
2012-05-16 14:50 . 2012-05-16 14:50 -------- d-----w- c:\documents and settings\Brian & Kelly\Application Data\DuckLink
2012-05-16 14:50 . 2012-05-16 14:50 -------- d-----w- c:\program files\DuckLink
2012-05-11 00:49 . 2012-05-03 22:52 20616 ----a-w- c:\windows\system32\fbnative.exe
2012-05-06 23:23 . 2012-05-06 23:23 -------- d-----w- c:\program files\Cobian Backup 11
2012-05-06 12:16 . 2012-05-06 12:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
2012-05-06 12:14 . 2009-03-18 19:58 939368 ----a-r- c:\windows\system32\myflash.ocx
2012-05-02 11:52 . 2012-05-02 11:52 -------- d-----w- c:\documents and settings\Brian & Kelly\Local Settings\Application Data\KeePass
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\system32\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 19:42 . 2010-10-31 16:18 249856 ------w- c:\windows\Setup1.exe
2012-05-23 19:42 . 2010-10-31 16:18 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-05-20 21:20 . 2012-03-30 14:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-20 21:20 . 2011-12-02 18:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 02:11 . 2012-02-12 20:15 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-05-03 22:52 . 2011-11-01 19:04 185864 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2012-05-03 22:51 . 2011-05-06 16:25 41352 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2012-05-03 22:51 . 2011-05-06 16:25 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2012-05-03 22:51 . 2011-05-06 16:25 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys
2012-04-29 12:47 . 2012-04-29 12:47 143872 ----a-w- c:\windows\system32javacpl.cpl
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-12 02:38 . 2010-10-31 01:53 6104168 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-04-11 13:14 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-02-28 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-06 11:59 . 2010-08-04 06:31 159744 ----a-w- c:\windows\system32\Oemdspif.dll
2012-04-06 11:59 . 2010-08-04 06:30 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-04-06 11:48 . 2010-08-04 06:22 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-04 23:47 . 2012-02-22 16:41 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 23:47 . 2011-12-19 02:11 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-04 23:47 . 2010-10-31 12:53 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56 . 2010-11-02 01:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 14:48 . 2010-09-15 16:30 299424 ----a-w- c:\windows\system32\drivers\yk51x86.sys
2012-03-03 21:05 . 2012-03-03 21:05 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-03-03 14:42 . 2012-03-03 14:42 3584 ----a-r- c:\documents and settings\Brian & Kelly\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-01-31 17:55 . 2012-01-31 17:55 10804768 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-04-28 20:43 . 2011-08-01 01:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VueMinder"="c:\program files\VueSoft\VueMinder\VueMinder.exe" [2012-05-25 6946816]
"KeePass Password Safe 2"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2012-01-19 3050352]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 20065896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 06:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2000-01-01 00:00 20065896 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update 4200C]
2002-01-08 21:30 28672 ----a-w- c:\scanjet\PrecisionScanLT\update.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe"=
"c:\\Program Files\\EASEUS\\Todo Backup\\bin\\TbService.exe"=
"c:\\Program Files\\EASEUS\\Todo Backup\\bin\\TBConsoleUI.exe"=
"c:\\Program Files\\VueSoft\\VueMinder\\VueMinder.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [5/6/2011 11:25 AM 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [5/6/2011 11:25 AM 41352]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [5/25/2012 9:49 AM 16064]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/15/2012 9:37 AM 14776]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [5/6/2011 11:25 AM 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [11/1/2011 2:04 PM 185864]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [4/15/2011 6:52 AM 21624]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [3/20/2012 9:07 PM 21240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [11/26/2011 9:05 PM 335224]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/26/2011 2:23 PM 101112]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [11/26/2011 9:05 PM 217976]
R1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [10/13/2011 2:06 PM 277576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [10/31/2010 10:30 AM 12184]
R2 SBAMSvc;VIPRE Internet Security;c:\program files\GFI Software\VIPRE\SBAMSvc.exe [1/19/2012 4:12 PM 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [3/20/2012 9:08 PM 77816]
R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe [1/19/2012 4:11 PM 173424]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]
R3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.SYS [10/27/2004 5:05 PM 22144]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12/9/2011 4:39 PM 99856]
R3 GFIBckFAtt;GFI BackUp Freeware Attendant Service;c:\progra~1\GFI\GFIBAC~2\GFIFInst.exe [5/24/2012 12:32 PM 1011056]
R3 GFIBckFSched;GFI BackUp Freeware Scheduler Service;c:\progra~1\GFI\GFIBAC~2\GFIFSC~1.EXE [5/24/2012 12:32 PM 2664816]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [11/20/2009 7:15 PM 58880]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [11/20/2009 7:15 PM 137728]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [11/26/2011 9:05 PM 94584]
R3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [11/26/2011 9:05 PM 93816]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 9:59 AM 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/30/2010 8:53 PM 1691480]
S3 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [5/6/2012 6:23 PM 67584]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [3/3/2012 4:05 PM 23456]
S3 EaseUS Agent;EaseUS Agent Service;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [5/10/2012 7:48 PM 70280]
S3 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIHInst.exe [4/2/2011 9:08 AM 858480]
S3 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIHSC~1.EXE [4/2/2011 9:08 AM 2324848]
S3 Guard Agent;Guard Agent Service;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [5/10/2012 7:48 PM 24712]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [5/28/2012 7:53 AM 9312]
S3 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 2:43 PM 204800]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/1/2010 8:13 PM 22344]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/1/2010 8:13 PM 654408]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/28/2012 3:43 PM 129976]
S3 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [5/16/2012 9:11 PM 184848]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [12/16/2011 9:19 AM 15544]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [5/25/2012 9:49 AM 53952]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [3/6/2012 7:54 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [3/6/2012 7:53 AM 11104]
S3 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [5/25/2012 9:49 AM 224960]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [11/26/2011 9:05 PM 94584]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [3/30/2012 5:26 AM 1295416]
S3 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [3/30/2012 5:26 AM 681016]
S3 SMC2208;SMC Compact USB to Ethernet converter;c:\windows\system32\drivers\SMC2208.SYS [11/29/2010 2:20 PM 26525]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [2/28/2012 10:59 AM 535000]
S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [7/13/2009 6:20 PM 19024]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\PCUpdater_NOTIFYSCAN.job
- c:\program files\RadarSync\pcupdater.exe [2012-05-30 15:56]
.
2012-05-30 c:\windows\Tasks\PCUpdater_UPDATES.job
- c:\program files\RadarSync\pcupdater.exe [2012-05-30 15:56]
.
2012-05-31 c:\windows\Tasks\WpsUpdateTask_Brian & Kelly.job
- c:\program files\Kingsoft\Kingsoft Writer\office6\wpsupdate.exe [2011-11-03 16:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?PC=BNHP
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?sourceid=ie7&q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open Link Target in Firefox - file://c:\documents and settings\Brian & Kelly\Application Data\Mozilla\Firefox\Profiles\t0nnx4cw.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
IE: View This Page in Firefox - file://c:\documents and settings\Brian & Kelly\Application Data\Mozilla\Firefox\Profiles\t0nnx4cw.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Brian & Kelly\Application Data\Mozilla\Firefox\Profiles\t0nnx4cw.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B34a1ed93-c38a-42cb-abfd-fd17473089e9%7D&mid=a5913bee506947d1bf6cd15926df4615-f62fc251909351706531641982c7a48ec3063cf4&ds=is015&v=10.0.0.7&lang=en&pr=sa&d=2012-03-03%2009%3A29%3A12&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
txtfile="c:\program files\Just Great Software\EditPadLite7\EditPadLite7.exe" "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-31 12:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-97KG-MAVR-CR2D-4DUY-PD4Y-6XSGCWN"
"Activated"="Y"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1536)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-05-31 12:06:53
ComboFix-quarantined-files.txt 2012-05-31 17:06
.
Pre-Run: 177,375,522,816 bytes free
Post-Run: 177,533,952,000 bytes free
- - End Of File - - A3EC31F0623728A7F8EEF99D904BC057



SlimCleaner 3.0.20442.43342 Hijack Log

06/01/2012 07:58:25 AM

Microsoft Windows XP Home Edition Service Pack 3

5.01 build 2600 Service Pack 3

Brian & Kelly

In groups: LOCAL Administrators Everyone Users None INTERACTIVE Authenticated Users



Running Processes:

\SystemRoot\System32\smss.exe

\??\C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe

C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\GFI Software\VIPRE\SBAMTray.exe

C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\VueSoft\VueMinder\VueMinder.exe

C:\Program Files\KeePass Password Safe 2\KeePass.exe

C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\SlimCleaner\SlimCleaner.exe



Start Page Software\Microsoft\Internet Explorer\Main http://www.bing.com/?pc=bnhp

Internet Explorer Advanced Options JAVA_SUN c:\program files\oracle\javafx 2.1 runtime\bin\deploy.dll

ZoneMap Domain msn.com msn.com

BHO Java™ Plug-In SSV Helper C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO Java™ Plug-In 2 SSV Helper C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

Startup: Registry VueMinder C:\Program Files\VueSoft\VueMinder\VueMinder.exe

Startup: Registry KeePass Password Safe 2 C:\Program Files\KeePass Password Safe 2\KeePass.exe

Startup: Registry EvtMgr6 C:\Program Files\Logitech\SetPointP\SetPoint.exe

Startup: Registry SBAMTray C:\Program Files\GFI Software\VIPRE\SBAMTray.exe

Startup: Registry KeePass 2 PreLoad C:\Program Files\KeePass Password Safe 2\KeePass.exe

Startup: Registry Seagate Dashboard C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe

Startup: Registry NUSB3MON C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

Startup: Registry RTHDCPL C:\WINDOWS\RTHDCPL.EXE

Startup: Registry iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe

Startup: Registry StartupPrograms C:\WINDOWS\system32\rdpclip.exe

Startup: Registry BootExecute C:\WINDOWS\system32\autochk.exe

Context Menu Item Google Inc. c:\windows\system32\gphotos.scr

Context Menu Item Unknown owner file:

Context Menu Item <Not available> file:

Extra 'Tools' menu-item @xpsp3res.dll,-20001 %windir%\Network Diagnostic\xpnetdiag.exe

Extra Button Messenger C:\Program Files\Messenger\msmsgs.exe

Extra 'Tools' menu-item Windows Messenger C:\Program Files\Messenger\msmsgs.exe

Unknown file in WinSock LSP mdnsNSP Apple Inc.

Unknown file in WinSock LSP NWLink IPX/SPX/NetBIOS Compatible Transport Protocol Microsoft Corporation

Unknown file in WinSock LSP Tcpip Microsoft Corporation

Unknown file in WinSock LSP NTDS Microsoft Corporation

Unknown file in WinSock LSP Network Location Awareness (NLA) Namespace Microsoft Corporation

Downloaded ActiveX Object asusTek_sysctrl Class http://support.asus.com/select/asusTek_sys_ctrl3.cab

Downloaded ActiveX Object MUCatalogWebControl Class http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1297966314656

Downloaded ActiveX Object MUWebControl Class http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1320198813578

Downloaded ActiveX Object Java Plug-in 10.4.1 http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

Downloaded ActiveX Object Java Plug-in 1.7.0_04 http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

Downloaded ActiveX Object Java Plug-in 10.4.1 http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

Downloaded ActiveX Object SysInfo Class http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

Downloaded ActiveX Object JuniperSetupClientControl Class https://ssl1.chw.org/dana-cached/sc/JuniperSetupClient.cab

Protocol ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll

Protocol http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll

Protocol https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll

WinLogon Notify AtiExtEvent ATI Technologies Inc.

WinLogon Notify crypt32chain Microsoft Corporation

WinLogon Notify cryptnet Microsoft Corporation

WinLogon Notify cscdll Microsoft Corporation

WinLogon Notify dimsntfy Microsoft Corporation

WinLogon Notify LBTWlgn Logitech, Inc.

WinLogon Notify ScCertProp Microsoft Corporation

WinLogon Notify Schedule Microsoft Corporation

WinLogon Notify sclgntfy Microsoft Corporation

WinLogon Notify SensLogn Microsoft Corporation

WinLogon Notify termsrv Microsoft Corporation

WinLogon Notify wlballoon Microsoft Corporation

Shell Service AutoRun Object PostBootReminder c:\windows\system32\shell32.dll

Shell Service AutoRun Object CDBurn c:\windows\system32\shell32.dll

Shell Service AutoRun Object WebCheck c:\windows\system32\webcheck.dll

Shell Service AutoRun Object SysTray c:\windows\system32\stobject.dll

Shell Service AutoRun Object WPDShServiceObj c:\windows\system32\wpdshserviceobj.dll

SharedTaskScheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} c:\windows\system32\browseui.dll

SharedTaskScheduler {8C7461EF-2B13-11d2-BE35-3078302C2030} c:\windows\system32\browseui.dll

Service IPv6 Helper Service (6to4) - Microsoft Corporation c:\windows\system32\svchost.exe

Service NA (Ati HotKey Poller) - ATI Technologies Inc. c:\windows\system32\ati2evxx.exe

Service Windows Audio (AudioSrv) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Bonjour Service (Bonjour Service) - Apple Inc. c:\program files\bonjour\mdnsresponder.exe

Service Microsoft .NET Framework NGEN v4.0.30319_X86 (clr_optimization_v4.0.30319_32) - Microsoft Corporation c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

Service CryptSvc (CryptSvc) - Microsoft Corporation c:\windows\system32\svchost.exe

Service DCOM Server Process Launcher (DcomLaunch) - Microsoft Corporation c:\windows\system32\svchost.exe

Service DHCP Client (Dhcp) - Microsoft Corporation c:\windows\system32\svchost.exe

Service DNS Client (Dnscache) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Error Reporting Service (ERSvc) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Event Log (Eventlog) - Microsoft Corporation c:\windows\system32\services.exe

Service Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Microsoft Corporation c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe

Service Help and Support (helpsvc) - Microsoft Corporation c:\windows\system32\svchost.exe

Service HID Input Service (HidServ) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Java Quick Starter (JavaQuickStarterService) - Oracle Corporation c:\program files\oracle\javafx 2.1 runtime\bin\jqs.exe

Service Server (lanmanserver) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Workstation (lanmanworkstation) - Microsoft Corporation c:\windows\system32\svchost.exe

Service TCP/IP NetBIOS Helper (LmHosts) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. c:\program files\common files\pure networks shared\platform\nmsrvc.exe

Service SAP Agent (NwSapAgent) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Plug and Play (PlugPlay) - Microsoft Corporation c:\windows\system32\services.exe

Service Protected Storage (ProtectedStorage) - Microsoft Corporation c:\windows\system32\lsass.exe

Service Remote Procedure Call (RPC) (RpcSs) - Microsoft Corporation c:\windows\system32\svchost.exe

Service VIPRE Internet Security (SBAMSvc) - GFI Software c:\program files\gfi software\vipre\sbamsvc.exe

Service SB Recovery Service (SBPIMSvc) - GFI Software c:\program files\gfi software\vipre\sbpimsvc.exe

Service Task Scheduler (Schedule) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Seagate Dashboard Service (SeagateDashboardService) - Memeo c:\program files\seagate\seagate dashboard\seagatedashboardservice.exe

Service Secondary Logon (seclogon) - Microsoft Corporation c:\windows\system32\svchost.exe

Service System Event Notification (SENS) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Shell Hardware Detection (ShellHWDetection) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Print Spooler (Spooler) - Microsoft Corporation c:\windows\system32\spoolsv.exe

Service Windows Service Pack Installer update service (spupdsvc) - Microsoft Corporation c:\windows\system32\spupdsvc.exe

Service System Restore Service (srservice) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Windows Image Acquisition (WIA) (stisvc) - Microsoft Corporation c:\windows\system32\svchost.exe

Service MS Software Shadow Copy Provider (SwPrv) - Microsoft Corporation c:\windows\system32\dllhost.exe

Service Themes (Themes) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Distributed Link Tracking Client (TrkWks) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Windows Time (W32Time) - Microsoft Corporation c:\windows\system32\svchost.exe

Service WebClient (WebClient) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Windows Management Instrumentation (winmgmt) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Security Center (wscsvc) - Microsoft Corporation c:\windows\system32\svchost.exe

Service Automatic Updates (wuauserv) - Microsoft Corporation c:\windows\system32\svchost.exe

Context Menu Handlers 7-Zip Igor Pavlov

Context Menu Handlers FileEraserShellExt GFI Software

Context Menu Handlers SBAMScanShellExt GFI Software

Context Menu Handlers SlimShellExt Slimware Utilities, Inc.

Context Menu Handlers WinRAR <Not available>

Context Menu Handlers {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}

Context Menu Handlers FAExt Malwarebytes

Context Menu Handlers MBAMShlExt Malwarebytes Corporation

Context Menu Handlers SlimShellExt Slimware Utilities, Inc.

Directory Context Menu Handlers 7-Zip Igor Pavlov

Directory Context Menu Handlers FileEraserShellExt GFI Software

Directory Context Menu Handlers SBAMScanShellExt GFI Software

Directory Context Menu Handlers SimpleShlExt CHENGDU YIWO Tech Development Co.,Ltd

Directory Context Menu Handlers SlimShellExt Slimware Utilities, Inc.

Directory Context Menu Handlers WinRAR <Not available>

Drag Drop Handlers 7-Zip Igor Pavlov

Drag Drop Handlers WinRAR <Not available>

Folder Context Menu Handlers Glary Utilities Glarysoft Ltd

Folder Context Menu Handlers MBAMShlExt Malwarebytes Corporation

Folder Context Menu Handlers WinRAR <Not available>

Background Context Menu Handlers ACE

Shell Extensions Approved OpenOffice.org Column Handler The Document Foundation

Shell Extensions Approved OpenOffice.org Infotip Handler The Document Foundation

Shell Extensions Approved OpenOffice.org Property Sheet Handler The Document Foundation

Shell Extensions Approved OpenOffice.org Thumbnail Viewer The Document Foundation

Shell Extensions Approved Autoplay for SlideShow

Driver AMD Special Tools Driver C:\WINDOWS\system32\drivers\amdtools.sys (file missing)

Driver AsIO c:\windows\system32\drivers\asio.sys

Driver Belarc SMBios Access c:\windows\system32\drivers\bantext.sys

Driver EUBAKUP c:\windows\system32\drivers\eubakup.sys

Driver EUBKMON c:\windows\system32\drivers\eubkmon.sys

Driver EUDSKACS c:\windows\system32\drivers\eudskacs.sys

Driver EUFDDISK c:\windows\system32\drivers\eufddisk.sys

Driver HWiNFO32/64 Kernel Driver c:\program files\hwinfo32\hwinfo32.sys

Driver ITEATAPI_Service_Install c:\windows\system32\drivers\iteatapi.sys

Driver Logitech Beep Suppression Driver c:\windows\system32\drivers\lbeepke.sys

Driver Pure Networks Device Discovery Driver c:\windows\system32\drivers\pnarp.sys

Driver Paramount Software Snapshot Filter c:\windows\system32\drivers\pssnap.sys

Driver Pure Networks Wireless Driver c:\windows\system32\drivers\purendis.sys

Driver sbaphd c:\windows\system32\drivers\sbaphd.sys

Driver sbapifs c:\windows\system32\drivers\sbapifs.sys

Driver SbFw c:\windows\system32\drivers\sbfw.sys

Driver SBRE c:\windows\system32\drivers\sbredrv.sys

Driver sbtis c:\windows\system32\drivers\sbtis.sys

Driver SmartDefragDriver c:\windows\system32\drivers\smartdefragdriver.sys

Driver Universal Image Mounter Controller c:\windows\system32\drivers\uimbus.sys

Driver UIM Drive Backup Image Plugin c:\windows\system32\drivers\uim_im.sys

Driver UIM Virtual Image Plugin c:\windows\system32\drivers\uim_vim.sys

Codec msacm.trspch DSP GROUP, INC.

Codec vidc.cvid Radius Inc.

Codec vidc.iv31 <Not available>

Codec vidc.iv32 <Not available>

Codec vidc.iv41 Intel Corporation

Codec msacm.sl_anet Sipro Lab Telecom Inc.

Codec msacm.iac2 Intel Corporation

Codec vidc.iv50 Intel Corporation

Codec msacm.l3acm Fraunhofer Institut Integrierte Schaltungen IIS

Codec PP PCM Wrapper CyberLink Corp.

Codec Pixela H264 Decoder2(HP) PIXELA CORPORATION

Codec CyberLink Demultiplexer(HomeNetwork) CyberLink Corp.

Codec Full Screen Renderer <Not available>

Codec CyberLink MPEG Video Encoder CyberLink Corp.

Codec Pixela Source Filter for 32 bit BMP PIXELA CORPORATION

Codec ATI Ticker

Codec CyberLink Editing Service 4.5 (Source) CyberLink Corp.

Codec Cyberlink Track Filter CyberLink Corp.

Codec CyberLink UltraSpeed/SVRT Demultiplexer CyberLink Corp.

Codec CyberLink MP3/WAV Wrapper CyberLink Corp.

Codec PP Video Regulator CyberLink

Codec PP TV Audio Decoder CyberLink Corp.

Codec DV Muxer <Not available>

Codec PP YUY2 Deinterlace CyberLink

Codec CyberLink AudioCD Filter CyberLink Corp.

Codec Color Space Converter <Not available>

Codec Cyberlink Streamming Filter CyberLink Corp.

Codec AVI Splitter <Not available>

Codec VGA 16 Color Ditherer <Not available>

Codec Indeo® video 5.10 Compression Filter Intel Corporation

Codec PP IDM Cyberlink

Codec CyberLink Editing Service 3.0 (Source) CyberLink Corp.

Codec Arcsoft PutDataSample Filter 1.0 arcsoft

Codec CyberLink UltraSpeed/SVRT Demultiplexer CyberLink Corp.

Codec PP Video Effect CyberLink

Codec Cyberlink TS Information Cyberlink

Codec AC3 Parser Filter <Not available>

Codec ArcSoft Realtime Mplex Filter ArcSoft Inc.

Codec Arcsoft Mpeg MPlex Filter ArcSoft Inc.

Codec Arcsoft Source Buffer Filter ArcSoft Inc.

Codec CyberLink Digest Filter (PDVD8) CyberLink

Codec PP Video Decoder CyberLink Corp.

Codec CyberLink HD/BD Mixer (PDVD8.0)

Codec StreamBufferSink <Not available>

Codec PP Audio Resampler CyberLink Corp.

Codec MJPEG Decompressor <Not available>

Codec Indeo® video 5.10 Decompression Filter Intel Corporation

Codec CyberLink TimeStretch Filter (PDVD8) CyberLink Corp.

Codec PP Dump Dispatch Filter CyberLink Corp.

Codec MPEG-I Stream Splitter <Not available>

Codec ArcSoft Mpeg Encoder Filter ArcSoft

Codec CyberLink Demux (PDVD8) CyberLink Corp.

Codec SAMI (CC) Parser <Not available>

Codec P2G Video Decoder CyberLink Corp.

Codec CyberLink Video/SP Decoder (PDVD8) CyberLink Corp.

Codec MPEG Layer-3 Decoder Fraunhofer Institut Integrierte Schaltungen IIS

Codec MPEG-2 Splitter <Not available>

Codec PP File Reader (Async.) CyberLink Corp.

Codec PP Snapshot Filter CyberLink

Codec YC_EVRWindow CyberLink Corp.

Codec PP Dump Filter CyberLink Corp.

Codec ACELP.net Sipro Lab Audio Decoder Sipro Lab Telecom Inc.

Codec CyberLink MPEG-4 Splitter CyberLink Corp.

Codec PP DV Buffer CyberLink

Codec CyberLink DV Buffer CyberLink Corporation

Codec Canon MDP Motion-JPEG Decoder Canon Inc.

Codec Arcsoft GetDataSample Filter 1.0 arcsoft

Codec ArcSoft MPEG Audio Decoder ArcSoft Inc.

Codec Canon Motion-JPEG Encoder Canon Inc.

Codec Internal Script Command Renderer <Not available>

Codec CyberLink Video Regulator Cyberlink

Codec CyberLink DVD Navigator (PDVD8) CyberLink Corp.

Codec P2G Audio Decoder CyberLink Corp.

Codec MPEG Audio Decoder <Not available>

Codec MMACE ProcAmp

Codec CyberLink Mux Push Source Cyberlink

Codec Pixela MPEG2-TS Multiplexer PIXELA CORPORATION

Codec PP DDR CyberLink Corp.

Codec DV Splitter <Not available>

Codec Cyberlink SubTitle Importor (PDVD8) CyberLink Corp.

Codec Video Mixing Renderer 9 <Not available>

Codec CyberLink MPEG Splitter CyberLink Corp.

Codec CyberLink Video Effect CyberLink

Codec PP TL MPEG Splitter CyberLink Corp.

Codec PP M2V Writer CyberLink

Codec CyberLink Audio Commercial Cut Analyzer Cyberlink Corp.

Codec PP DV TCR CyberLink

Codec Pixela mpeg system multiplexer (IMx) PIXELA CORPORATION.

Codec Cyberlink Sub-Picture Filter Cyberlink

Codec CyberLink Audio Noise Reduction CyberLink Corp.

Codec PP Audio Encoder Cyberlink Corp.

Codec CyberLink Load Image Filter CyberLink

Codec CyberLink MPEG-2 Splitter CyberLink Corp.

Codec CyberLink Audio VolumeBooster CyberLink Corp.

Codec PP MPEG Muxer CyberLink

Codec CyberLink MPEG-4 Splitter (PDVD8) CyberLink Corp.

Codec ACM Wrapper <Not available>

Codec CyberLink Frame Parser CyberLink

Codec Video Renderer <Not available>

Codec PIXELA H.264 Encoder PIXELA CORPORATION

Codec MPEG-2 Video Stream Analyzer <Not available>

Codec Cyberlink Dump Dispatch Filter CyberLink Corp.

Codec Line 21 Decoder <Not available>

Codec ArcSoft Deinterlace ArcSoft

Codec Video Port Manager <Not available>

Codec Video Renderer <Not available>

Codec CyberLink MPEGV Analyzer CyberLink

Codec CyberLink Audio Resampler CyberLink Corp.

Codec Pixela Resize Filter PIXELA CORPORATION

Codec ArcSoft VideoEffect Filter Arcsoft Corporation

Codec CyberLink SBE Source Filter CyberLink

Codec Cyberlink Dump Dispatch Filter CyberLink Corp.

Codec CyberLink MPEG-1 Splitter CyberLink Corp.

Codec CyberLink Stamp Effect CyberLink corporate

Codec Canon Custom Resizer SaveMode Canon Inc.

Codec CyberLink Demultiplexer CyberLink Corp.

Codec Canon Text Source Filter Canon Inc.

Codec MMACE SoftEmu

Codec File writer <Not available>

Codec PP YUY2 Sub-Sampling CyberLink Corp.

Codec Canon Image Rotation Filter Canon Inc.

Codec Arcsoft DV Transition Arcsoft

Codec Cyberlink File Reader (Async.) CyberLink Corp.

Codec CyberLink TL MPEG Splitter CyberLink Corp.

Codec Canon Motion-JPEG Decoder Canon Inc.

Codec CyberLink M2V Writer CyberLink

Codec PP Audio Effect CyberLink Corporation

Codec PP WAV Dest CyberLink

Codec CyberLink Audio Decoder (PDVD8) CyberLink Corp.

Codec Cyberlink Dump Filter CyberLink Corp.

Codec CyberLink Video Stabilizer CyberLink

Codec CyberLink TL MPEG Splitter CyberLink Corp.

Codec CyberLink Audio Decoder CyberLink Corp.

Codec PP Audio Decoder CyberLink Corp.

Codec CyberLink PCM Wrapper CyberLink Corp.

Codec Pixela QuickTime Writer PIXELA CORPORATION

Codec DVD Navigator <Not available>

Codec PP MPEG Splitter CyberLink Corp.

Codec MMACE DeInterlace

Codec Cyberlink Scene Detect Filter CyberLink

Codec Overlay Mixer2 <Not available>

Codec Pixela File Source (Sync) PIXELA CORPORATION.

Codec PP Audio Noise Reduction (CES) CyberLink Corp.

Codec CyberLink Tzan Filter CyberLink Corp.

Codec AVI Draw <Not available>

Codec CyberLink H.264/AVC Decoder CyberLink Corp.

Codec PP Gate Filter CyberLink

Codec CyberLink Audio Spectrum Analyzer(HomeNetwork) CyberLink Corp.

Codec CyberLink AudioCD Filter (PDVD8) CyberLink Corp.

Codec Pixela Audio format convert Filter (IMX-DES) PIXELA CORPORATION

Codec CyberLink Push-Mode CLStream CyberLink

Codec MPEG-2 Demultiplexer <Not available>

Codec DV Video Decoder <Not available>

Codec Canon Actual Data Length Setter Canon Inc.

Codec Indeo® audio software Intel Corporation

Codec PP DV Dump Filter CyberLink Corporation

Codec PIXELA MPEG2 Video Encoder Pixela Corporation

Codec ArcSoft Realtime Capture Encoder Filter Arcsoft

Codec WIA Stream Snapshot Filter <Not available>

Codec SampleGrabber <Not available>

Codec Null Renderer <Not available>

Codec CyberLink WebCamera NULL Render CyberLink

Codec Arcsoft WMV/ASF Splitter Arcsoft, Inc.

Codec MPEG-2 Sections and Tables <Not available>

Codec IVF source filter Intel Corporation

Codec Arcsoft Mpeg2Audio Encoder ArcSoft Inc.

Codec CyberLink Video Regulator Cyberlink

Codec CyberLink MPEGV Analyzer CyberLink

Codec CyberLink Tzan Filter (PDVD8) CyberLink Corp.

Codec StreamBufferSource <Not available>

Codec PowerProducer Double Tee CtberLink Corporation

Codec CyberLink TimeStretch Filter (CES) CyberLink Corp.

Codec Smart Tee <Not available>

Codec Overlay Mixer <Not available>

Codec Pixela Mpeg Splitter PIXELA CORPORATION

Codec CyberLink TL MPEG Splitter CyberLink Corp.

Codec AVI Decompressor <Not available>

Codec Canon Resizer Canon Inc.

Codec CyberLink MPEG Muxer CyberLink

Codec PiXELA Deinterlace Filter PIXELA CORPORATION

Codec PP Video Regulator Cyberlink

Codec PP SnapShotTIP Filter CyberLink

Codec AVI/WAV File Source <Not available>

Codec Arcsoft Snapshot Filter 1.0 Arcsoft Corporation

Codec QuickTime Movie Parser <Not available>

Codec Wave Parser <Not available>

Codec MIDI Parser <Not available>

Codec Multi-file Parser <Not available>

Codec File stream renderer <Not available>

Codec ArcSoft MPEG Splitter ArcSoft, Inc.

Codec ArcSoft TS Stream ArcSoft, Inc.

Codec Dump PiXELA Corp.

Codec Canon WAV Dest Canon Inc.

Codec CyberLink WMV Dumper <Not available>

Codec CyberLink SBE Filter CyberLink

Codec CyberLink Line21 Decoder (PDVD8) CyberLink Corp.

Codec CyberLink Audio Decoder(PDVD8 UPnP) CyberLink Corp.

Codec CyberLink Audio Effect (PDVD8) CyberLink Corporation

Codec CyberLink MPEG Muxer CyberLink

Codec AVI Mux <Not available>

Codec Line 21 Decoder 2 <Not available>

Codec File Source (Async.) <Not available>

Codec File Source (URL) <Not available>

Codec P2G Video Regulator CyberLink

Codec Pixela Color Format Convert Filter DES PIXELA CORPORATION

Codec CyberLink MPEG-4 Muxer CyberLink Corp.

Codec PP Byte Counter CyberLink Corporation

Codec CyberLink AVI Audio Time Regulator cyberlink

Codec P2G Audio Encoder Cyberlink Corp.

Codec PP MPEG Video Encoder CyberLink Corp.

Codec ArcSoft MPEG Video Decoder ArcSoft Inc.

Codec CyberLink Audio Spectrum Analyzer (PDVD8) CyberLink Corp.

Codec Infinite Pin Tee Filter <Not available>

Codec CyberLink Video/SP Decoder(HomeNetwork) CyberLink Corp.

Codec PP TimeStretch Filter (CES) CyberLink Corp.

Codec PIXELA MPEG2 Video Decoder for IMx PIXELA CORPORATION

Codec Pixela Scaling Filter for IMx PIXELA CORPORATION

Codec QT Decompressor <Not available>

Codec MPEG Video Decoder <Not available>

Codec psWav Dest Canon Inc.

Codec CyberLink MPEG Decoder CyberLink Corp.

Codec CyberLink MPEG-4 Splitter CyberLink Corp.

Codec CyberLink MPEG-4 Muxer CyberLink Corp.

Network Provider RDPNP Microsoft Corporation

Network Provider LanmanWorkstation Microsoft Corporation

Network Provider WebClient Microsoft Corporation

Print Monitor Canon BJ Language Monitor MP620 series CANON INC.

Print Monitor Canon BJNP Port CANON INC.

Print Monitor CutePDF Writer Monitor Unknown owner

Print Monitor Nitro PDF Port Monitor Nitro PDF Software

Edited by boopme, 01 June 2012 - 09:30 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 AM

Posted 05 June 2012 - 08:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 AM

Posted 11 June 2012 - 09:56 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users