Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan horseBackDoor.huplgon5.cnfq


  • Please log in to reply
24 replies to this topic

#1 Mary Helen

Mary Helen

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Payson, AZ
  • Local time:12:17 PM

Posted 08 December 2012 - 10:58 PM

AVG free found this troujan horse BackDoor.huplgon5.cnfq in my embroidery software. It was deleted by AVG, it was an exe file. I tried to restore my software by disk, it couldn't be done, avg would find the application file agen. I finally deleted the software progam in the control pane and started the virus scan again. AVG could not find anything but my desktop was acting up. I backed up all on my Iomega hard drive. I was trying to find information about my software and the desktop started acting up. Programs that opened previous now wouldn't. Control panel wouldn't open, I could not get into Internet Explorer, or Google, then I couldn't use Run, then start closed as well. I shut the machine down and was able to get into safe mode. I went into the control panel and deleted a few programs, and then restarted. Got in and went and downloaded Kaspersky and deleted AVG. Ran the scan and it found another trojan and also reported that some things were obsolete. I was on my Ipad and went to your site and read a lot of articles. I was following the malware procedures. Hopefully attached is the dst file and other file from that download. I am having trouble getting out with it. My computer is working but very,very, slowly. Thanks

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17114 BrowserJavaVersion: 10.7.2
Run by Owner at 17:24:36 on 2012-12-08
.
============== Running Processes ================
.
C:\Program Files\WTouch\WTouchService.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements

3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common

Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\FLiCA\VPN\cvpnd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Adobe\Photoshop Elements

3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSVC.EXE
C:\Program Files\Common Files\Pure Networks

Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MAPS4P~2\bar\1.bin\0cbrmon.exe
C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Documents and Settings\Owner\My Documents\New

Folder\WZQKPICK.EXE
C:\Documents and Settings\Owner\Application Data\CBS

Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSvcM.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtblfs.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp
uWindow Title = Microsoft Internet Explorer provided by

Flightline
uSearch Bar =

hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid

=60341
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{

language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncodi

ng}&sourceid=ie7&rlz=1I7GGLL_en
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class:

{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program

files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: &Crawler Toolbar Helper:

{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - c:\program

files\crawler\toolbar\ctbr.dll
uURLSearchHooks: <No Name>:

{f24df03f-d7f1-40b8-a63a-9d2be4908f39} - c:\program

files\maps4pc_0c\bar\1.bin\0cSrcAs.dll
uURLSearchHooks: Security Stronghold Toolbar:

{3cb37734-f8da-48ef-89e2-f393f707e839} - c:\program

files\security_stronghold\prxtbSec0.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} -

<orphaned>
uWindows: Run =
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -

c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper:

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: &Crawler Toolbar Helper:

{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - c:\program

files\crawler\toolbar\ctbr.dll
BHO: Security Stronghold Toolbar:

{3cb37734-f8da-48ef-89e2-f393f707e839} - c:\program

files\security_stronghold\prxtbSec0.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -

c:\program files\kaspersky lab\kaspersky pure 2.0\ievkbd.dll
BHO: Java™ Plug-In SSV Helper:

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program

files\java\jre7\bin\ssv.dll
BHO: ViewerHelper Class: {78104A01-8E71-4F30-9A36-3793799615B4}

- c:\program files\microsoft\rights management

add-on\RMAFilt.dll
BHO: Windows Live ID Sign-in Helper:

{9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common

files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper:

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll
BHO: Toolbar BHO: {ac3eb537-a86d-4a88-802a-79918db4abe7} -

c:\program files\maps4pc_0c\bar\1.bin\0cbar.dll
BHO: Google Toolbar Notifier BHO:

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program

files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

c:\program files\ask.com\GenericAskToolbar.dll
BHO: Search Assistant BHO:

{d76689d9-6555-42ee-a94f-ba89fb29ceb1} - c:\program

files\maps4pc_0c\bar\1.bin\0cSrcAs.dll
BHO: Java™ Plug-In 2 SSV Helper:

{DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program

files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} -

c:\program files\kaspersky lab\kaspersky pure 2.0\klwtbbho.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -

c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -

c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Maps4PC: {32BFBA07-B1FC-4764-BC21-4AF8C6188CA5} - c:\program

files\maps4pc_0c\bar\1.bin\0cbar.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -

c:\program files\crawler\toolbar\ctbr.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

c:\program files\ask.com\GenericAskToolbar.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -

c:\program files\lexmark toolbar\toolband.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -

c:\program files\crawler\toolbar\ctbr.dll
TB: Maps4PC: {32bfba07-b1fc-4764-bc21-4af8c6188ca5} - c:\program

files\maps4pc_0c\bar\1.bin\0cbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

c:\program files\ask.com\GenericAskToolbar.dll
TB: Security Stronghold Toolbar:

{3cb37734-f8da-48ef-89e2-f393f707e839} - c:\program

files\security_stronghold\prxtbSec0.dll
uRun: [swg] "c:\program

files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [LXCTCATS] rundll32

c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLE

ntry@16
mRun: [Maps4PC_0c Browser Plugin Loader]

c:\progra~1\maps4p~2\bar\1.bin\0cbrmon.exe
mRun: [ISUSScheduler] "c:\program files\common

files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\common

files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure

search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [ISUSPM Startup] "c:\program files\common

files\installshield\updateservice\isuspm.exe" -startup
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure

2.0\avp.exe"
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled =

dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search -

http://tbedits.mywebsearch.com/one-toolbaredits/menusearch.jhtml

?s=200401157&p=YWxdm001YYus&si=maps4pc&a=1D68F94E-7EF2-4821-AFCF

-CAB6B7F63349&n=2011100715
IE: Add to Anti-Banner - c:\program files\kaspersky

lab\kaspersky pure 2.0\ie_banner_deny.htm
IE: Add to EverNote - c:\program

files\evernote\evernote\enbar.dll/2000
IE: Crawler Search - tbr:iemenu
IE: {4248FE82-7FCB-46AC-B270-339F08212110} -

{4248FE82-7FCB-46AC-B270-339F08212110} - c:\program

files\kaspersky lab\kaspersky pure 2.0\ievkbd.dll
IE: {685ec120-f786-4498-a8f0-794d47916161} -

{C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program

files\microsoft\rights management add-on\RMAFilt.dll
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} -

{2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program

files\evernote\evernote\enbar.dll
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} -

{78104A01-8E71-4F30-9A36-3793799615B4} - c:\program

files\microsoft\rights management add-on\RMAFilt.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} -

{CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program

files\kaspersky lab\kaspersky pure 2.0\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
Trusted Zone: turbotax.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -

hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -

hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en

/x86/client/muweb_site.cab?1343737515125
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrash

im.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp

.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} -

hxxp://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{4D7CF201-5456-476A-9505-034A0F8CAE55} :

DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{92C1DEF1-9FCA-43E3-9235-93F1AF221903} :

DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: application/msword -

{DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program

files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd-viewer -

{CD4527E8-4FC7-48DB-9806-10537B501237} - c:\program

files\microsoft\rights management add-on\rmadoc.exe
Filter: application/vnd.ms-excel -

{DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program

files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint -

{DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program

files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/x-microsoft-rpmsg-message -

{DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program

files\microsoft\rights management add-on\RMAFilt.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} -

c:\program files\common files\pure networks

shared\platform\puresp4.dll
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} -

c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -

c:\program files\crawler\toolbar\ctbr.dll
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

- c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application

data\mozilla\firefox\profiles\15jdk3qi.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage -

hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp
FF - prefs.js: keyword.URL -

hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NCH2&o=APN

10111&locale=en_US&apn_uid=7ea820a6-1dae-423c-928d-5768d4a59c88&

apn_ptnrs=%5EA5M&apn_sauid=BDCC2CC3-9131-4E6C-BD0B-7B5C2E79D5C3&

apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
FF - component: c:\program

files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program

files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_t

avgp_xputils3.dll
FF - component: c:\program

files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_t

avgp_xputils35.dll
FF - component: c:\program

files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbap

i.dll
FF - plugin: c:\documents and settings\owner\local

settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader

9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure

search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\google

earth\plugin\npgeplugin.dll
FF - plugin: c:\program

files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program

files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\maps4pc_0c\bar\1.bin\NP0cStub.dll
FF - plugin: c:\program files\microsoft

silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\NPCrwPd.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin:

c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - ExtSQL: !HIDDEN! 2009-10-21 10:58;

{20a82645-c095-46ed-80e3-08825760534b};

c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-11-10 04:44; 0cffxtbr@Maps4PC_0c.com;

c:\program files\maps4pc_0c\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R? a2injectiondriver;a2injectiondriver
R? a2util;a-squared Malware-IDS utility driver
R? Maps4PC_0cService;Maps4PCService
R? MatSvc;Microsoft Automated Troubleshooting Service
R? OXSDIDRV_x32;Oxford Semi eSATA Filter (x32)
R? OXUDIDRV;OXUDIDRV
R? RTL8192su;%RTL8192su.DeviceDesc.DispName%
R? SydexFDD;Sydex Diskette Driver
R? teamviewervpn;TeamViewer VPN Adapter
R? vsdatant;vsdatant
S? AdobeActiveFileMonitor;Adobe Active File Monitor
S? avgtp;avgtp
S? AVP;Kaspersky Anti-Virus Service
S? CSCrySec;InfoWatch Encrypt Sector Library driver
S? CSObjectsSrv;CryptoStorage control service
S? CSVirtualDiskDrv;InfoWatch Virtual Disk driver
S? CVPNDRV;Flightline IPsec Driver
S? KL1;KL1
S? kl2;kl2
S? KLIF;Kaspersky Lab Driver
S? klim5;Kaspersky Anti-Virus NDIS Filter
S? klmouflt;Kaspersky Lab KLMOUFLT
S? PhotoshopElementsDeviceConnect;Photoshop Elements Device

Connect
S? rt2870;Linksys 802.11n USB Wireless LAN Card Driver
S? sprtlisten;SupportSoft Listener Service
S? TabletServicePen;TabletServicePen
S? trysftnt;trysftnt
S? WTouchService;WTouch Service
.
=============== Created Last 30 ================
.
2012-12-07 22:31:16 -------- d-----r-

C:\Backup
2012-12-07 22:25:35 98168 ----a-w-

c:\windows\system32\drivers\klick.dat
2012-12-07 22:25:35 116189 ----a-w-

c:\windows\system32\drivers\klin.dat
2012-12-07 22:23:19 39352 ----a-w-

c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-12-07 22:23:13 88632 ----a-w-

c:\windows\system32\drivers\CSCrySec.sys
2012-12-07 22:19:43 -------- d-----w-

c:\program files\common files\InfoWatch
2012-12-07 22:19:32 -------- d-----w-

c:\program files\Kaspersky Lab
2012-12-07 22:19:32 -------- d-----w-

c:\documents and settings\all users\application data\Kaspersky

Lab
2012-12-07 22:16:44 -------- d--h--w-

C:\kleaner.tmp
2012-12-05 15:21:50 -------- d-----w-

c:\program files\PLX Technology
2012-12-05 15:20:48 24880 ----a-w-

c:\windows\system32\drivers\OXUDIDRV_x32.sys
2012-12-05 15:19:47 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\Downloaded Installations
2012-12-05 15:18:29 -------- d-----w-

c:\program files\Iomega
2012-11-30 15:25:03 -------- d-----w-

c:\documents and settings\owner\application data\EurekaLog
2012-11-30 14:35:06 -------- d-----w-

c:\documents and settings\owner\application data\Sammsoft
2012-11-30 14:34:34 -------- d-----w-

c:\program files\ARO 2012
2012-11-30 05:56:31 -------- d-----w-

c:\program files\Hotkeyscmdsautorun Removal Tool
2012-11-30 05:55:24 -------- d-----w-

c:\program files\Conduit
2012-11-30 05:55:01 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\Security_Stronghold
2012-11-30 05:54:57 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\Conduit
2012-11-30 05:54:47 -------- d-----w-

c:\program files\Security_Stronghold
2012-11-30 05:54:06 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\CRE
2012-11-29 16:02:29 -------- d-----w-

c:\documents and settings\owner\application data\omnitechsupport
2012-11-29 13:17:14 -------- d-----w-

c:\windows\system32\NtmsData
2012-11-29 02:20:37 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\LogMeIn Rescue Applet
2012-11-28 23:54:25 -------- d-----w-

c:\program files\fabrics
2012-11-28 23:54:16 -------- d-----w-

c:\program files\BIN
2012-11-28 17:55:26 -------- d-----w- C:\New

Folder (3)
2012-11-28 17:40:42 187392 ----a-w-

c:\windows\system32\lpng.DLL
2012-11-26 21:25:12 -------- d-----w-

c:\documents and settings\owner\application data\AVG
2012-11-26 20:34:12 -------- d-----w-

c:\documents and settings\all users\application data\AVG
2012-11-26 20:31:30 -------- d-sh--w-

c:\documents and settings\all users\application

data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-14 14:34:56 -------- d-----w-

C:\spoolerlogs
2012-11-12 22:32:45 -------- d-----w-

c:\program files\Ask.com
2012-11-12 22:32:30 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\AskToolbar
2012-11-12 22:32:13 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\APN
.
==================== Find3M ====================
.
2012-11-07 21:52:42 73656 ----a-w-

c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 21:52:42 697272 ----a-w-

c:\windows\system32\FlashPlayerApp.exe
2012-10-25 10:12:26 94208 ----a-w-

c:\windows\system32\QuickTimeVR.qtx
2012-10-25 10:12:26 69632 ----a-w-

c:\windows\system32\QuickTime.qts
2012-10-22 08:37:31 1866368 ----a-w-

c:\windows\system32\win32k.sys
2012-10-16 17:24:14 26984 ----a-w-

c:\windows\system32\drivers\avgtpx86.sys
2012-10-10 15:37:17 93672 ----a-w-

c:\windows\system32\WindowsAccessBridge.dll
2012-10-10 15:37:15 821736 ----a-w-

c:\windows\system32\npDeployJava1.dll
2012-10-10 15:37:15 143872 ----a-w-

c:\windows\system32\javacpl.cpl
2012-10-10 15:37:14 746984 ----a-w-

c:\windows\system32\deployJava1.dll
2012-10-02 18:04:21 58368 ----a-w-

c:\windows\system32\synceng.dll
2010-09-02 13:24:43 613200 ----a-w- c:\program

files\IMToolPack_Setup.exe
.
============= FINISH: 17:27:41.33 ===============
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17114 BrowserJavaVersion: 10.7.2
Run by Owner at 17:24:36 on 2012-12-08
.
============== Running Processes ================
.
C:\Program Files\WTouch\WTouchService.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements

3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common

Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\FLiCA\VPN\cvpnd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Adobe\Photoshop Elements

3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSVC.EXE
C:\Program Files\Common Files\Pure Networks

Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MAPS4P~2\bar\1.bin\0cbrmon.exe
C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Documents and Settings\Owner\My Documents\New

Folder\WZQKPICK.EXE
C:\Documents and Settings\Owner\Application Data\CBS

Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSvcM.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtblfs.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp
uWindow Title = Microsoft Internet Explorer provided by

Flightline
uSearch Bar =

hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid

=60341
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{

language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncodi

ng}&sourceid=ie7&rlz=1I7GGLL_en
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class:

{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program

files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: &Crawler Toolbar Helper:

{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - c:\program

files\crawler\toolbar\ctbr.dll
uURLSearchHooks: <No Name>:

{f24df03f-d7f1-40b8-a63a-9d2be4908f39} - c:\program

files\maps4pc_0c\bar\1.bin\0cSrcAs.dll
uURLSearchHooks: Security Stronghold Toolbar:

{3cb37734-f8da-48ef-89e2-f393f707e839} - c:\program

files\security_stronghold\prxtbSec0.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} -

<orphaned>
uWindows: Run =
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -

c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper:

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: &Crawler Toolbar Helper:

{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - c:\program

files\crawler\toolbar\ctbr.dll
BHO: Security Stronghold Toolbar:

{3cb37734-f8da-48ef-89e2-f393f707e839} - c:\program

files\security_stronghold\prxtbSec0.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -

c:\program files\kaspersky lab\kaspersky pure 2.0\ievkbd.dll
BHO: Java™ Plug-In SSV Helper:

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program

files\java\jre7\bin\ssv.dll
BHO: ViewerHelper Class: {78104A01-8E71-4F30-9A36-3793799615B4}

- c:\program files\microsoft\rights management

add-on\RMAFilt.dll
BHO: Windows Live ID Sign-in Helper:

{9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common

files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper:

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll
BHO: Toolbar BHO: {ac3eb537-a86d-4a88-802a-79918db4abe7} -

c:\program files\maps4pc_0c\bar\1.bin\0cbar.dll
BHO: Google Toolbar Notifier BHO:

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program

files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

c:\program files\ask.com\GenericAskToolbar.dll
BHO: Search Assistant BHO:

{d76689d9-6555-42ee-a94f-ba89fb29ceb1} - c:\program

files\maps4pc_0c\bar\1.bin\0cSrcAs.dll
BHO: Java™ Plug-In 2 SSV Helper:

{DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program

files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} -

c:\program files\kaspersky lab\kaspersky pure 2.0\klwtbbho.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -

c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -

c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Maps4PC: {32BFBA07-B1FC-4764-BC21-4AF8C6188CA5} - c:\program

files\maps4pc_0c\bar\1.bin\0cbar.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -

c:\program files\crawler\toolbar\ctbr.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

c:\program files\ask.com\GenericAskToolbar.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -

c:\program files\lexmark toolbar\toolband.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -

c:\program files\crawler\toolbar\ctbr.dll
TB: Maps4PC: {32bfba07-b1fc-4764-bc21-4af8c6188ca5} - c:\program

files\maps4pc_0c\bar\1.bin\0cbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

c:\program files\ask.com\GenericAskToolbar.dll
TB: Security Stronghold Toolbar:

{3cb37734-f8da-48ef-89e2-f393f707e839} - c:\program

files\security_stronghold\prxtbSec0.dll
uRun: [swg] "c:\program

files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [LXCTCATS] rundll32

c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLE

ntry@16
mRun: [Maps4PC_0c Browser Plugin Loader]

c:\progra~1\maps4p~2\bar\1.bin\0cbrmon.exe
mRun: [ISUSScheduler] "c:\program files\common

files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\common

files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure

search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [ISUSPM Startup] "c:\program files\common

files\installshield\updateservice\isuspm.exe" -startup
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure

2.0\avp.exe"
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled =

dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search -

http://tbedits.mywebsearch.com/one-toolbaredits/menusearch.jhtml

?s=200401157&p=YWxdm001YYus&si=maps4pc&a=1D68F94E-7EF2-4821-AFCF

-CAB6B7F63349&n=2011100715
IE: Add to Anti-Banner - c:\program files\kaspersky

lab\kaspersky pure 2.0\ie_banner_deny.htm
IE: Add to EverNote - c:\program

files\evernote\evernote\enbar.dll/2000
IE: Crawler Search - tbr:iemenu
IE: {4248FE82-7FCB-46AC-B270-339F08212110} -

{4248FE82-7FCB-46AC-B270-339F08212110} - c:\program

files\kaspersky lab\kaspersky pure 2.0\ievkbd.dll
IE: {685ec120-f786-4498-a8f0-794d47916161} -

{C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program

files\microsoft\rights management add-on\RMAFilt.dll
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} -

{2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program

files\evernote\evernote\enbar.dll
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} -

{78104A01-8E71-4F30-9A36-3793799615B4} - c:\program

files\microsoft\rights management add-on\RMAFilt.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} -

{CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program

files\kaspersky lab\kaspersky pure 2.0\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
Trusted Zone: turbotax.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -

hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -

hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en

/x86/client/muweb_site.cab?1343737515125
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrash

im.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp

.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} -

hxxp://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{4D7CF201-5456-476A-9505-034A0F8CAE55} :

DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{92C1DEF1-9FCA-43E3-9235-93F1AF221903} :

DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: application/msword -

{DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program

files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd-viewer -

{CD4527E8-4FC7-48DB-9806-10537B501237} - c:\program

files\microsoft\rights management add-on\rmadoc.exe
Filter: application/vnd.ms-excel -

{DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program

files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint -

{DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program

files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/x-microsoft-rpmsg-message -

{DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program

files\microsoft\rights management add-on\RMAFilt.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} -

c:\program files\common files\pure networks

shared\platform\puresp4.dll
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} -

c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -

c:\program files\crawler\toolbar\ctbr.dll
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

- c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application

data\mozilla\firefox\profiles\15jdk3qi.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage -

hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp
FF - prefs.js: keyword.URL -

hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NCH2&o=APN

10111&locale=en_US&apn_uid=7ea820a6-1dae-423c-928d-5768d4a59c88&

apn_ptnrs=%5EA5M&apn_sauid=BDCC2CC3-9131-4E6C-BD0B-7B5C2E79D5C3&

apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
FF - component: c:\program

files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program

files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_t

avgp_xputils3.dll
FF - component: c:\program

files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_t

avgp_xputils35.dll
FF - component: c:\program

files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbap

i.dll
FF - plugin: c:\documents and settings\owner\local

settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader

9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure

search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\google

earth\plugin\npgeplugin.dll
FF - plugin: c:\program

files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program

files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\maps4pc_0c\bar\1.bin\NP0cStub.dll
FF - plugin: c:\program files\microsoft

silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\NPCrwPd.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin:

c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - ExtSQL: !HIDDEN! 2009-10-21 10:58;

{20a82645-c095-46ed-80e3-08825760534b};

c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-11-10 04:44; 0cffxtbr@Maps4PC_0c.com;

c:\program files\maps4pc_0c\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R? a2injectiondriver;a2injectiondriver
R? a2util;a-squared Malware-IDS utility driver
R? Maps4PC_0cService;Maps4PCService
R? MatSvc;Microsoft Automated Troubleshooting Service
R? OXSDIDRV_x32;Oxford Semi eSATA Filter (x32)
R? OXUDIDRV;OXUDIDRV
R? RTL8192su;%RTL8192su.DeviceDesc.DispName%
R? SydexFDD;Sydex Diskette Driver
R? teamviewervpn;TeamViewer VPN Adapter
R? vsdatant;vsdatant
S? AdobeActiveFileMonitor;Adobe Active File Monitor
S? avgtp;avgtp
S? AVP;Kaspersky Anti-Virus Service
S? CSCrySec;InfoWatch Encrypt Sector Library driver
S? CSObjectsSrv;CryptoStorage control service
S? CSVirtualDiskDrv;InfoWatch Virtual Disk driver
S? CVPNDRV;Flightline IPsec Driver
S? KL1;KL1
S? kl2;kl2
S? KLIF;Kaspersky Lab Driver
S? klim5;Kaspersky Anti-Virus NDIS Filter
S? klmouflt;Kaspersky Lab KLMOUFLT
S? PhotoshopElementsDeviceConnect;Photoshop Elements Device

Connect
S? rt2870;Linksys 802.11n USB Wireless LAN Card Driver
S? sprtlisten;SupportSoft Listener Service
S? TabletServicePen;TabletServicePen
S? trysftnt;trysftnt
S? WTouchService;WTouch Service
.
=============== Created Last 30 ================
.
2012-12-07 22:31:16 -------- d-----r-

C:\Backup
2012-12-07 22:25:35 98168 ----a-w-

c:\windows\system32\drivers\klick.dat
2012-12-07 22:25:35 116189 ----a-w-

c:\windows\system32\drivers\klin.dat
2012-12-07 22:23:19 39352 ----a-w-

c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-12-07 22:23:13 88632 ----a-w-

c:\windows\system32\drivers\CSCrySec.sys
2012-12-07 22:19:43 -------- d-----w-

c:\program files\common files\InfoWatch
2012-12-07 22:19:32 -------- d-----w-

c:\program files\Kaspersky Lab
2012-12-07 22:19:32 -------- d-----w-

c:\documents and settings\all users\application data\Kaspersky

Lab
2012-12-07 22:16:44 -------- d--h--w-

C:\kleaner.tmp
2012-12-05 15:21:50 -------- d-----w-

c:\program files\PLX Technology
2012-12-05 15:20:48 24880 ----a-w-

c:\windows\system32\drivers\OXUDIDRV_x32.sys
2012-12-05 15:19:47 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\Downloaded Installations
2012-12-05 15:18:29 -------- d-----w-

c:\program files\Iomega
2012-11-30 15:25:03 -------- d-----w-

c:\documents and settings\owner\application data\EurekaLog
2012-11-30 14:35:06 -------- d-----w-

c:\documents and settings\owner\application data\Sammsoft
2012-11-30 14:34:34 -------- d-----w-

c:\program files\ARO 2012
2012-11-30 05:56:31 -------- d-----w-

c:\program files\Hotkeyscmdsautorun Removal Tool
2012-11-30 05:55:24 -------- d-----w-

c:\program files\Conduit
2012-11-30 05:55:01 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\Security_Stronghold
2012-11-30 05:54:57 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\Conduit
2012-11-30 05:54:47 -------- d-----w-

c:\program files\Security_Stronghold
2012-11-30 05:54:06 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\CRE
2012-11-29 16:02:29 -------- d-----w-

c:\documents and settings\owner\application data\omnitechsupport
2012-11-29 13:17:14 -------- d-----w-

c:\windows\system32\NtmsData
2012-11-29 02:20:37 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\LogMeIn Rescue Applet
2012-11-28 23:54:25 -------- d-----w-

c:\program files\fabrics
2012-11-28 23:54:16 -------- d-----w-

c:\program files\BIN
2012-11-28 17:55:26 -------- d-----w- C:\New

Folder (3)
2012-11-28 17:40:42 187392 ----a-w-

c:\windows\system32\lpng.DLL
2012-11-26 21:25:12 -------- d-----w-

c:\documents and settings\owner\application data\AVG
2012-11-26 20:34:12 -------- d-----w-

c:\documents and settings\all users\application data\AVG
2012-11-26 20:31:30 -------- d-sh--w-

c:\documents and settings\all users\application

data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-14 14:34:56 -------- d-----w-

C:\spoolerlogs
2012-11-12 22:32:45 -------- d-----w-

c:\program files\Ask.com
2012-11-12 22:32:30 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\AskToolbar
2012-11-12 22:32:13 -------- d-----w-

c:\documents and settings\owner\local settings\application

data\APN
.
==================== Find3M ====================
.
2012-11-07 21:52:42 73656 ----a-w-

c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 21:52:42 697272 ----a-w-

c:\windows\system32\FlashPlayerApp.exe
2012-10-25 10:12:26 94208 ----a-w-

c:\windows\system32\QuickTimeVR.qtx
2012-10-25 10:12:26 69632 ----a-w-

c:\windows\system32\QuickTime.qts
2012-10-22 08:37:31 1866368 ----a-w-

c:\windows\system32\win32k.sys
2012-10-16 17:24:14 26984 ----a-w-

c:\windows\system32\drivers\avgtpx86.sys
2012-10-10 15:37:17 93672 ----a-w-

c:\windows\system32\WindowsAccessBridge.dll
2012-10-10 15:37:15 821736 ----a-w-

c:\windows\system32\npDeployJava1.dll
2012-10-10 15:37:15 143872 ----a-w-

c:\windows\system32\javacpl.cpl
2012-10-10 15:37:14 746984 ----a-w-

c:\windows\system32\deployJava1.dll
2012-10-02 18:04:21 58368 ----a-w-

c:\windows\system32\synceng.dll
2010-09-02 13:24:43 613200 ----a-w- c:\program

files\IMToolPack_Setup.exe
.
============= FINISH: 17:27:41.33 ===============

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:17 PM

Posted 09 December 2012 - 02:57 PM

Good evening. :)

Your DDS log has some blank lines it that make it difficult to read. Open the text file DDS.txt that you created, click Format at the top and ensure that Word Wrap is unchecked - uncheck it if it is. Close the file and then open it again and pst the contents.

So long, and thanks for all the fish.

 

 


#3 Mary Helen

Mary Helen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Payson, AZ
  • Local time:12:17 PM

Posted 10 December 2012 - 04:28 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17114 BrowserJavaVersion: 10.7.2
Run by Owner at 17:24:36 on 2012-12-08
.
============== Running Processes ================
.
C:\Program Files\WTouch\WTouchService.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\FLiCA\VPN\cvpnd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MAPS4P~2\bar\1.bin\0cbrmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Documents and Settings\Owner\My Documents\New Folder\WZQKPICK.EXE
C:\Documents and Settings\Owner\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtblfs.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp
uWindow Title = Microsoft Internet Explorer provided by Flightline
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: &Crawler Toolbar Helper: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - c:\program files\crawler\toolbar\ctbr.dll
uURLSearchHooks: <No Name>: {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - c:\program files\maps4pc_0c\bar\1.bin\0cSrcAs.dll
uURLSearchHooks: Security Stronghold Toolbar: {3cb37734-f8da-48ef-89e2-f393f707e839} - c:\program files\security_stronghold\prxtbSec0.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uWindows: Run =
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: &Crawler Toolbar Helper: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - c:\program files\crawler\toolbar\ctbr.dll
BHO: Security Stronghold Toolbar: {3cb37734-f8da-48ef-89e2-f393f707e839} - c:\program files\security_stronghold\prxtbSec0.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky pure 2.0\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ViewerHelper Class: {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Toolbar BHO: {ac3eb537-a86d-4a88-802a-79918db4abe7} - c:\program files\maps4pc_0c\bar\1.bin\0cbar.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Search Assistant BHO: {d76689d9-6555-42ee-a94f-ba89fb29ceb1} - c:\program files\maps4pc_0c\bar\1.bin\0cSrcAs.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky pure 2.0\klwtbbho.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Maps4PC: {32BFBA07-B1FC-4764-BC21-4AF8C6188CA5} - c:\program files\maps4pc_0c\bar\1.bin\0cbar.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\crawler\toolbar\ctbr.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\crawler\toolbar\ctbr.dll
TB: Maps4PC: {32bfba07-b1fc-4764-bc21-4af8c6188ca5} - c:\program files\maps4pc_0c\bar\1.bin\0cbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Security Stronghold Toolbar: {3cb37734-f8da-48ef-89e2-f393f707e839} - c:\program files\security_stronghold\prxtbSec0.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [Maps4PC_0c Browser Plugin Loader] c:\progra~1\maps4p~2\bar\1.bin\0cbrmon.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure 2.0\avp.exe"
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - http://tbedits.mywebsearch.com/one-toolbaredits/menusearch.jhtml?s=200401157&p=YWxdm001YYus&si=maps4pc&a=1D68F94E-7EF2-4821-AFCF-CAB6B7F63349&n=2011100715
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky pure 2.0\ie_banner_deny.htm
IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000
IE: Crawler Search - tbr:iemenu
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure 2.0\ievkbd.dll
IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure 2.0\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: turbotax.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343737515125
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{4D7CF201-5456-476A-9505-034A0F8CAE55} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{92C1DEF1-9FCA-43E3-9235-93F1AF221903} : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - c:\program files\microsoft\rights management add-on\rmadoc.exe
Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\program files\crawler\toolbar\ctbr.dll
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\15jdk3qi.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NCH2&o=APN10111&locale=en_US&apn_uid=7ea820a6-1dae-423c-928d-5768d4a59c88&apn_ptnrs=%5EA5M&apn_sauid=BDCC2CC3-9131-4E6C-BD0B-7B5C2E79D5C3&apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\maps4pc_0c\bar\1.bin\NP0cStub.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCrwPd.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - ExtSQL: !HIDDEN! 2009-10-21 10:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-11-10 04:44; 0cffxtbr@Maps4PC_0c.com; c:\program files\maps4pc_0c\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R? a2injectiondriver;a2injectiondriver
R? a2util;a-squared Malware-IDS utility driver
R? Maps4PC_0cService;Maps4PCService
R? MatSvc;Microsoft Automated Troubleshooting Service
R? OXSDIDRV_x32;Oxford Semi eSATA Filter (x32)
R? OXUDIDRV;OXUDIDRV
R? RTL8192su;%RTL8192su.DeviceDesc.DispName%
R? SydexFDD;Sydex Diskette Driver
R? teamviewervpn;TeamViewer VPN Adapter
R? vsdatant;vsdatant
S? AdobeActiveFileMonitor;Adobe Active File Monitor
S? avgtp;avgtp
S? AVP;Kaspersky Anti-Virus Service
S? CSCrySec;InfoWatch Encrypt Sector Library driver
S? CSObjectsSrv;CryptoStorage control service
S? CSVirtualDiskDrv;InfoWatch Virtual Disk driver
S? CVPNDRV;Flightline IPsec Driver
S? KL1;KL1
S? kl2;kl2
S? KLIF;Kaspersky Lab Driver
S? klim5;Kaspersky Anti-Virus NDIS Filter
S? klmouflt;Kaspersky Lab KLMOUFLT
S? PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect
S? rt2870;Linksys 802.11n USB Wireless LAN Card Driver
S? sprtlisten;SupportSoft Listener Service
S? TabletServicePen;TabletServicePen
S? trysftnt;trysftnt
S? WTouchService;WTouch Service
.
=============== Created Last 30 ================
.
2012-12-07 22:31:16 -------- d-----r- C:\Backup
2012-12-07 22:25:35 98168 ----a-w- c:\windows\system32\drivers\klick.dat
2012-12-07 22:25:35 116189 ----a-w- c:\windows\system32\drivers\klin.dat
2012-12-07 22:23:19 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-12-07 22:23:13 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-12-07 22:19:43 -------- d-----w- c:\program files\common files\InfoWatch
2012-12-07 22:19:32 -------- d-----w- c:\program files\Kaspersky Lab
2012-12-07 22:19:32 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-12-07 22:16:44 -------- d--h--w- C:\kleaner.tmp
2012-12-05 15:21:50 -------- d-----w- c:\program files\PLX Technology
2012-12-05 15:20:48 24880 ----a-w- c:\windows\system32\drivers\OXUDIDRV_x32.sys
2012-12-05 15:19:47 -------- d-----w- c:\documents and settings\owner\local settings\application data\Downloaded Installations
2012-12-05 15:18:29 -------- d-----w- c:\program files\Iomega
2012-11-30 15:25:03 -------- d-----w- c:\documents and settings\owner\application data\EurekaLog
2012-11-30 14:35:06 -------- d-----w- c:\documents and settings\owner\application data\Sammsoft
2012-11-30 14:34:34 -------- d-----w- c:\program files\ARO 2012
2012-11-30 05:56:31 -------- d-----w- c:\program files\Hotkeyscmdsautorun Removal Tool
2012-11-30 05:55:24 -------- d-----w- c:\program files\Conduit
2012-11-30 05:55:01 -------- d-----w- c:\documents and settings\owner\local settings\application data\Security_Stronghold
2012-11-30 05:54:57 -------- d-----w- c:\documents and settings\owner\local settings\application data\Conduit
2012-11-30 05:54:47 -------- d-----w- c:\program files\Security_Stronghold
2012-11-30 05:54:06 -------- d-----w- c:\documents and settings\owner\local settings\application data\CRE
2012-11-29 16:02:29 -------- d-----w- c:\documents and settings\owner\application data\omnitechsupport
2012-11-29 13:17:14 -------- d-----w- c:\windows\system32\NtmsData
2012-11-29 02:20:37 -------- d-----w- c:\documents and settings\owner\local settings\application data\LogMeIn Rescue Applet
2012-11-28 23:54:25 -------- d-----w- c:\program files\fabrics
2012-11-28 23:54:16 -------- d-----w- c:\program files\BIN
2012-11-28 17:55:26 -------- d-----w- C:\New Folder (3)
2012-11-28 17:40:42 187392 ----a-w- c:\windows\system32\lpng.DLL
2012-11-26 21:25:12 -------- d-----w- c:\documents and settings\owner\application data\AVG
2012-11-26 20:34:12 -------- d-----w- c:\documents and settings\all users\application data\AVG
2012-11-26 20:31:30 -------- d-sh--w- c:\documents and settings\all users\application data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-14 14:34:56 -------- d-----w- C:\spoolerlogs
2012-11-12 22:32:45 -------- d-----w- c:\program files\Ask.com
2012-11-12 22:32:30 -------- d-----w- c:\documents and settings\owner\local settings\application data\AskToolbar
2012-11-12 22:32:13 -------- d-----w- c:\documents and settings\owner\local settings\application data\APN
.
==================== Find3M ====================
.
2012-11-07 21:52:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 21:52:42 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-25 10:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 10:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-16 17:24:14 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-10 15:37:17 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-10 15:37:15 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-10 15:37:15 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-10 15:37:14 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2010-09-02 13:24:43 613200 ----a-w- c:\program files\IMToolPack_Setup.exe
.
============= FINISH: 17:27:41.33 ===============

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:17 PM

Posted 11 December 2012 - 02:53 PM

Good evening. :)

Have you edited the header of the log - it should show your operating system, including version number, as the fourth line down and it doesn't.

So long, and thanks for all the fish.

 

 


#5 Mary Helen

Mary Helen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Payson, AZ
  • Local time:12:17 PM

Posted 11 December 2012 - 05:12 PM

Hi, I ran another report, 4th row down says Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.570 [GMT -7.00]
This new log looks entirely different from the current one. Do you want me to send it?

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:17 PM

Posted 11 December 2012 - 06:04 PM

Please. Will you also attach the second file produced, attach,txt, as per Step 7 here.

So long, and thanks for all the fish.

 

 


#7 Mary Helen

Mary Helen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Payson, AZ
  • Local time:12:17 PM

Posted 12 December 2012 - 08:57 AM

[attachment=133119:dds.txt]

#8 Mary Helen

Mary Helen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Payson, AZ
  • Local time:12:17 PM

Posted 13 December 2012 - 04:51 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17114 BrowserJavaVersion: 10.7.2
Run by Owner at 14:37:19 on 2012-12-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.570 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky PURE 2.0 *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
FW: Kaspersky PURE 2.0 *Enabled*
.
============== Running Processes ================
.
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\FLiCA\VPN\cvpnd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MAPS4P~2\bar\1.bin\0cbrmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uWindow Title = Microsoft Internet Explorer provided by Flightline
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: &Crawler Toolbar Helper: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - c:\program files\crawler\toolbar\ctbr.dll
uURLSearchHooks: <No Name>: {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - c:\program files\maps4pc_0c\bar\1.bin\0cSrcAs.dll
uURLSearchHooks: Security Stronghold Toolbar: {3cb37734-f8da-48ef-89e2-f393f707e839} - c:\program files\security_stronghold\prxtbSec0.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uWindows: Run =
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: &Crawler Toolbar Helper: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - c:\program files\crawler\toolbar\ctbr.dll
BHO: Security Stronghold Toolbar: {3cb37734-f8da-48ef-89e2-f393f707e839} - c:\program files\security_stronghold\prxtbSec0.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky pure 2.0\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ViewerHelper Class: {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Toolbar BHO: {ac3eb537-a86d-4a88-802a-79918db4abe7} - c:\program files\maps4pc_0c\bar\1.bin\0cbar.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Search Assistant BHO: {d76689d9-6555-42ee-a94f-ba89fb29ceb1} - c:\program files\maps4pc_0c\bar\1.bin\0cSrcAs.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky pure 2.0\klwtbbho.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Maps4PC: {32BFBA07-B1FC-4764-BC21-4AF8C6188CA5} - c:\program files\maps4pc_0c\bar\1.bin\0cbar.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\crawler\toolbar\ctbr.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Security Stronghold Toolbar: {3CB37734-F8DA-48EF-89E2-F393F707E839} - c:\program files\security_stronghold\prxtbSec0.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\crawler\toolbar\ctbr.dll
TB: Maps4PC: {32bfba07-b1fc-4764-bc21-4af8c6188ca5} - c:\program files\maps4pc_0c\bar\1.bin\0cbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Security Stronghold Toolbar: {3cb37734-f8da-48ef-89e2-f393f707e839} - c:\program files\security_stronghold\prxtbSec0.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [Maps4PC_0c Browser Plugin Loader] c:\progra~1\maps4p~2\bar\1.bin\0cbrmon.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure 2.0\avp.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\cnette~1.lnk - c:\documents and settings\owner\application data\cbs interactive\cnet techtracker\TechTracker.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\OPENOF~2.LNK -
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flight~1.lnk - c:\program files\flica\vpn\ipsecdialer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\documents and settings\owner\my documents\new folder\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - http://tbedits.mywebsearch.com/one-toolbaredits/menusearch.jhtml?s=200401157&p=YWxdm001YYus&si=maps4pc&a=1D68F94E-7EF2-4821-AFCF-CAB6B7F63349&n=2011100715
IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000
IE: Crawler Search - tbr:iemenu
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure 2.0\ievkbd.dll
IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure 2.0\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: turbotax.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343737515125
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{4D7CF201-5456-476A-9505-034A0F8CAE55} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{92C1DEF1-9FCA-43E3-9235-93F1AF221903} : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - c:\program files\microsoft\rights management add-on\rmadoc.exe
Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\program files\crawler\toolbar\ctbr.dll
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\15jdk3qi.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NCH2&o=APN10111&locale=en_US&apn_uid=7ea820a6-1dae-423c-928d-5768d4a59c88&apn_ptnrs=%5EA5M&apn_sauid=BDCC2CC3-9131-4E6C-BD0B-7B5C2E79D5C3&apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\maps4pc_0c\bar\1.bin\NP0cStub.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCrwPd.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - ExtSQL: !HIDDEN! 2009-10-21 10:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-11-10 04:44; 0cffxtbr@Maps4PC_0c.com; c:\program files\maps4pc_0c\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2012-12-7 88632]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-10-20 135984]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-16 26984]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2012-12-7 39352]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-10-20 13104]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-12-7 581464]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky pure 2.0\avp.exe [2012-8-30 202328]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 CVPNDRV;Flightline IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2010-9-3 263751]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2011-3-27 4497704]
R2 trysftnt;trysftnt;c:\windows\system32\drivers\TRYSFTNT.SYS [2008-10-29 39136]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2011-3-27 113448]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-7-19 724736]
S1 a2injectiondriver;a2injectiondriver;\??\c:\program files\emsisoft anti-malware\a2dix86.sys --> c:\program files\emsisoft anti-malware\a2dix86.sys [?]
S1 a2util;a-squared Malware-IDS utility driver;\??\c:\program files\emsisoft anti-malware\a2util32.sys --> c:\program files\emsisoft anti-malware\a2util32.sys [?]
S2 Maps4PC_0cService;Maps4PCService;c:\progra~1\maps4p~2\bar\1.bin\0cbarsvc.exe [2011-10-6 42504]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [2012-12-5 24880]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 594048]
S3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [2008-10-29 13359]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2012-5-20 25088]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-9-3 141752]
.
=============== Created Last 30 ================
.
2012-12-07 22:31:16 -------- d-----r- C:\Backup
2012-12-07 22:25:35 98168 ----a-w- c:\windows\system32\drivers\klick.dat
2012-12-07 22:25:35 116189 ----a-w- c:\windows\system32\drivers\klin.dat
2012-12-07 22:23:19 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-12-07 22:23:13 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-12-07 22:19:43 -------- d-----w- c:\program files\common files\InfoWatch
2012-12-07 22:19:32 -------- d-----w- c:\program files\Kaspersky Lab
2012-12-07 22:19:32 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-12-07 22:16:44 -------- d--h--w- C:\kleaner.tmp
2012-12-05 15:21:50 -------- d-----w- c:\program files\PLX Technology
2012-12-05 15:20:48 24880 ----a-w- c:\windows\system32\drivers\OXUDIDRV_x32.sys
2012-12-05 15:19:47 -------- d-----w- c:\documents and settings\owner\local settings\application data\Downloaded Installations
2012-12-05 15:18:29 -------- d-----w- c:\program files\Iomega
2012-11-30 15:25:03 -------- d-----w- c:\documents and settings\owner\application data\EurekaLog
2012-11-30 14:35:06 -------- d-----w- c:\documents and settings\owner\application data\Sammsoft
2012-11-30 14:34:34 -------- d-----w- c:\program files\ARO 2012
2012-11-30 05:56:31 -------- d-----w- c:\program files\Hotkeyscmdsautorun Removal Tool
2012-11-30 05:55:24 -------- d-----w- c:\program files\Conduit
2012-11-30 05:55:01 -------- d-----w- c:\documents and settings\owner\local settings\application data\Security_Stronghold
2012-11-30 05:54:57 -------- d-----w- c:\documents and settings\owner\local settings\application data\Conduit
2012-11-30 05:54:47 -------- d-----w- c:\program files\Security_Stronghold
2012-11-30 05:54:06 -------- d-----w- c:\documents and settings\owner\local settings\application data\CRE
2012-11-29 16:02:29 -------- d-----w- c:\documents and settings\owner\application data\omnitechsupport
2012-11-29 13:17:14 -------- d-----w- c:\windows\system32\NtmsData
2012-11-29 02:20:37 -------- d-----w- c:\documents and settings\owner\local settings\application data\LogMeIn Rescue Applet
2012-11-28 23:54:25 -------- d-----w- c:\program files\fabrics
2012-11-28 23:54:16 -------- d-----w- c:\program files\BIN
2012-11-28 17:55:26 -------- d-----w- C:\New Folder (3)
2012-11-28 17:40:42 187392 ----a-w- c:\windows\system32\lpng.DLL
2012-11-26 21:25:12 -------- d-----w- c:\documents and settings\owner\application data\AVG
2012-11-26 20:34:12 -------- d-----w- c:\documents and settings\all users\application data\AVG
2012-11-26 20:31:30 -------- d-sh--w- c:\documents and settings\all users\application data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-14 14:34:56 -------- d-----w- C:\spoolerlogs
2012-11-12 22:32:45 -------- d-----w- c:\program files\Ask.com
2012-11-12 22:32:30 -------- d-----w- c:\documents and settings\owner\local settings\application data\AskToolbar
2012-11-12 22:32:13 -------- d-----w- c:\documents and settings\owner\local settings\application data\APN
.
==================== Find3M ====================
.
2012-11-07 21:52:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 21:52:42 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-25 10:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 10:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-16 17:24:14 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-10 15:37:17 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-10 15:37:15 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-10 15:37:15 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-10 15:37:14 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2010-09-02 13:24:43 613200 ----a-w- c:\program files\IMToolPack_Setup.exe
.
============= FINISH: 14:38:50.75 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/15/2008 4:13:39 PM
System Uptime: 12/7/2012 7:04:46 PM (91 hours ago)
.
Motherboard: Dell Computer Corp. | | 0H1290
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 24.735 GiB free.
D: is CDROM ()
F: is FIXED (FAT32) - 37 GiB total, 27.451 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Game Port for SB Live! Series
Device ID: PCI\VEN_1102&DEV_7004&SUBSYS_10031102&REV_00\4&1C660DD6&0&49F0
Manufacturer: Creative
Name: Game Port for SB Live! Series
PNP Device ID: PCI\VEN_1102&DEV_7004&SUBSYS_10031102&REV_00\4&1C660DD6&0&49F0
Service: gameenum
.
==== System Restore Points ===================
.
RP1054: 9/7/2012 7:42:54 PM - System Checkpoint
RP1055: 9/8/2012 8:08:53 PM - System Checkpoint
RP1056: 9/10/2012 3:17:52 PM - System Checkpoint
RP1057: 9/12/2012 1:39:06 AM - System Checkpoint
RP1058: 9/13/2012 6:00:18 AM - Software Distribution Service 3.0
RP1059: 9/17/2012 4:30:39 PM - System Checkpoint
RP1060: 9/18/2012 7:34:39 PM - System Checkpoint
RP1061: 9/20/2012 1:05:33 AM - System Checkpoint
RP1062: 9/21/2012 6:19:47 PM - System Checkpoint
RP1063: 9/22/2012 6:00:17 AM - Software Distribution Service 3.0
RP1064: 9/24/2012 1:27:24 AM - System Checkpoint
RP1065: 9/25/2012 8:19:10 PM - System Checkpoint
RP1066: 9/27/2012 9:10:40 AM - System Checkpoint
RP1067: 9/28/2012 10:20:54 AM - System Checkpoint
RP1068: 9/29/2012 12:14:54 PM - System Checkpoint
RP1069: 9/30/2012 4:46:41 PM - System Checkpoint
RP1070: 10/1/2012 6:49:41 PM - System Checkpoint
RP1071: 10/2/2012 11:30:41 PM - System Checkpoint
RP1072: 10/4/2012 4:49:53 AM - System Checkpoint
RP1073: 10/5/2012 10:32:11 PM - System Checkpoint
RP1074: 10/7/2012 7:43:07 AM - System Checkpoint
RP1075: 10/8/2012 8:43:35 AM - System Checkpoint
RP1076: 10/9/2012 7:22:38 PM - System Checkpoint
RP1077: 10/10/2012 6:00:30 AM - Software Distribution Service 3.0
RP1078: 10/10/2012 8:36:12 AM - Removed Java 7 Update 6
RP1079: 10/10/2012 8:37:06 AM - Installed Java 7 Update 7
RP1080: 10/11/2012 10:59:43 AM - System Checkpoint
RP1081: 10/12/2012 1:37:03 PM - System Checkpoint
RP1082: 10/13/2012 4:36:06 PM - System Checkpoint
RP1083: 10/15/2012 7:32:21 AM - System Checkpoint
RP1084: 10/16/2012 6:02:32 AM - Installed AVG 2013
RP1085: 10/16/2012 6:02:47 AM - Removed AVG 2012
RP1086: 10/16/2012 9:51:39 AM - Installed AVG 2013
RP1087: 10/16/2012 9:50:40 AM - Software Distribution Service 3.0
RP1088: 10/16/2012 10:20:16 AM - Installed AVG 2013
RP1089: 10/16/2012 10:21:18 AM - Installed AVG 2013
RP1090: 10/17/2012 11:11:20 AM - System Checkpoint
RP1091: 10/18/2012 6:25:52 PM - System Checkpoint
RP1092: 10/20/2012 6:30:07 AM - System Checkpoint
RP1093: 10/21/2012 8:28:32 PM - System Checkpoint
RP1094: 10/23/2012 12:59:12 AM - System Checkpoint
RP1095: 10/24/2012 10:03:45 AM - System Checkpoint
RP1096: 10/25/2012 6:59:46 PM - System Checkpoint
RP1097: 10/26/2012 9:32:01 PM - System Checkpoint
RP1098: 10/27/2012 9:38:48 PM - System Checkpoint
RP1099: 10/29/2012 6:54:47 AM - System Checkpoint
RP1100: 10/30/2012 7:05:58 AM - System Checkpoint
RP1101: 10/31/2012 11:58:03 AM - System Checkpoint
RP1102: 11/2/2012 2:38:55 AM - System Checkpoint
RP1103: 11/3/2012 3:07:10 PM - System Checkpoint
RP1104: 11/4/2012 6:37:06 PM - System Checkpoint
RP1105: 11/7/2012 6:58:10 PM - System Checkpoint
RP1106: 11/9/2012 7:01:13 AM - System Checkpoint
RP1107: 11/10/2012 8:27:43 AM - System Checkpoint
RP1108: 11/11/2012 10:50:48 PM - System Checkpoint
RP1109: 11/13/2012 6:58:27 AM - System Checkpoint
RP1110: 11/16/2012 12:28:26 AM - System Checkpoint
RP1111: 11/16/2012 6:00:17 AM - Software Distribution Service 3.0
RP1112: 11/17/2012 8:33:16 AM - System Checkpoint
RP1113: 11/18/2012 4:46:41 PM - System Checkpoint
RP1114: 11/20/2012 2:07:24 PM - System Checkpoint
RP1115: 11/21/2012 6:49:19 PM - System Checkpoint
RP1116: 11/26/2012 11:16:21 AM - System Checkpoint
RP1117: 11/26/2012 2:22:48 PM - Installed AVG PC TuneUp
RP1118: 11/28/2012 6:29:23 PM - System Checkpoint
RP1119: 11/30/2012 7:11:19 AM - System Checkpoint
RP1120: 11/30/2012 7:34:34 AM - ARO 2012 - Before Installation
RP1121: 11/30/2012 7:35:22 AM - ARO 2012 - FIRST RUN
RP1122: 11/30/2012 7:43:50 AM - ARO 2012 Fri, Nov 30, 12 07:43
RP1123: 12/1/2012 10:40:09 AM - System Checkpoint
RP1124: 12/2/2012 10:43:44 AM - System Checkpoint
RP1125: 12/3/2012 1:21:10 PM - System Checkpoint
RP1126: 12/4/2012 4:57:18 PM - System Checkpoint
RP1127: 12/5/2012 7:25:22 PM - System Checkpoint
RP1128: 12/7/2012 3:19:21 PM - Installed Kaspersky PURE 2.0.
RP1129: 12/8/2012 6:42:10 AM - Removed AVG PC TuneUp
RP1130: 12/8/2012 6:44:16 AM - Removed AVG PC TuneUp Language Pack (en-US)
RP1131: 12/9/2012 1:01:40 PM - System Checkpoint
RP1132: 12/10/2012 2:28:19 PM - System Checkpoint
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 3.0
Adobe Reader 9.5.2
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Audacity 1.2.6
Belkin F7D1101 Basic Wireless USB Adapter
BIAS SoundSoap 2.0
Bonjour
Buzz Tools
BuzzEdit
Cisco Network Magic
CNET TechTracker
Corel Painter Essentials 2
Crawler Toolbar with Web Security Guard
Critical Update for Windows Media Player 11 (KB959772)
Disketch Disc Label Software
EPSON Scan
EverNote Plus
Express Burn Disc Burning Software
Express Rip
getPlus® for Adobe
getPlus®_ocx
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IM ToolPack
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Connections Drivers
Iomega Encryption
iSEEK AnswerWorks English Runtime
iTunes
Java 7 Update 7
Java Auto Updater
Kaspersky PURE 2.0
Korean Fonts Support For Adobe Reader 9
Lexmark 5400 Series
Lexmark Toolbar
Linksys Wireless Manager
Maps4PC
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MixPad
MobileMe Control Panel
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Tone Generator
NCH Toolbox
NetWaiting
Network Magic
nik Color Efex Pro 2.0 GE
OpenOffice.org 3.1
PE-DESIGN Ver 3
Pen Tablet
PitchPerfect Uninstall
plusdeck2
Pure Networks Platform
Quicken 2012
Quicken Home Inventory Manager
Quicken WillMaker Plus 2008
QuickTime
Qwest Installer
Qwest QuickAssist Desktop Tools
Recording Station
RemoteComms External Disk Access
Rights Management Add-on for Internet Explorer
Safari
Security Stronghold Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spelling Dictionaries Support For Adobe Reader 9
Switch Sound File Converter
TRx Recorder
TurboTax Deluxe 2007
Turtle Beach Riviera
Ulead Photo Explorer 6.0
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Voyetra AudioSurgeon LE
VPN Client
Wacom JustWrite Office
WavePad Sound Editor
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell™ 1.0
Windows Rights Management Client
Windows Rights Management Client Backwards Compatibility
Windows XP Service Pack 3
Zoom V.92 PCI Voice Faxmodem
.
==== Event Viewer Messages From Past Week ========
.
12/8/2012 6:17:57 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/7/2012 8:05:51 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/7/2012 8:05:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/7/2012 7:24:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/7/2012 7:23:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a2injectiondriver AVGIDSDriver AVGIDSShim Avgldx86 Fips intelppm
12/7/2012 7:23:10 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/7/2012 7:23:10 AM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
12/7/2012 7:23:10 AM, error: Service Control Manager [7001] - The Alerter service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/7/2012 7:22:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/7/2012 3:19:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a2injectiondriver
12/7/2012 3:16:44 PM, error: Service Control Manager [7034] - The Emsisoft Anti-Malware 5.0 - Service service terminated unexpectedly. It has done this 1 time(s).
12/5/2012 5:49:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
12/5/2012 5:35:16 PM, error: Service Control Manager [7000] - The Apple Mobile USB Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/5/2012 5:10:05 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
12/5/2012 5:10:05 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:17 PM

Posted 13 December 2012 - 07:31 PM

Hello Mary Helen ,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply:;
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 Mary Helen

Mary Helen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Payson, AZ
  • Local time:12:17 PM

Posted 14 December 2012 - 09:37 AM

Good morning. Thanks for your reply. Tried to download tdsskiller and got error MSG that says c: documents and settings\owner\desktop\ tdsskiller.exe is not a valid Win32 application.. Now what do I do?

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:17 PM

Posted 14 December 2012 - 10:04 AM

Skip it for now and try Combofix.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Mary Helen

Mary Helen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Payson, AZ
  • Local time:12:17 PM

Posted 14 December 2012 - 11:45 AM

Ok I need help it says I need to disable emissoft. I can not find the application. I can find a zip file start.exe is there should I open it then disable?

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:17 PM

Posted 14 December 2012 - 02:29 PM

Hello,

Just ignore the warning about emissoft and run Combofix.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Mary Helen

Mary Helen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Payson, AZ
  • Local time:12:17 PM

Posted 14 December 2012 - 04:10 PM

here it is..

ComboFix 12-12-14.01 - Owner 12/14/2012 13:46:58.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.580 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Kaspersky PURE 2.0 *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE 2.0 *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\SPL1.tmp
c:\documents and settings\All Users\SPL16A.tmp
c:\documents and settings\All Users\SPL19.tmp
c:\documents and settings\All Users\SPL27EE.tmp
c:\documents and settings\All Users\SPL4C96.tmp
c:\documents and settings\All Users\Start Menu\Programs\Adware Pro
c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
c:\documents and settings\Owner\Application Data\WTouch
c:\documents and settings\Owner\Application Data\WTouch\WTouch.xml
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\11584889e5897a77.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3b5f54c3e9b115c4.fb
c:\windows\system32\Cache\40ac596bcfe3d734.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\690cd16119677dda.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6c8a3f7b13b08cda.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\8323fb61dc7b18bd.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\add0f273b9dda87f.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\SET22.tmp
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-11-14 to 2012-12-14 )))))))))))))))))))))))))))))))
.
.
2012-12-12 13:28 . 2012-12-12 13:28 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-12-12 13:28 . 2012-12-12 13:28 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-12-12 13:28 . 2012-12-12 13:28 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-12-12 13:28 . 2012-12-12 13:28 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-12-12 13:28 . 2012-12-12 13:28 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-12-12 13:28 . 2012-12-12 13:28 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-12-12 13:28 . 2012-12-12 13:28 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-12-12 13:28 . 2012-12-12 13:28 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-12-12 13:28 . 2012-12-12 13:28 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-12-12 13:28 . 2012-12-12 13:28 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-12-12 13:27 . 2012-12-12 13:28 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-12-12 13:27 . 2012-12-12 13:27 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-12-12 13:27 . 2012-12-12 13:27 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-12-12 13:27 . 2012-12-12 13:27 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-12-12 13:27 . 2012-12-12 13:27 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-12-12 13:27 . 2012-12-12 13:27 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-12-12 13:27 . 2012-12-12 13:27 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-12-08 22:21 . 2012-12-08 22:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2012-12-07 22:31 . 2012-12-07 22:31 -------- d-----r- C:\Backup
2012-12-07 22:25 . 2012-12-07 22:25 98168 ----a-w- c:\windows\system32\drivers\klick.dat
2012-12-07 22:25 . 2012-12-07 22:25 116189 ----a-w- c:\windows\system32\drivers\klin.dat
2012-12-07 22:23 . 2009-12-14 19:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-12-07 22:23 . 2009-12-14 19:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-12-07 22:19 . 2012-12-07 22:19 -------- d-----w- c:\program files\Common Files\InfoWatch
2012-12-07 22:19 . 2012-12-14 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2012-12-07 22:19 . 2012-12-07 22:19 -------- d-----w- c:\program files\Kaspersky Lab
2012-12-07 22:16 . 2012-12-07 22:16 -------- d-----w- C:\kleaner.tmp
2012-12-07 14:21 . 2012-12-07 14:21 -------- d-----w- c:\documents and settings\Administrator
2012-12-05 15:21 . 2012-12-05 15:21 -------- d-----w- c:\program files\PLX Technology
2012-12-05 15:20 . 2010-05-25 15:14 24880 ----a-w- c:\windows\system32\drivers\OXUDIDRV_x32.sys
2012-12-05 15:19 . 2012-12-05 15:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2012-12-05 15:18 . 2012-12-05 15:18 -------- d-----w- c:\program files\Iomega
2012-11-30 18:52 . 2012-11-30 18:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Security_Stronghold
2012-11-30 15:25 . 2012-11-30 15:25 -------- d-----w- c:\documents and settings\Owner\Application Data\EurekaLog
2012-11-30 14:35 . 2012-11-30 14:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Sammsoft
2012-11-30 14:34 . 2012-12-07 14:52 -------- d-----w- c:\program files\ARO 2012
2012-11-30 05:56 . 2012-12-07 14:37 -------- d-----w- c:\program files\Hotkeyscmdsautorun Removal Tool
2012-11-30 05:55 . 2012-11-30 05:55 -------- d-----w- c:\program files\Conduit
2012-11-30 05:55 . 2012-12-14 14:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Security_Stronghold
2012-11-30 05:54 . 2012-11-30 05:58 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit
2012-11-30 05:54 . 2012-11-30 05:57 -------- d-----w- c:\program files\Security_Stronghold
2012-11-30 05:54 . 2012-11-30 05:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\CRE
2012-11-29 21:28 . 2012-11-29 21:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG
2012-11-29 16:02 . 2012-12-07 14:35 -------- d-----w- c:\documents and settings\Owner\Application Data\omnitechsupport
2012-11-29 13:17 . 2012-11-29 13:24 -------- d-----w- c:\windows\system32\NtmsData
2012-11-29 02:20 . 2012-12-05 15:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet
2012-11-28 23:54 . 2012-11-29 00:07 -------- d-----w- c:\program files\fabrics
2012-11-28 23:54 . 2012-11-29 00:07 -------- d-----w- c:\program files\BIN
2012-11-28 17:55 . 2012-11-28 17:55 -------- d-----w- C:\New Folder (3)
2012-11-28 17:40 . 1998-06-17 16:22 187392 ----a-w- c:\windows\system32\lpng.DLL
2012-11-26 21:25 . 2012-11-26 21:25 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG
2012-11-26 20:34 . 2012-11-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2012-11-26 20:31 . 2012-11-26 20:31 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-17 21:53 . 2012-11-17 21:53 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 01:25 . 2004-08-12 14:09 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 21:52 . 2012-04-11 14:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-07 21:52 . 2011-07-05 19:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-06 00:41 . 2004-08-12 13:55 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2004-08-12 13:56 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 03:30 . 2010-08-10 10:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-11-01 03:30 . 2004-08-12 14:09 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:30 . 2004-08-12 13:58 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:30 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll
2012-10-25 10:12 . 2012-10-25 10:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 10:12 . 2012-10-25 10:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-16 17:24 . 2012-10-16 17:24 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-10 15:37 . 2012-10-10 15:37 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-10 15:37 . 2012-10-10 15:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-10 15:37 . 2012-08-24 13:00 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-10 15:37 . 2011-01-27 01:04 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-02 18:04 . 2004-08-12 14:06 58368 ----a-w- c:\windows\system32\synceng.dll
2010-09-02 13:24 . 2010-09-02 13:24 613200 ----a-w- c:\program files\IMToolPack_Setup.exe
2012-06-26 22:15 . 2011-04-06 15:54 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{3cb37734-f8da-48ef-89e2-f393f707e839}"= "c:\program files\Security_Stronghold\prxtbSec0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{3cb37734-f8da-48ef-89e2-f393f707e839}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3cb37734-f8da-48ef-89e2-f393f707e839}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Security_Stronghold\prxtbSec0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 04:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d76689d9-6555-42ee-a94f-ba89fb29ceb1}]
2011-10-06 21:02 62864 ----a-w- c:\program files\Maps4PC_0c\bar\1.bin\0cSrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{3cb37734-f8da-48ef-89e2-f393f707e839}"= "c:\program files\Security_Stronghold\prxtbSec0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{3cb37734-f8da-48ef-89e2-f393f707e839}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{3CB37734-F8DA-48EF-89E2-F393F707E839}"= "c:\program files\Security_Stronghold\prxtbSec0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{3cb37734-f8da-48ef-89e2-f393f707e839}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 05:24 496056 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-29 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"Maps4PC_0c Browser Plugin Loader"="c:\progra~1\MAPS4P~2\bar\1.bin\0cbrmon.exe" [2011-10-06 30096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-31 202328]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\documents and settings\Owner\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-12-1 2624512]
OpenOffice.org 2.3.lnk - [N/A]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
Flightline VPN Client.lnk - c:\program files\FLiCA\VPN\ipsecdialer.exe [2010-9-3 1269836]
WinZip Quick Pick.lnk - c:\documents and settings\Owner\My Documents\New Folder\WZQKPICK.EXE [2008-2-14 106560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-11-22 09:11 82864 -c--a-w- c:\program files\Lexmark 5400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-29 15:26 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRxRun]
2008-03-24 18:19 507908 ----a-w- c:\program files\NCH Swift Sound\TRx\trx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LMIRescue_612ea18e-a751-496b-a987-72972b838edc"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IMToolPack"="c:\progra~1\Crawler\IMTOOL~1\IMToolP.exe"
"AROReminder"=c:\program files\ARO 2012\aro.exe -rem
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"IgfxTray"=c:\windows\system32\igfxtray.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" /s
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
"LXCTCATS"=rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe"
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" /DoAction
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Advanced System Optimizer"="c:\program files\Advanced System Optimizer 3\ASO3.exe" /autorun
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"IMToolPack"="c:\progra~1\Crawler\IMTOOL~1\IMToolP.exe"
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" /TRAYONLY
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FLiCA\\AweSetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [12/7/2012 3:23 PM 88632]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [10/16/2012 10:24 AM 26984]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [12/7/2012 3:23 PM 39352]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [10/20/2011 11:48 AM 13104]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [12/21/2009 5:34 PM 743992]
R2 CVPNDRV;Flightline IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [9/3/2010 5:10 AM 263751]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [3/27/2011 8:11 AM 4497704]
R2 trysftnt;trysftnt;c:\windows\system32\drivers\TRYSFTNT.SYS [10/29/2008 11:43 AM 39136]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [3/27/2011 8:12 AM 113448]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 6:34 PM 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
S1 a2injectiondriver;a2injectiondriver;\??\c:\program files\Emsisoft Anti-Malware\a2dix86.sys --> c:\program files\Emsisoft Anti-Malware\a2dix86.sys [?]
S1 a2util;a-squared Malware-IDS utility driver;\??\c:\program files\Emsisoft Anti-Malware\a2util32.sys --> c:\program files\Emsisoft Anti-Malware\a2util32.sys [?]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
S2 Maps4PC_0cService;Maps4PCService;c:\progra~1\MAPS4P~2\bar\1.bin\0cbarsvc.exe [10/6/2011 2:02 PM 42504]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [9/28/2009 9:55 AM 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [12/5/2012 8:20 AM 24880]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/6/2010 5:21 PM 594048]
S3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [10/29/2008 11:43 AM 13359]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [5/20/2012 5:54 AM 25088]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 21:52]
.
2012-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-12-12 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-11 00:05]
.
2012-12-14 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-11 00:05]
.
2012-11-22 c:\windows\Tasks\DisketchReminder.job
- c:\program files\NCH Software\Disketch\disketch.exe [2012-11-12 22:31]
.
2012-12-10 c:\windows\Tasks\ExpressBurnReminder.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2012-05-06 12:35]
.
2012-05-09 c:\windows\Tasks\ExpressRipReminder.job
- c:\program files\NCH Software\ExpressRip\expressrip.exe [2012-05-06 12:37]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 02:37]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 02:37]
.
2012-12-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-06-07 04:33]
.
2012-12-14 c:\windows\Tasks\User_Feed_Synchronization-{E02A8EC6-C7D0-4560-9C67-25826C03C4CB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 01:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: Add to EverNote - c:\program files\EverNote\EverNote\enbar.dll/2000
IE: Crawler Search - tbr:iemenu
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\15jdk3qi.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NCH2&o=APN10111&locale=en_US&apn_uid=7ea820a6-1dae-423c-928d-5768d4a59c88&apn_ptnrs=%5EA5M&apn_sauid=BDCC2CC3-9131-4E6C-BD0B-7B5C2E79D5C3&apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
FF - ExtSQL: !HIDDEN! 2009-10-21 10:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-11-10 04:44; 0cffxtbr@Maps4PC_0c.com; c:\program files\Maps4PC_0c\bar\1.bin
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-14 14:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
Completion time: 2012-12-14 14:06:09
ComboFix-quarantined-files.txt 2012-12-14 21:05
.
Pre-Run: 26,896,580,608 bytes free
Post-Run: 27,389,231,104 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - BBE2F7EBB7F287C870CC154B26DCE09A

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:17 PM

Posted 14 December 2012 - 05:07 PM

How is your machine running now?


Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users