Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Rootkit-Pakes.BI Detected by AVG


  • This topic is locked This topic is locked
21 replies to this topic

#1 scatymaty

scatymaty

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 25 February 2013 - 01:51 PM

Hi

 

I have a 32 bit HP PC running Windows XP SP3.

 

AVG is reporting that Trojan Horse Rootkit-Pakes.BI has infected c:\windows\system32\driver\volsnap.sys. I have attached a screen shot of the AVG report.

 

I have tried many things over the last couple of weeks try and get rid of it.

 

I cannot list everything I done because its all happened in a bit of a mess! Most recently I have:

 

Run combofix (I have attached the report)

 

I followed this by running the online scanner from eset which detected nothing.

 

Previously I have tried to run malware bytes anti-malware which also detected nothing.

 

Any help is most appreciated.

 

Matt

 

ComboFix 13-02-23.01 - Administrator 23/02/2013  17:02:36.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3055.2212 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\Malware Removal\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-23 to 2013-02-23  )))))))))))))))))))))))))))))))
.
.
2013-02-23 16:43 . 2013-02-23 16:43    --------    d-----w-    c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-02-23 16:42 . 2013-02-23 16:43    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-02-23 16:42 . 2013-02-23 16:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-02-23 12:34 . 2013-02-23 12:34    --------    d-----w-    c:\documents and settings\Administrator\AppData
2013-02-11 10:32 . 2013-02-11 10:32    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Search Settings
2013-02-11 10:31 . 2013-02-11 10:31    --------    d-----w-    c:\program files\Application Updater
2013-02-11 10:31 . 2013-02-11 10:31    --------    d-----w-    c:\program files\IObit Apps Toolbar
2013-02-11 10:31 . 2013-02-11 10:31    --------    d-----w-    c:\program files\Common Files\Spigot
2013-02-05 19:42 . 2013-02-05 19:42    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\libimobiledevice
2013-02-03 20:37 . 2013-02-03 20:49    --------    d-----w-    C:\MGtools
2013-02-03 20:31 . 2013-02-03 20:31    --------    d-----w-    c:\program files\HitmanPro
2013-02-03 20:31 . 2013-02-03 20:37    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
2013-02-03 20:22 . 2013-02-03 20:22    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-02-03 18:33 . 2013-02-03 18:33    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-02-03 18:33 . 2013-02-03 18:33    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-02-03 18:33 . 2013-02-03 18:33    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-02-03 18:33 . 2012-12-14 16:49    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-01-26 10:01 . 2013-01-26 10:01    --------    d-----w-    c:\documents and settings\Administrator\Application Data\IObit Apps
2013-01-25 18:45 . 2013-01-25 18:45    --------    d-----w-    c:\documents and settings\Administrator\Application Data\AVG2013
2013-01-25 18:44 . 2013-01-25 18:44    --------    d-----w-    c:\documents and settings\Administrator\Application Data\TuneUp Software
2013-01-25 18:44 . 2013-01-25 18:45    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG2013
2013-01-25 18:44 . 2013-01-25 18:44    --------    d-----w-    C:\$AVG
2013-01-25 18:43 . 2013-01-25 18:43    --------    d-----w-    c:\program files\AVG
2013-01-25 18:41 . 2013-01-25 18:41    --------    d--h--w-    c:\documents and settings\All Users\Application Data\Common Files
2013-01-25 18:41 . 2013-02-23 08:11    --------    d-----w-    c:\documents and settings\All Users\Application Data\MFAData
2013-01-25 18:41 . 2013-01-25 18:48    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\Avg2013
2013-01-25 18:41 . 2013-01-25 18:41    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\MFAData
2013-01-25 18:14 . 2013-01-25 18:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-01-25 18:12 . 2013-01-25 18:12    3092    ----a-w-    C:\cc_20130125_181233.reg
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-23 16:54 . 2012-05-10 15:44    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-23 16:54 . 2011-06-30 21:46    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-03 20:49 . 2013-02-03 20:37    257349    ----a-w-    C:\MGlogs.zip
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 19:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 19:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 19:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 19:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-04 16250880]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-13 1138688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 167936]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Getting started with MacDrive 8"="c:\program files\mediafour\macdrive 8\mdgetstarted.exe" [2010-10-08 130560]
"AppleSyncNotifier"="c:\program files\common files\apple\mobile device support\applesyncnotifier.exe" [2011-10-06 59240]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-04-07 06:00    434176    ----a-w-    c:\windows\system32\IfxWlxEN.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-06-21 19:38    40448    ------w-    c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0SmartDefragBootTime.exe\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 14:13    59280    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-07-21 12:50    86016    ----a-w-    c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 12:48    98304    ----a-w-    c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 13:57    152544    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-07-21 12:47    81920    ----a-w-    c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2011-04-17 02:07    131072    ------w-    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-04-01 02:44    761856    ----a-w-    c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-04-24 22:42    888832    ----a-w-    c:\windows\SMINST\Scheduler.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Software4u\\iPhone Explorer\\Software4u.IPhoneExplorer.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Adobe\\Adobe Bridge CS3\\Bridge.exe"=
"c:\\Program Files\\Adobe\\Adobe Device Central CS3\\DeviceCentral.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Adobe\\Adobe Utilities\\ExtendScript Toolkit 2\\ExtendScript Toolkit 2.exe"=
"c:\\Program Files\\Adobe\\Adobe Extension Manager\\Extension Manager.exe"=
"c:\\Program Files\\Adobe\\Adobe Fireworks CS3\\Fireworks.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3 Video Encoder\\Flash Video Encoder.exe"=
"c:\\Program Files\\Adobe\\Adobe Illustrator CS3\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"c:\\Program Files\\Adobe\\Adobe InDesign CS3\\InDesign.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe"=
"c:\\Program Files\\Adobe\\Adobe Stock Photos CS3\\Adobe Stock Photos CS3.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdaterInstallMgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 03:48 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 03:05 35552]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [07/10/2010 14:36 234160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [12/05/2010 13:51 29792]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [22/06/2011 17:01 53816]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [29/05/2011 12:42 13496]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 13:02 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 03:45 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 03:30 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 03:46 164832]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [17/06/2011 16:28 57800]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [07/04/2006 06:46 31104]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [01/06/2011 08:49 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [22/06/2011 17:01 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [22/06/2011 17:01 158904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 18:54 116608]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [25/01/2013 18:14 465216]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [07/02/2013 10:04 800120]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 07:56 14336]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22/10/2012 13:05 196664]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [23/02/2013 12:39 821592]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [08/10/2010 11:11 131584]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [01/04/2011 20:17 67400]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [23/02/2013 12:39 246816]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19/08/2010 04:55 36608]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [23/02/2013 12:39 30408]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [23/02/2013 12:39 16248]
S1 cdqusgxf;cdqusgxf; [x]
S1 cjumgaex;cjumgaex; [x]
S1 hcmhmbav;hcmhmbav; [x]
S1 ikzisdsv;ikzisdsv; [x]
S1 qhtlrttu;qhtlrttu; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 07:56 14336]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15/11/2012 23:34 5814904]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [03/02/2013 18:33 398184]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [03/02/2013 18:33 682344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/02/2013 18:33 21104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance    REG_MULTI_SZ       ASChannel
Akamai    REG_MULTI_SZ       Akamai
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 16:54]
.
2013-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-02-23 c:\windows\Tasks\ASC6_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 6\AutoSweep.exe [2013-01-25 18:47]
.
2013-02-23 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-01-25 18:47]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-10 23:56]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-10 23:56]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-949347404-2903795207-1439304645-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-09 09:14]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-949347404-2903795207-1439304645-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-09 09:14]
.
2013-02-23 c:\windows\Tasks\IMF_AutoScan.job
- c:\program files\IObit\IObit Malware Fighter\IMF.exe [2013-02-23 17:35]
.
2013-02-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3cdfa9bc-4b36-4604-97b3-2e6510d20b33.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-02-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4d91bf55-e5f0-4e16-934e-28d57a56613f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.search.yahoo.com?type=800236&fr=spigot-yhp-ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=9aa437a0-eedf-4142-9f6f-3c942ef7555a&searchtype=ds&q={searchTerms}
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
BHO-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
Toolbar-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
Notify-dimsntfy - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-23 17:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\IfxWlxEN.dll
c:\windows\system32\msi.dll
.
- - - - - - - > 'explorer.exe'(1660)
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-02-23  17:11:00
ComboFix-quarantined-files.txt  2013-02-23 17:10
ComboFix2.txt  2013-02-03 21:07
.
Pre-Run: 46,698,262,528 bytes free
Post-Run: 46,695,768,064 bytes free
.
- - End Of File - - 3EB074184A7CD5C17EAA52E70C292A98
 

Attached Files


Edited by Noviciate, 25 February 2013 - 03:00 PM.
CF log added from attachment.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 26 February 2013 - 01:53 AM


Hello scatymaty

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 scatymaty

scatymaty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 26 February 2013 - 01:24 PM

Thanks for your help. Apologies for attaching logs and not pasting it into the post (I am new to this).

 

Please see logs below as requested.

 

Matt

 

 

 

  • -Security Check Log File-

 

 Results of screen317's Security Check version 0.99.59  

 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG Anti-Virus Free Edition 2013   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.70.0.1100  
 CCleaner     
 Java™ 6 Update 20  
 Java version out of Date! 
 Adobe Flash Player     11.6.602.168  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 IObit IObit Malware Fighter IMFsrv.exe  
 IObit IObit Malware Fighter IMF.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 10% 
````````````````````End of Log`````````````````````` 
 
 
 
  • -AdwCleaner Log File-

 
# AdwCleaner v2.113 - Logfile created 02/26/2013 at 18:06:03
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - HP26159824111
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Common Files\Plasmoo
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\Software\Search Settings
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=9aa437a0-eedf-4142-9f6f-3c942ef7555a&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=9aa437a0-eedf-4142-9f6f-3c942ef7555a&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
 
-\\ Google Chrome v25.0.1364.97
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [395 octets] - [26/02/2013 18:05:38]
AdwCleaner[S2].txt - [9160 octets] - [26/02/2013 18:06:03]
 
########## EOF - C:\AdwCleaner[S2].txt - [9220 octets] ##########
 
 
 
  • --RogueKiller Log file--

 
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 02/26/2013 18:14:49
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[19] : NtAssignProcessToJobObject @ 0x805D6642 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xA8062FC0)
SSDT[37] : NtCreateFile @ 0x805790A8 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xA8063A56)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys @ 0xBA19CE20)
SSDT[62] : NtDeleteFile @ 0x80576C50 -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys @ 0xBA19BE7C)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xA806727C)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xA80672AE)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xA8067410)
SSDT[116] : NtOpenFile @ 0x8057A1A6 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xA8063B2C)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xA80632F6)
SSDT[137] : NtProtectVirtualMemory @ 0x805B841E -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xA8063428)
SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xA8067386)
SSDT[192] : NtRenameKey @ 0x80623B12 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xA80672F0)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xA8067322)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xA8067354)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xA8062F66)
SSDT[224] : NtSetInformationFile @ 0x8057B034 -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys @ 0xBA19BEF0)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys @ 0xBA19CCFC)
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SAMSUNG HD161HJ +++++
--- User ---
[MBR] 6fbdb0b5f16c29c7ce4683c87bd12a01
[BSP] 33e2f65ebfdc8400a07a1829b5a9f559 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 142270 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 291370905 | Size: 10244 Mo
2 - [XXXXXX] UNKNOWN (0x72) [VISIBLE] Offset (sectors): 312351795 | Size: 101 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[2]_D_02262013_02d1814.txt >>
RKreport[1]_S_02262013_02d1814.txt ; RKreport[2]_D_02262013_02d1814.txt


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 26 February 2013 - 03:16 PM


Hello scatymaty

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 scatymaty

scatymaty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 26 February 2013 - 04:52 PM

  • I have run combofix as requested, the log file is below.

 

  • Everything you have asked me to do so far has run without problem.

 

  • Combofix did detect a problem with volsnap.sys .I think the message on screen read : "volsnap.sys infected attempting to replace"

 

  • I have reactivated AVG and ran a scan. AVG is still detecting Trojan Horse Rootkit-Pakes.BI.

Matt

 

  • Combofix Log

 

 

ComboFix 13-02-26.01 - Administrator 26/02/2013  21:19:14.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3055.2203 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-26 to 2013-02-26  )))))))))))))))))))))))))))))))
.
.
2013-02-26 18:09 . 2013-02-26 18:09    63115    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-02-26 18:09 . 2013-02-26 18:09    9310    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-02-26 18:09 . 2013-02-26 18:09    8646    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-02-26 18:09 . 2013-02-26 18:09    6429    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-02-26 18:09 . 2013-02-26 18:09    5927    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-02-26 18:09 . 2013-02-26 18:09    4599    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-02-26 18:09 . 2013-02-26 18:09    8613    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-02-26 18:09 . 2013-02-26 18:09    1651    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-02-26 18:09 . 2013-02-26 18:09    6910    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-02-26 18:08 . 2013-02-26 18:08    8288    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-02-26 18:08 . 2013-02-26 18:08    6208    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-02-26 18:08 . 2013-02-26 18:08    18541    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-02-26 18:08 . 2013-02-26 18:08    51852    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-02-26 18:08 . 2013-02-26 18:08    20719    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-02-26 18:08 . 2013-02-26 18:08    8782    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-02-26 18:08 . 2013-02-26 18:08    7271    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-02-26 18:08 . 2013-02-26 18:08    23327    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-02-23 18:57 . 2010-11-26 18:02    14776    ----a-w-    c:\windows\system32\drivers\SmartDefragDriver.sys
2013-02-23 17:31 . 2013-02-23 17:31    --------    d-----w-    c:\program files\ESET
2013-02-23 16:43 . 2013-02-23 16:43    --------    d-----w-    c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-02-23 16:42 . 2013-02-23 16:43    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-02-23 16:42 . 2013-02-23 16:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-02-23 12:34 . 2013-02-23 12:34    --------    d-----w-    c:\documents and settings\Administrator\AppData
2013-02-11 10:31 . 2013-02-11 10:31    --------    d-----w-    c:\program files\IObit Apps Toolbar
2013-02-05 19:42 . 2013-02-05 19:42    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\libimobiledevice
2013-02-03 20:37 . 2013-02-03 20:49    --------    d-----w-    C:\MGtools
2013-02-03 20:31 . 2013-02-03 20:31    --------    d-----w-    c:\program files\HitmanPro
2013-02-03 20:31 . 2013-02-03 20:37    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
2013-02-03 20:22 . 2013-02-03 20:22    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-02-03 18:33 . 2013-02-03 18:33    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-02-03 18:33 . 2013-02-03 18:33    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-02-03 18:33 . 2013-02-03 18:33    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-02-03 18:33 . 2012-12-14 16:49    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-23 16:54 . 2012-05-10 15:44    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-23 16:54 . 2011-06-30 21:46    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-03 20:49 . 2013-02-03 20:37    257349    ----a-w-    C:\MGlogs.zip
2013-01-25 18:12 . 2013-01-25 18:12    3092    ----a-w-    C:\cc_20130125_181233.reg
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 19:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 19:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 19:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 19:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-04 16250880]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-13 1138688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 167936]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Getting started with MacDrive 8"="c:\program files\mediafour\macdrive 8\mdgetstarted.exe" [2010-10-08 130560]
"AppleSyncNotifier"="c:\program files\common files\apple\mobile device support\applesyncnotifier.exe" [2011-10-06 59240]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-04-07 06:00    434176    ----a-w-    c:\windows\system32\IfxWlxEN.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-06-21 19:38    40448    ------w-    c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 14:13    59280    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-07-21 12:50    86016    ----a-w-    c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 12:48    98304    ----a-w-    c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 13:57    152544    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-07-21 12:47    81920    ----a-w-    c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2011-04-17 02:07    131072    ------w-    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-04-01 02:44    761856    ----a-w-    c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-04-24 22:42    888832    ----a-w-    c:\windows\SMINST\Scheduler.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Software4u\\iPhone Explorer\\Software4u.IPhoneExplorer.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Adobe\\Adobe Bridge CS3\\Bridge.exe"=
"c:\\Program Files\\Adobe\\Adobe Device Central CS3\\DeviceCentral.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Adobe\\Adobe Utilities\\ExtendScript Toolkit 2\\ExtendScript Toolkit 2.exe"=
"c:\\Program Files\\Adobe\\Adobe Extension Manager\\Extension Manager.exe"=
"c:\\Program Files\\Adobe\\Adobe Fireworks CS3\\Fireworks.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3 Video Encoder\\Flash Video Encoder.exe"=
"c:\\Program Files\\Adobe\\Adobe Illustrator CS3\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"c:\\Program Files\\Adobe\\Adobe InDesign CS3\\InDesign.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe"=
"c:\\Program Files\\Adobe\\Adobe Stock Photos CS3\\Adobe Stock Photos CS3.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdaterInstallMgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 03:48 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 03:05 35552]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [07/10/2010 14:36 234160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [12/05/2010 13:51 29792]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [22/06/2011 17:01 53816]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [23/02/2013 18:57 14776]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 13:02 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 03:45 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 03:30 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 03:46 164832]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [17/06/2011 16:28 57800]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [07/04/2006 06:46 31104]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [01/06/2011 08:49 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [22/06/2011 17:01 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [22/06/2011 17:01 158904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 18:54 116608]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [25/01/2013 18:14 465216]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 07:56 14336]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22/10/2012 13:05 196664]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [23/02/2013 12:39 821592]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [08/10/2010 11:11 131584]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [01/04/2011 20:17 67400]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [23/02/2013 12:39 246816]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19/08/2010 04:55 36608]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [23/02/2013 12:39 30408]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [23/02/2013 12:39 16248]
S1 cdqusgxf;cdqusgxf; [x]
S1 cjumgaex;cjumgaex; [x]
S1 hcmhmbav;hcmhmbav; [x]
S1 ikzisdsv;ikzisdsv; [x]
S1 qhtlrttu;qhtlrttu; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 07:56 14336]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15/11/2012 23:34 5814904]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [03/02/2013 18:33 398184]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [03/02/2013 18:33 682344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/02/2013 18:33 21104]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SMARTDEFRAGDRIVER
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance    REG_MULTI_SZ       ASChannel
Akamai    REG_MULTI_SZ       Akamai
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 16:54]
.
2013-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-02-26 c:\windows\Tasks\ASC6_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 6\AutoSweep.exe [2013-01-25 18:47]
.
2013-02-26 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-01-25 18:47]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-10 23:56]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-10 23:56]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-949347404-2903795207-1439304645-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-09 09:14]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-949347404-2903795207-1439304645-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-09 09:14]
.
2013-02-23 c:\windows\Tasks\IMF_AutoScan.job
- c:\program files\IObit\IObit Malware Fighter\IMF.exe [2013-02-23 17:35]
.
2013-02-26 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-02-23 11:06]
.
2013-02-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3cdfa9bc-4b36-4604-97b3-2e6510d20b33.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-02-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4d91bf55-e5f0-4e16-934e-28d57a56613f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.search.yahoo.com?type=800236&fr=spigot-yhp-ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-26 21:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\IfxWlxEN.dll
c:\windows\system32\msi.dll
.
- - - - - - - > 'explorer.exe'(1392)
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-02-26  21:27:07
ComboFix-quarantined-files.txt  2013-02-26 21:26
ComboFix2.txt  2013-02-23 17:11
ComboFix3.txt  2013-02-03 21:07
.
Pre-Run: 48,703,860,736 bytes free
Post-Run: 48,690,352,128 bytes free
.
- - End Of File - - F90329D52BF1820E157472E43D12915B


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 26 February 2013 - 05:31 PM


Hello scatymaty


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it or you can upload it here and send me the link - http://www.speedyshare.com/

  • Malwarebytes Anti-Rootkit

    1.Download Malwarebytes Anti-Rootkit
    2.Unzip the contents to a folder in a convenient location.
    3.Open the folder where the contents were unzipped and run mbar.exe
    4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    6.Wait while the system shuts down and the cleanup process is performed.
    7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    • •Internet access
      •Windows Update
      •Windows Firewall
    9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
    10.Verify that your system is now functioning normally.

    If you have any problems running either one come back and let me know

    please reply with the reports from TDSSKiller and MBAR

    Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 scatymaty

scatymaty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 27 February 2013 - 04:02 PM

Hi,
 
  • TDSSKiller
 
I ran TDSSKiller as requested. The log is here http://speedy.sh/WPXpm/TDSSKiller.2.8.16.0-27.02.2013-19.54.58-log.txt
I had a small list of suspicious objects, the default was set to skip for all of them so I clicked continue. (I noticed volsnap.sys was at the bottom of the suspicious list)
There was no malicious objects found. Therefore I couldn't click Contiue>Reboot.
Instead I closed TDSSKiller and rebooted myself.
 
 
  • MBAR
 
When I rebooted I tried to run MBAR. I got some weird errors (I didn't write them down - sorry). I think it was because my system was unstable - maybe I didn't give it enough time load after the reboot)
I rebooted again then ran MBAR.
No Problems were detected. Log is below.
 
I have noticed every so often all the icons on my desktop and start bar disappears for a couple of seconds before reappearing. I believe this is explorer.exe crashing?
 
Matt
 
 
 
  • MBAR Log
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
 
Database version: v2013.02.27.10
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: HP26159824111 [administrator]
 
27/02/2013 20:26:23
mbar-log-2013-02-27 (20-26-23).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28690
Time elapsed: 11 minute(s), 15 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 27 February 2013 - 09:37 PM


Hello scatymaty

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
 ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 scatymaty

scatymaty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 28 February 2013 - 02:37 PM

Hi 

 

I ran combofix as requested. It a ran ok. The log is below.

 

I scanned my pc using avg and volsnap.sys is still infected.

 

Matt

 

 

ComboFix 13-02-26.01 - Administrator 28/02/2013  19:26:11.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3055.1970 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-28 to 2013-02-28  )))))))))))))))))))))))))))))))
.
.
2013-02-27 20:15 . 2013-02-27 20:15    35144    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-02-23 18:57 . 2010-11-26 18:02    14776    ----a-w-    c:\windows\system32\drivers\SmartDefragDriver.sys
2013-02-23 17:31 . 2013-02-23 17:31    --------    d-----w-    c:\program files\ESET
2013-02-23 16:43 . 2013-02-23 16:43    --------    d-----w-    c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-02-23 16:42 . 2013-02-23 16:43    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-02-23 16:42 . 2013-02-23 16:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-02-23 12:34 . 2013-02-23 12:34    --------    d-----w-    c:\documents and settings\Administrator\AppData
2013-02-11 10:31 . 2013-02-11 10:31    --------    d-----w-    c:\program files\IObit Apps Toolbar
2013-02-05 19:42 . 2013-02-05 19:42    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\libimobiledevice
2013-02-03 20:37 . 2013-02-03 20:49    --------    d-----w-    C:\MGtools
2013-02-03 20:31 . 2013-02-03 20:31    --------    d-----w-    c:\program files\HitmanPro
2013-02-03 20:31 . 2013-02-03 20:37    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
2013-02-03 20:22 . 2013-02-03 20:22    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-02-03 18:33 . 2013-02-03 18:33    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-02-03 18:33 . 2013-02-03 18:33    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-02-03 18:33 . 2013-02-03 18:33    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-02-03 18:33 . 2012-12-14 16:49    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 21:17 . 2012-05-10 15:44    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-27 21:17 . 2011-06-30 21:46    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-03 20:49 . 2013-02-03 20:37    257349    ----a-w-    C:\MGlogs.zip
2013-01-25 18:12 . 2013-01-25 18:12    3092    ----a-w-    C:\cc_20130125_181233.reg
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 19:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 19:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 19:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 19:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-04 16250880]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-13 1138688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 167936]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Getting started with MacDrive 8"="c:\program files\mediafour\macdrive 8\mdgetstarted.exe" [2010-10-08 130560]
"AppleSyncNotifier"="c:\program files\common files\apple\mobile device support\applesyncnotifier.exe" [2011-10-06 59240]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\documents and settings\Administrator\Desktop\mbar\mbar.exe" [2013-02-05 1363528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-04-07 06:00    434176    ----a-w-    c:\windows\system32\IfxWlxEN.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-06-21 19:38    40448    ------w-    c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 14:13    59280    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-07-21 12:50    86016    ----a-w-    c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 12:48    98304    ----a-w-    c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 13:57    152544    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-07-21 12:47    81920    ----a-w-    c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2011-04-17 02:07    131072    ------w-    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-04-01 02:44    761856    ----a-w-    c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-04-24 22:42    888832    ----a-w-    c:\windows\SMINST\Scheduler.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Software4u\\iPhone Explorer\\Software4u.IPhoneExplorer.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Adobe\\Adobe Bridge CS3\\Bridge.exe"=
"c:\\Program Files\\Adobe\\Adobe Device Central CS3\\DeviceCentral.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Adobe\\Adobe Utilities\\ExtendScript Toolkit 2\\ExtendScript Toolkit 2.exe"=
"c:\\Program Files\\Adobe\\Adobe Extension Manager\\Extension Manager.exe"=
"c:\\Program Files\\Adobe\\Adobe Fireworks CS3\\Fireworks.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3 Video Encoder\\Flash Video Encoder.exe"=
"c:\\Program Files\\Adobe\\Adobe Illustrator CS3\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"c:\\Program Files\\Adobe\\Adobe InDesign CS3\\InDesign.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe"=
"c:\\Program Files\\Adobe\\Adobe Stock Photos CS3\\Adobe Stock Photos CS3.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdaterInstallMgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 03:48 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 03:05 35552]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [07/10/2010 14:36 234160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [12/05/2010 13:51 29792]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [22/06/2011 17:01 53816]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [23/02/2013 18:57 14776]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 13:02 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 03:45 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 03:30 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 03:46 164832]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [17/06/2011 16:28 57800]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [07/04/2006 06:46 31104]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [01/06/2011 08:49 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [22/06/2011 17:01 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [22/06/2011 17:01 158904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 18:54 116608]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [25/01/2013 18:14 465216]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 07:56 14336]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22/10/2012 13:05 196664]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [23/02/2013 12:39 821592]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [08/10/2010 11:11 131584]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [01/04/2011 20:17 67400]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [23/02/2013 12:39 246816]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19/08/2010 04:55 36608]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [27/02/2013 20:15 35144]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [23/02/2013 12:39 30408]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [23/02/2013 12:39 16248]
S1 cdqusgxf;cdqusgxf; [x]
S1 cjumgaex;cjumgaex; [x]
S1 hcmhmbav;hcmhmbav; [x]
S1 ikzisdsv;ikzisdsv; [x]
S1 qhtlrttu;qhtlrttu; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 07:56 14336]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15/11/2012 23:34 5814904]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [03/02/2013 18:33 398184]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [03/02/2013 18:33 682344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/02/2013 18:33 21104]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMCHAMELEON
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance    REG_MULTI_SZ       ASChannel
Akamai    REG_MULTI_SZ       Akamai
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 21:17]
.
2013-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-02-27 c:\windows\Tasks\ASC6_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 6\AutoSweep.exe [2013-01-25 18:47]
.
2013-02-27 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-01-25 18:47]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-10 23:56]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-10 23:56]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-949347404-2903795207-1439304645-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-09 09:14]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-949347404-2903795207-1439304645-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-09 09:14]
.
2013-02-23 c:\windows\Tasks\IMF_AutoScan.job
- c:\program files\IObit\IObit Malware Fighter\IMF.exe [2013-02-23 17:35]
.
2013-02-27 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-02-23 11:06]
.
2013-02-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3cdfa9bc-4b36-4604-97b3-2e6510d20b33.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-02-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4d91bf55-e5f0-4e16-934e-28d57a56613f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.search.yahoo.com?type=800236&fr=spigot-yhp-ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-31833786.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-28 19:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\IfxWlxEN.dll
c:\windows\system32\msi.dll
.
- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-02-28  19:31:36
ComboFix-quarantined-files.txt  2013-02-28 19:31
ComboFix2.txt  2013-02-26 21:27
ComboFix3.txt  2013-02-23 17:11
ComboFix4.txt  2013-02-03 21:07
.
Pre-Run: 48,592,039,936 bytes free
Post-Run: 48,578,482,176 bytes free
.
- - End Of File - - 9A4206788946F4A7399F658C97577225


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 28 February 2013 - 05:06 PM


Hello scatymaty

I would like to run this next to search for some files on the computer.


SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
:filefind
volsnap.sys
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt


    Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 scatymaty

scatymaty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 01 March 2013 - 11:28 AM

Hi,

 

I ran systemlook as requested. The log file is below.

 

 

  • System Look Log File

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:27 on 01/03/2013 by Administrator
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "volsnap.sys"
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\volsnap.sys    --a---- 52352 bytes    [18:41 13/04/2008]    [18:41 13/04/2008] 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\system32\drivers\volsnap.sys    --a---- 52352 bytes    [16:47 23/08/2010]    [20:38 31/05/2011] 20F4937EEBD2715AE867B87B751D0290
 
-= EOF =-


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 01 March 2013 - 11:58 AM


Hello scatymaty

we are going to run this now to replace the infected files with good files

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe
CopyFile:
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\volsnap.sys C:\WINDOWS\system32\drivers\volsnap.sys
  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
    • Click Execute Now. Your computer will need to reboot in order to replace the files.
    • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\
  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 scatymaty

scatymaty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 01 March 2013 - 12:25 PM

Hi,

 

I have ran Blitz Blank as requested. The log is below.

 

I have scanned the c:\windows\system32\drivers folder using avg. AVG is reporting no threats were found.

 

Wooooo!

 

Thank you

  • BlitzBlank Log

 

 
BlitzBlank 1.0.0.32
 
File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\softwaredistribution\download\9866fb57abdc0ea2f5d4e132d055ba4e\volsnap.sys", destinationFile = "\??\c:\windows\system32\drivers\volsnap.sys"


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 01 March 2013 - 12:43 PM


Hello scatymaty

I would like to see a report that combofix makes.

extra combofix report
C:\Qoobox\Add-Remove Programs.txt
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
    • click ok
  • copy and paste the report into this topic for me to review

    Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 scatymaty

scatymaty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 01 March 2013 - 02:20 PM

Hi,

 

Below is the log file you requested.

 

Matt

 

  • Add Remove Programs Log

 

 
µTorrent
2007 Microsoft Office system
32 Bit HP CIO Components Installer
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PageMaker 7.0
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Photoshop CS3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced SystemCare 6
AHV content for Acrobat and Flash
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audio Record Wizard
AVG 2013
Bonjour
BufferChm
C410
CCleaner
CodeBlocks
CopyTrans Suite Remove Only
Destinations
DeviceDiscovery
Dropbox
EditPlus 3
ESET Online Scanner v3
Fax
FileMaker Password Recovery v1.0e (remove only)
FileMaker Pro 9
FontLab Studio 5
Free Audio CD Burner version 1.4.8
Free RAR Extract Frog
Free YouTube to MP3 Converter version 3.10.8.815
Google Chrome
Google Drive
Google Update Helper
GPBaseService2
Hardware Helper
High Definition Audio Driver Package - KB888111
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
HP Backup and Recovery Manager
HP BIOS Configuration for ProtectTools 2.00 J2
HP Credential Manager for ProtectTools
HP Customer Participation Program 14.0
HP Embedded Security for ProtectTools
HP Help and Support
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7
HP ProtectTools Security Manager 2.00 D3
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPProductAssistant
IIS 7.5 Express
ImgBurn
Intel® Active Management Technology LMS Service and SOL Driver
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® PRO Network Connections
InterVideo Register Manager
InterVideo WinDVD
IObit Apps Toolbar v6.8
IObit Malware Fighter
iPhone Explorer
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
Keyboard Layout Management Application
MacDrive 8
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft ASP.NET Web Pages
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 97, Professional Edition
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server Compact 4.0 ENU
Microsoft SQL Server Compact 4.0 Web Tools ENU
Microsoft SQL Server System CLR Types
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
Microsoft Web Deploy 2.0
Microsoft Web Platform Installer 3.0
Microsoft WebMatrix
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MobileMe Control Panel
Moneydance 2010
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
NexusFont 2.5 (ver 2.5.6.1478)
NokiaFREE Unlock Codes Calculator
PDF Settings
PS_AIO_07_C410_SW_Min
Quicken 2001 Deluxe
QuickTime
QuickTransfer
Rapport
Realtek High Definition Audio Driver
Scan
SDMSSplash
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Smart Defrag 2
SmartWebPrinting
SolutionCenter
Spotify
Status
SUPERAntiSpyware
The Official DSA Theory Test for Car Drivers
Toolbox
TrayApp
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VoiceOver Kit
Vuze
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users