Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/PrcView / Web Cake 3.0 infection on WinXP


  • Please log in to reply
32 replies to this topic

#1 Ship

Ship

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 09 August 2013 - 05:02 AM

Hi 

 

Yikes! I seem to have a virus.

 

ESET Online Scanner said my WinXP computer has: "Win32/PrcView" 

Also BitDefender said  "8 files failed to be cleaned. Your system is not virus free!"

and it also said my PC has:  "7 threats affecting 8 objects:" including:

- Cookie.2o7

- Cookie.adtech

- Cookie.advertising

- Cookie.bs.serving-Sys

(are these jut tracking cookies??)

 

Background:

I have just cured a nasty Web Cake 3.0 infection on my Win7 PC. However I was sync-ing data every day with this my WindowsXP laptop. And when I try to scan this laptop various threats have appeared.

 

Until recently I was using MSE but I have just switched over to BitDefender. (Fwiw, this was because MSE seems to have failed me and is getting terrible reviews whereas BitDefender is getting good reviews, although I hate the user interface because I cant control BitDefender very well. Worse, BitDefender doesnt seem to be able scan zip files and claims that they have password protection even if they dont. This affected "536 items" on my last scan.).

 

Please note that I am trying to clean up my 1TB external hard disk (iomega) which has a number of archives and backups on it, which is currently attached to this laptop so scans can take a while.

 

Most recently I tried to do a scan with ESET online (using Chrome) and after several hours of scanning during which it found 1 threat (called Win32/PrcView ), however unfortunately my PC got slower and slower and then totally froze, so that I had to hit the power button and reboot.

 

Any help much appreciated.

 

 

J

Attached Files


Edited by Ship, 09 August 2013 - 10:07 AM.


BC AdBot (Login to Remove)

 


#2 Ship

Ship
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 09 August 2013 - 08:51 AM

Bleep-Bleep! Nudge?



#3 Ship

Ship
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 09 August 2013 - 07:53 PM

P.S. Here are the result from a GMER scan  I just ran.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 AM

Posted 10 August 2013 - 09:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check..

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#5 Ship

Ship
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 10 August 2013 - 09:16 PM

Fwiw, I had some trouble getting rid of AVG. ComboFix claimed that it was still scanning files. I used to run it until recentely but I thought I had uninstalled it, and had installed BitDefender instead.  I couldnt find any link on my PC that could start AVG. And there was no reference to it in Control Panel > Add /Remove programs. However there WAS a directory called AVG so (in desperation) I simply deleted that directory in Windows Filemanager. ComboFix still moaned at me and said something to the effect of "only continue if you're sure and on your own head be it". 

The next post will contain my results.



#6 Ship

Ship
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 11 August 2013 - 05:50 AM

This is extremely strange. I ran AdwCleaner and it didnt find anything. However, since running it something has deleted the log file!
I'll obviously need to run it again. 
Meanwhile I'd better paste in the other results before something deletes them too!
 
ComboFix 13-08-09.02 - Xxxx 1/Aug/2013   3:08.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.3070.1926 [GMT 1:00]
Running from: c:\documents and settings\Xxxx\Desktop\ComboFix.exe
AV: AVG Anti-Virus Business Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1375489327.bdinstall.bin
c:\documents and settings\All Users\Application Data\1375491751.bdinstall.bin
c:\documents and settings\All Users\Application Data\1375491755.bdinstall.bin
c:\documents and settings\All Users\Application Data\1375492263.bdinstall.bin
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
.
.
2013-08-08 21:18 . 2013-08-08 21:18 -------- d-----w- c:\program files\ESET
2013-08-08 12:25 . 2013-08-08 12:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-08 12:25 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-07 11:06 . 2013-08-07 11:06 -------- d-----w- c:\windows\ERUNT
2013-08-05 15:21 . 2013-08-05 15:21 -------- d-----w- c:\documents and settings\Xxxx\Local Settings\Application Data\Sun
2013-08-05 14:40 . 2013-08-05 14:40 -------- d-----w- c:\program files\Common Files\Java
2013-08-05 14:40 . 2013-08-05 14:37 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-05 14:39 . 2013-08-05 14:37 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-05 14:39 . 2013-08-05 14:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-05 11:11 . 2013-08-05 14:18 -------- d-----w- c:\windows\027B5748C40941FE949B7B81A8304EF4.TMP
2013-08-04 09:31 . 2013-08-04 09:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
2013-08-03 01:47 . 2013-08-03 01:47 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-08-03 01:16 . 2013-08-03 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2013-08-03 01:16 . 2013-07-23 15:50 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-08-03 01:16 . 2013-02-22 18:46 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2013-08-03 01:16 . 2007-04-11 10:11 511328 ----a-w- c:\windows\capicom.dll
2013-08-03 01:15 . 2013-07-19 17:06 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-08-03 01:15 . 2013-07-19 17:03 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-08-03 01:15 . 2012-11-02 13:17 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-08-03 01:15 . 2013-08-03 01:15 -------- d-----w- c:\documents and settings\Xxxx\Application Data\Bitdefender
2013-08-03 01:11 . 2013-08-03 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
2013-08-03 01:11 . 2012-10-04 13:30 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-08-03 01:11 . 2013-08-03 01:11 -------- d-----w- c:\program files\Bitdefender
2013-08-03 01:11 . 2013-05-28 11:11 355744 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-08-03 00:26 . 2013-08-03 00:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan
2013-08-03 00:22 . 2013-08-03 00:22 -------- d-----w- c:\documents and settings\Xxxx\Application Data\QuickScan
2013-08-03 00:19 . 2013-08-03 01:11 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-08-01 09:53 . 2013-08-05 11:11 -------- d-----w- c:\program files\Enigma Software Group
2013-08-01 09:53 . 2013-08-01 11:13 -------- d-----w- c:\windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-07-31 15:30 . 2013-07-31 15:30 59816 ----a-r- c:\documents and settings\Xxxx\Application Data\Microsoft\Installer\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}\ARPPRODUCTICON.exe
2013-07-22 16:07 . 2013-07-22 16:07 -------- d-----w- c:\documents and settings\Xxxx\Local Settings\Application Data\Downloaded Installations
2013-07-19 09:12 . 2013-07-19 09:12 -------- d-----w- c:\documents and settings\Xxxx\Application Data\Windows Search
2013-07-15 15:33 . 2013-07-15 15:33 -------- d-----w- c:\program files\Dropbox
2013-07-12 17:09 . 2013-07-12 17:16 -------- d-----w- c:\windows\system32\MRT
2013-07-12 17:02 . 2013-07-15 23:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2013-07-12 16:56 . 2013-07-12 16:56 -------- d-----w- c:\documents and settings\Xxxx\Local Settings\Application Data\Identities
2013-07-12 16:56 . 2013-07-22 10:37 -------- d-----w- c:\program files\Windows Desktop Search
2013-07-12 16:55 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2013-07-12 16:55 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2013-07-12 16:55 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-05 14:37 . 2010-05-03 17:16 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-23 18:33 . 2007-04-27 11:43 120200 ------w- c:\windows\system32\DLLDEV32i.dll
2013-07-22 10:01 . 2012-04-18 09:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-22 10:01 . 2011-06-09 22:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-20 16:42 . 2013-06-20 16:42 338216 ----a-w- c:\windows\system32\TpShocks.exe
2013-06-20 16:42 . 2013-06-20 16:42 280872 ----a-w- c:\windows\system32\TpShEvUI.exe
2013-06-20 16:42 . 2013-06-20 16:42 108840 ----a-w- c:\windows\system32\TpShCTL.exe
2013-06-20 16:42 . 2013-06-20 16:42 493864 ----a-w- c:\windows\system32\TpShCPL.dll
2013-06-20 16:42 . 2013-06-20 16:42 387368 ----a-w- c:\windows\system32\TpShCPL.cpl
2013-06-20 15:49 . 2013-06-20 15:49 42240 ----a-w- c:\windows\system32\TPHDEXLG.exe
2013-06-20 15:49 . 2013-06-20 15:49 22784 ----a-w- c:\windows\system32\drivers\ApsHM86.sys
2013-06-20 15:49 . 2013-06-20 15:49 22520 ----a-w- c:\windows\system32\Sensor.DLL
2013-06-20 15:49 . 2013-06-20 15:49 131328 ----a-w- c:\windows\system32\drivers\ApsX86.sys
2013-06-08 14:08 . 2010-02-23 15:40 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 14:08 . 2010-02-23 15:40 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 14:08 . 2010-02-23 15:40 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-06-08 14:08 . 2010-02-23 15:40 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-06-07 22:55 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 12:00 562688 ------w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-29 20:43 . 2008-07-03 22:53 347888 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-05-29 20:43 . 2013-07-01 17:55 143088 ----a-w- c:\windows\system32\SynTPCo14.dll
2013-05-29 20:43 . 2008-07-03 23:09 175856 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-05-29 20:43 . 2008-07-03 22:55 540400 ----a-w- c:\windows\system32\SynCOM.dll
2013-05-27 18:40 . 2010-02-23 15:40 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-05-27 18:40 . 2010-02-23 15:40 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2010-12-23 831488]
"X1FileMonitor.exe"="c:\progra~1\X1\X1FileMonitor.exe" [2012-06-06 400024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-07-26 470520]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-07-26 613696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2013-06-20 338216]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2013-01-11 3713832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2009-09-03 436800]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2012-09-07 432016]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2012-09-07 190352]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2011-10-20 101440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-05-29 2379504]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-07-24 1830144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-07-26 470520]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-08-03 899024]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-07-26 613696]
.
c:\documents and settings\Xxxx\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-6-12 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2013-06-08 14:08 92488 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 13:41 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Xxxx\\Desktop\\utorrent.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\Xxxx\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [03/Aug/2013 02:15 640560]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [22/Jan/2010 04:29 24264]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [03/Aug/2013 02:11 162976]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [20/Jun/2013 16:49 22784]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [01/Apr/2010 18:55 13680]
R2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [03/Aug/2013 02:16 68344]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [22/Jan/2010 04:29 280640]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [20/Apr/2011 22:37 109728]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [25/Jul/2012 10:44 12184]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [29/Sep/2010 18:50 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/Aug/2008 13:41 13624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [08/Aug/2013 13:25 418376]
R2 OrangeMobileBroadband_Service;OrangeMobileBroadband_Service;c:\program files\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe [25/Jan/2011 18:14 333264]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [22/Jan/2010 04:29 1645568]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [09/Jun/2011 23:36 1663272]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13/Mar/2009 15:47 12560]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [01/Dec/2012 22:36 4150112]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [14/May/2008 17:25 520192]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [03/Aug/2013 02:16 54960]
R2 WTGService;WTGService;c:\program files\InternetEverywhere\WTGService.exe [19/Dec/2010 18:10 308688]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [03/Aug/2013 02:15 242504]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [03/Aug/2013 02:16 116560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/Aug/2013 13:25 22856]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [11/Dec/2010 18:36 6609920]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/Feb/2008 16:54 37312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/Jan/2010 02:10 135664]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe --> c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/Aug/2013 13:25 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21/Jun/2013 09:53 162408]
S2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [12/Jun/2011 23:38 272864]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [03/Aug/2013 02:15 490144]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [12/Jun/2011 23:38 642432]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [03/Aug/2013 02:16 66832]
S3 CH341ENUM;CH341ENUM;c:\windows\system32\DRIVERS\CH34ENUM.sys --> c:\windows\system32\DRIVERS\CH34ENUM.sys [?]
S3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS --> c:\windows\system32\Drivers\CH341SER.SYS [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/Dec/2009 10:58 11336]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [26/Jan/2011 00:21 100224]
S3 FSDFU;FSDFU;c:\windows\system32\drivers\fsdfu.sys [15/Apr/2011 13:29 10433]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [19/Dec/2010 18:10 66560]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [19/Dec/2010 18:10 107520]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [19/Dec/2010 18:10 8064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22/Jan/2010 02:10 135664]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [02/Sep/2011 07:31 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [02/Sep/2011 07:31 12184]
S4 Hwsl2vic;Hwsl2vic; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-30 18:57 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 01:10]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 01:10]
.
2013-07-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2013-08-11 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-01-22 04:20]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Docs/My_Clients/Traigh/web/t1/t1/launch.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Bitdefender\Bitdefender\BdProvider.dll
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Xxxx\Application Data\Mozilla\Firefox\Profiles\cd1s817r.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Docs/My_Clients/Traigh/web/t1/t1/launch.html
FF - prefs.js: network.proxy.ftp - 77.68.53.63
FF - prefs.js: network.proxy.ftp_port - 808
FF - prefs.js: network.proxy.http - 77.68.53.63
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.socks - 77.68.53.63
FF - prefs.js: network.proxy.socks_port - 808
FF - prefs.js: network.proxy.ssl - 77.68.53.63
FF - prefs.js: network.proxy.ssl_port - 808
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-08-02 15:50; ffpwdman@bitdefender.com; c:\program files\Bitdefender\Bitdefender\ffpwdman
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
Notify-ACNotify - ACNotify.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-11 11:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  SynTPEnh = %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe???????????????????????????????????????????????????????????????????????????????????? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1504)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1560)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\Bitdefender\Bitdefender\BdProvider.dll
.
- - - - - - - > 'explorer.exe'(4328)
c:\windows\system32\WININET.dll
c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bitdefender\Bitdefender\vsserv.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Bitdefender\Bitdefender\BdParentalSysTray.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Bitdefender\Bitdefender\BdParentalSysTray.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Bitdefender\Bitdefender\downloader.exe
.
**************************************************************************
.
Completion time: 2013-08-11  11:37:34 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-11 10:37
.
Pre-Run: 23,852,318,720 bytes free
Post-Run: 24,256,565,248 bytes free
.
- - End Of File - - 328607E7FFDB39E4E317B80560CB3852
72F14B9E2FA1AFFE2C0DA31FA33CC53D

Edited by Ship, 11 August 2013 - 06:12 AM.


#7 Ship

Ship
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 11 August 2013 - 05:53 AM

This might be relevant (?)

 

bdlog.txt

 

2013-08-04 10:28:47.500 PROFILE  [Midas stop] [92ms]
2013-08-04 10:28:49.609 PROFILE  [Stop Drivers] [2s:109ms]
2013-08-04 10:28:49.609 PROFILE  [Registration data] [0ms]
2013-08-04 10:28:49.609 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-04 10:28:49.640 PROFILE  [Parental uninit] [0ms]
2013-08-04 10:28:49.640 PROFILE  [WSACleanup] [0ms]
2013-08-04 10:28:49.781 PROFILE  [Free SF] [131ms]
2013-08-04 10:28:49.828 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-04 10:28:49.828 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-04 10:28:49.828 PROFILE  [OBK unload] [0ms]
2013-08-04 10:28:50.375 PROFILE  [LogUnInit] [0ms]
2013-08-04 13:06:06.640 PROFILE  [Midas stop] [0ms]
2013-08-04 13:06:06.640 PROFILE  [Stop Drivers] [3ms]
2013-08-04 13:06:06.640 PROFILE  [Registration data] [0ms]
2013-08-04 13:06:06.640 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-04 13:06:06.640 PROFILE  [Parental uninit] [0ms]
2013-08-04 13:06:06.640 PROFILE  [WSACleanup] [0ms]
2013-08-04 13:06:06.843 PROFILE  [Free SF] [201ms]
2013-08-04 13:06:06.843 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-04 13:06:06.843 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-04 13:06:06.843 PROFILE  [OBK unload] [0ms]
2013-08-04 13:06:06.843 PROFILE  [LogUnInit] [0ms]
2013-08-04 13:06:09.171 PROFILE  [CM Stop & eventq uninit] [2s:322ms]
2013-08-04 13:06:09.171 PROFILE  [npcomm uninit] [0ms]
2013-08-04 13:06:09.171 PROFILE  [STOP Received - time] [2s:535ms]
2013-08-04 20:07:42.281 PROFILE  [Midas stop] [0ms]
2013-08-04 20:07:42.390 PROFILE  [Stop Drivers] [3ms]
2013-08-04 20:07:42.390 PROFILE  [Registration data] [0ms]
2013-08-04 20:07:42.390 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-04 20:07:42.390 PROFILE  [Parental uninit] [0ms]
2013-08-04 20:07:42.390 PROFILE  [WSACleanup] [0ms]
2013-08-04 20:07:42.515 PROFILE  [Free SF] [123ms]
2013-08-04 20:07:42.515 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-04 20:07:42.515 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-04 20:07:42.515 PROFILE  [OBK unload] [0ms]
2013-08-04 20:07:42.515 PROFILE  [LogUnInit] [0ms]
2013-08-05 10:38:39.203 PROFILE  [Midas stop] [90ms]
2013-08-05 10:38:41.078 PROFILE  [Stop Drivers] [1s:878ms]
2013-08-05 10:38:41.078 PROFILE  [Registration data] [0ms]
2013-08-05 10:38:41.078 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-05 10:38:41.156 PROFILE  [Parental uninit] [0ms]
2013-08-05 10:38:41.156 PROFILE  [WSACleanup] [0ms]
2013-08-05 10:38:41.437 PROFILE  [Free SF] [275ms]
2013-08-05 10:38:41.562 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-05 10:38:41.562 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-05 10:38:41.562 PROFILE  [OBK unload] [0ms]
2013-08-05 10:38:41.656 PROFILE  [LogUnInit] [0ms]
2013-08-05 11:04:41.375 PROFILE  [Midas stop] [0ms]
2013-08-05 11:04:41.375 PROFILE  [Stop Drivers] [1ms]
2013-08-05 11:04:41.375 PROFILE  [Registration data] [0ms]
2013-08-05 11:04:41.375 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-05 11:04:41.375 PROFILE  [Parental uninit] [0ms]
2013-08-05 11:04:41.375 PROFILE  [WSACleanup] [0ms]
2013-08-05 11:04:41.562 PROFILE  [Free SF] [186ms]
2013-08-05 11:04:41.562 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-05 11:04:41.562 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-05 11:04:41.562 PROFILE  [OBK unload] [0ms]
2013-08-05 11:04:41.750 PROFILE  [LogUnInit] [0ms]
2013-08-05 11:04:44.375 PROFILE  [CM Stop & eventq uninit] [2s:620ms]
2013-08-05 11:04:44.375 PROFILE  [npcomm uninit] [0ms]
2013-08-05 11:04:44.375 PROFILE  [STOP Received - time] [3s:109ms]
2013-08-05 11:24:28.781 PROFILE  [Midas stop] [0ms]
2013-08-05 11:24:28.781 PROFILE  [Stop Drivers] [1ms]
2013-08-05 11:24:28.781 PROFILE  [Registration data] [0ms]
2013-08-05 11:24:28.781 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-05 11:24:28.781 PROFILE  [Parental uninit] [0ms]
2013-08-05 11:24:28.781 PROFILE  [WSACleanup] [0ms]
2013-08-05 11:24:28.921 PROFILE  [Free SF] [142ms]
2013-08-05 11:24:28.921 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-05 11:24:28.937 PROFILE  [AntiPh & AS unload] [1ms]
2013-08-05 11:24:28.937 PROFILE  [OBK unload] [0ms]
2013-08-05 11:24:28.937 PROFILE  [LogUnInit] [0ms]
2013-08-05 11:24:31.703 PROFILE  [CM Stop & eventq uninit] [2s:762ms]
2013-08-05 11:24:31.703 PROFILE  [npcomm uninit] [0ms]
2013-08-05 11:24:31.703 PROFILE  [STOP Received - time] [3s:58ms]
2013-08-05 16:10:38.250 PROFILE  [Midas stop] [83ms]
2013-08-05 16:10:38.531 PROFILE  [Stop Drivers] [282ms]
2013-08-05 16:10:38.531 PROFILE  [Registration data] [0ms]
2013-08-05 16:10:38.531 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-05 16:10:38.625 PROFILE  [Parental uninit] [0ms]
2013-08-05 16:10:38.625 PROFILE  [WSACleanup] [0ms]
2013-08-05 16:10:39.078 PROFILE  [Free SF] [453ms]
2013-08-05 16:10:39.281 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-05 16:10:39.281 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-05 16:10:39.281 PROFILE  [OBK unload] [0ms]
2013-08-05 16:10:39.546 PROFILE  [LogUnInit] [0ms]
2013-08-05 16:10:51.218 PROFILE  [CM Stop & eventq uninit] [11s:674ms]
2013-08-05 16:10:51.218 PROFILE  [npcomm uninit] [0ms]
2013-08-05 16:10:51.234 PROFILE  [STOP Received - time] [13s:199ms]
2013-08-07 15:14:16.781 PROFILE  [Midas stop] [1s:396ms]
2013-08-07 15:14:23.250 PROFILE  [Stop Drivers] [6s:353ms]
2013-08-07 15:14:23.250 PROFILE  [Registration data] [0ms]
2013-08-07 15:14:23.250 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-07 15:14:23.859 PROFILE  [Parental uninit] [0ms]
2013-08-07 15:14:23.859 PROFILE  [WSACleanup] [0ms]
2013-08-07 15:14:25.859 PROFILE  [Free SF] [2s:10ms]
2013-08-07 15:14:26.218 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-07 15:14:26.218 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-07 15:14:26.218 PROFILE  [OBK unload] [0ms]
2013-08-07 15:14:26.953 PROFILE  [LogUnInit] [0ms]
2013-08-08 12:51:09.953 PROFILE  [Midas stop] [26ms]
2013-08-08 12:51:10.203 PROFILE  [Stop Drivers] [232ms]
2013-08-08 12:51:10.203 PROFILE  [Registration data] [0ms]
2013-08-08 12:51:10.203 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-08 12:51:10.203 PROFILE  [Parental uninit] [0ms]
2013-08-08 12:51:10.203 PROFILE  [WSACleanup] [0ms]
2013-08-08 12:51:10.594 PROFILE  [Free SF] [389ms]
2013-08-08 12:51:10.610 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-08 12:51:10.610 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-08 12:51:10.610 PROFILE  [OBK unload] [0ms]
2013-08-08 12:51:10.828 PROFILE  [LogUnInit] [0ms]
2013-08-08 13:06:40.625 PROFILE  [Midas stop] [89ms]
2013-08-08 13:06:41.062 PROFILE  [Stop Drivers] [441ms]
2013-08-08 13:06:41.062 PROFILE  [Registration data] [0ms]
2013-08-08 13:06:41.062 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-08 13:06:41.187 PROFILE  [Parental uninit] [0ms]
2013-08-08 13:06:41.187 PROFILE  [WSACleanup] [0ms]
2013-08-08 13:06:41.562 PROFILE  [Free SF] [370ms]
2013-08-08 13:06:41.562 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-08 13:06:41.562 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-08 13:06:41.718 PROFILE  [OBK unload] [154ms]
2013-08-08 13:06:42.250 PROFILE  [LogUnInit] [0ms]
2013-08-08 13:06:46.828 PROFILE  [CM Stop & eventq uninit] [4s:585ms]
2013-08-08 13:06:46.828 PROFILE  [npcomm uninit] [0ms]
2013-08-08 13:06:46.828 PROFILE  [STOP Received - time] [6s:398ms]
2013-08-08 18:36:29.078 PROFILE  [Midas stop] [43ms]
2013-08-08 18:36:30.546 PROFILE  [Stop Drivers] [1s:465ms]
2013-08-08 18:36:30.546 PROFILE  [Registration data] [0ms]
2013-08-08 18:36:30.546 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-08 18:36:30.843 PROFILE  [Parental uninit] [114ms]
2013-08-08 18:36:30.843 PROFILE  [WSACleanup] [0ms]
2013-08-08 18:36:31.656 PROFILE  [Free SF] [825ms]
2013-08-08 18:36:31.750 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-08 18:36:31.750 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-08 18:36:31.781 PROFILE  [OBK unload] [25ms]
2013-08-08 18:36:32.375 PROFILE  [LogUnInit] [0ms]
2013-08-08 22:19:27.375 PROFILE  [Midas stop] [0ms]
2013-08-08 22:19:27.375 PROFILE  [Stop Drivers] [1ms]
2013-08-08 22:19:27.375 PROFILE  [Registration data] [0ms]
2013-08-08 22:19:27.375 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-08 22:19:27.375 PROFILE  [Parental uninit] [0ms]
2013-08-08 22:19:27.375 PROFILE  [WSACleanup] [0ms]
2013-08-08 22:19:27.671 PROFILE  [Free SF] [306ms]
2013-08-08 22:19:27.687 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-08 22:19:27.687 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-08 22:19:27.687 PROFILE  [OBK unload] [0ms]
2013-08-08 22:19:27.718 PROFILE  [LogUnInit] [0ms]
2013-08-08 22:19:35.437 PROFILE  [CM Stop & eventq uninit] [7s:712ms]
2013-08-08 22:19:35.437 PROFILE  [npcomm uninit] [0ms]
2013-08-08 22:19:35.437 PROFILE  [STOP Received - time] [8s:233ms]
2013-08-10 10:43:13.406 PROFILE  [Midas stop] [517ms]
2013-08-10 10:43:14.046 PROFILE  [Stop Drivers] [574ms]
2013-08-10 10:43:14.046 PROFILE  [Registration data] [0ms]
2013-08-10 10:43:14.046 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-10 10:43:14.046 PROFILE  [Parental uninit] [0ms]
2013-08-10 10:43:14.046 PROFILE  [WSACleanup] [0ms]
2013-08-10 10:43:14.312 PROFILE  [Free SF] [266ms]
2013-08-10 10:43:14.312 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-10 10:43:14.312 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-10 10:43:14.312 PROFILE  [OBK unload] [0ms]
2013-08-10 10:43:14.359 PROFILE  [LogUnInit] [0ms]
2013-08-10 10:43:28.359 PROFILE  [CM Stop & eventq uninit] [13s:992ms]
2013-08-10 10:43:28.359 PROFILE  [npcomm uninit] [0ms]
2013-08-10 10:43:28.359 PROFILE  [STOP Received - time] [15s:494ms]
2013-08-11 02:12:48.843 PROFILE  [Midas stop] [773ms]
2013-08-11 02:12:54.250 PROFILE  [Stop Drivers] [5s:218ms]
2013-08-11 02:12:54.250 PROFILE  [Registration data] [0ms]
2013-08-11 02:12:54.250 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-11 02:12:54.343 PROFILE  [Parental uninit] [0ms]
2013-08-11 02:12:54.343 PROFILE  [WSACleanup] [0ms]
2013-08-11 02:12:56.546 PROFILE  [Free SF] [2s:195ms]
2013-08-11 02:12:56.750 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-11 02:12:56.750 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-11 02:12:56.750 PROFILE  [OBK unload] [0ms]
2013-08-11 02:12:58.515 PROFILE  [LogUnInit] [0ms]
2013-08-11 02:32:07.875 PROFILE  [Midas stop] [281ms]
2013-08-11 02:32:08.093 PROFILE  [Stop Drivers] [231ms]
2013-08-11 02:32:08.093 PROFILE  [Registration data] [0ms]
2013-08-11 02:32:08.093 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-11 02:32:08.093 PROFILE  [Parental uninit] [0ms]
2013-08-11 02:32:08.093 PROFILE  [WSACleanup] [0ms]
2013-08-11 02:32:08.390 PROFILE  [Free SF] [287ms]
2013-08-11 02:32:08.390 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-11 02:32:08.390 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-11 02:32:08.390 PROFILE  [OBK unload] [0ms]
2013-08-11 02:32:08.406 PROFILE  [LogUnInit] [0ms]
2013-08-11 02:32:17.421 PROFILE  [CM Stop & eventq uninit] [9s:21ms]
2013-08-11 02:32:17.421 PROFILE  [npcomm uninit] [0ms]
2013-08-11 02:32:17.421 PROFILE  [STOP Received - time] [9s:936ms]
2013-08-11 04:04:09.625 PROFILE  [Midas stop] [194ms]
2013-08-11 04:04:10.265 PROFILE  [Stop Drivers] [636ms]
2013-08-11 04:04:10.265 PROFILE  [Registration data] [0ms]
2013-08-11 04:04:10.265 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-11 04:04:10.265 PROFILE  [Parental uninit] [0ms]
2013-08-11 04:04:10.265 PROFILE  [WSACleanup] [0ms]
2013-08-11 04:04:10.375 PROFILE  [Free SF] [98ms]
2013-08-11 04:04:10.390 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-11 04:04:10.390 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-11 04:04:10.390 PROFILE  [OBK unload] [0ms]
2013-08-11 04:04:10.484 PROFILE  [LogUnInit] [0ms]


#8 Ship

Ship
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 11 August 2013 - 06:10 AM

 Results of screen317's Security Check version 0.99.72  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Bitdefender Antivirus                  
AVG Anti-Virus Business Edition 2012   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox 22.0 Firefox out of Date!  
 Google Chrome 28.0.1500.72  
 Google Chrome 28.0.1500.95  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Bitdefender Bitdefender vsserv.exe  
 Bitdefender Bitdefender bdparentalservice.exe  
 Bitdefender Bitdefender BdParentalSysTray.exe  
 Bitdefender Bitdefender bdagent.exe  
 Bitdefender Bitdefender updatesrv.exe  
 Bitdefender Bitdefender pmbxag.exe  
 Bitdefender Bitdefender bdapppassmgr.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#9 Ship

Ship
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 11 August 2013 - 06:29 AM

This is AdwCleaner[S1].txt :
 
 
# AdwCleaner v2.306 - Logfile created 08/11/2013 at 12:17:25
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Xxxx - Xxxx08
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Xxxx\Desktop\adwcleaner2.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v23.0 (en-US)
 
File : C:\Documents and Settings\Xxxx\Application Data\Mozilla\Firefox\Profiles\cd1s817r.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Documents and Settings\Xxxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
-\\ Opera v [Unable to get version]
 
File : C:\Documents and Settings\Xxxx\Application Data\Opera\Opera\operaprefs.ini
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [1147 octets] - [11/08/2013 12:17:01]
AdwCleaner[S1].txt - [1078 octets] - [11/08/2013 12:17:25]
 
########## EOF - C:\AdwCleaner[S1].txt - [1138 octets] ##########


#10 Ship

Ship
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 11 August 2013 - 06:34 AM

 
This AdwCleaner[R1].txt :
 
 
# AdwCleaner v2.306 - Logfile created 08/11/2013 at 12:17:01
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Xxxx - Xxxx08
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Xxxx\Desktop\adwcleaner2.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v23.0 (en-US)
 
File : C:\Documents and Settings\Xxxx\Application Data\Mozilla\Firefox\Profiles\cd1s817r.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Documents and Settings\Xxxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
-\\ Opera v [Unable to get version]
 
File : C:\Documents and Settings\Xxxx\Application Data\Opera\Opera\operaprefs.ini
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [1018 octets] - [11/08/2013 12:17:01]
 
########## EOF - C:\AdwCleaner[R1].txt - [1078 octets] ##########


 
This is the new bdlog.txt :
 
 
2013-08-04 10:28:47.500 PROFILE  [Midas stop] [92ms]
2013-08-04 10:28:49.609 PROFILE  [Stop Drivers] [2s:109ms]
2013-08-04 10:28:49.609 PROFILE  [Registration data] [0ms]
2013-08-04 10:28:49.609 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-04 10:28:49.640 PROFILE  [Parental uninit] [0ms]
2013-08-04 10:28:49.640 PROFILE  [WSACleanup] [0ms]
2013-08-04 10:28:49.781 PROFILE  [Free SF] [131ms]
2013-08-04 10:28:49.828 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-04 10:28:49.828 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-04 10:28:49.828 PROFILE  [OBK unload] [0ms]
2013-08-04 10:28:50.375 PROFILE  [LogUnInit] [0ms]
2013-08-04 13:06:06.640 PROFILE  [Midas stop] [0ms]
2013-08-04 13:06:06.640 PROFILE  [Stop Drivers] [3ms]
2013-08-04 13:06:06.640 PROFILE  [Registration data] [0ms]
2013-08-04 13:06:06.640 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-04 13:06:06.640 PROFILE  [Parental uninit] [0ms]
2013-08-04 13:06:06.640 PROFILE  [WSACleanup] [0ms]
2013-08-04 13:06:06.843 PROFILE  [Free SF] [201ms]
2013-08-04 13:06:06.843 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-04 13:06:06.843 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-04 13:06:06.843 PROFILE  [OBK unload] [0ms]
2013-08-04 13:06:06.843 PROFILE  [LogUnInit] [0ms]
2013-08-04 13:06:09.171 PROFILE  [CM Stop & eventq uninit] [2s:322ms]
2013-08-04 13:06:09.171 PROFILE  [npcomm uninit] [0ms]
2013-08-04 13:06:09.171 PROFILE  [STOP Received - time] [2s:535ms]
2013-08-04 20:07:42.281 PROFILE  [Midas stop] [0ms]
2013-08-04 20:07:42.390 PROFILE  [Stop Drivers] [3ms]
2013-08-04 20:07:42.390 PROFILE  [Registration data] [0ms]
2013-08-04 20:07:42.390 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-04 20:07:42.390 PROFILE  [Parental uninit] [0ms]
2013-08-04 20:07:42.390 PROFILE  [WSACleanup] [0ms]
2013-08-04 20:07:42.515 PROFILE  [Free SF] [123ms]
2013-08-04 20:07:42.515 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-04 20:07:42.515 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-04 20:07:42.515 PROFILE  [OBK unload] [0ms]
2013-08-04 20:07:42.515 PROFILE  [LogUnInit] [0ms]
2013-08-05 10:38:39.203 PROFILE  [Midas stop] [90ms]
2013-08-05 10:38:41.078 PROFILE  [Stop Drivers] [1s:878ms]
2013-08-05 10:38:41.078 PROFILE  [Registration data] [0ms]
2013-08-05 10:38:41.078 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-05 10:38:41.156 PROFILE  [Parental uninit] [0ms]
2013-08-05 10:38:41.156 PROFILE  [WSACleanup] [0ms]
2013-08-05 10:38:41.437 PROFILE  [Free SF] [275ms]
2013-08-05 10:38:41.562 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-05 10:38:41.562 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-05 10:38:41.562 PROFILE  [OBK unload] [0ms]
2013-08-05 10:38:41.656 PROFILE  [LogUnInit] [0ms]
2013-08-05 11:04:41.375 PROFILE  [Midas stop] [0ms]
2013-08-05 11:04:41.375 PROFILE  [Stop Drivers] [1ms]
2013-08-05 11:04:41.375 PROFILE  [Registration data] [0ms]
2013-08-05 11:04:41.375 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-05 11:04:41.375 PROFILE  [Parental uninit] [0ms]
2013-08-05 11:04:41.375 PROFILE  [WSACleanup] [0ms]
2013-08-05 11:04:41.562 PROFILE  [Free SF] [186ms]
2013-08-05 11:04:41.562 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-05 11:04:41.562 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-05 11:04:41.562 PROFILE  [OBK unload] [0ms]
2013-08-05 11:04:41.750 PROFILE  [LogUnInit] [0ms]
2013-08-05 11:04:44.375 PROFILE  [CM Stop & eventq uninit] [2s:620ms]
2013-08-05 11:04:44.375 PROFILE  [npcomm uninit] [0ms]
2013-08-05 11:04:44.375 PROFILE  [STOP Received - time] [3s:109ms]
2013-08-05 11:24:28.781 PROFILE  [Midas stop] [0ms]
2013-08-05 11:24:28.781 PROFILE  [Stop Drivers] [1ms]
2013-08-05 11:24:28.781 PROFILE  [Registration data] [0ms]
2013-08-05 11:24:28.781 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-05 11:24:28.781 PROFILE  [Parental uninit] [0ms]
2013-08-05 11:24:28.781 PROFILE  [WSACleanup] [0ms]
2013-08-05 11:24:28.921 PROFILE  [Free SF] [142ms]
2013-08-05 11:24:28.921 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-05 11:24:28.937 PROFILE  [AntiPh & AS unload] [1ms]
2013-08-05 11:24:28.937 PROFILE  [OBK unload] [0ms]
2013-08-05 11:24:28.937 PROFILE  [LogUnInit] [0ms]
2013-08-05 11:24:31.703 PROFILE  [CM Stop & eventq uninit] [2s:762ms]
2013-08-05 11:24:31.703 PROFILE  [npcomm uninit] [0ms]
2013-08-05 11:24:31.703 PROFILE  [STOP Received - time] [3s:58ms]
2013-08-05 16:10:38.250 PROFILE  [Midas stop] [83ms]
2013-08-05 16:10:38.531 PROFILE  [Stop Drivers] [282ms]
2013-08-05 16:10:38.531 PROFILE  [Registration data] [0ms]
2013-08-05 16:10:38.531 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-05 16:10:38.625 PROFILE  [Parental uninit] [0ms]
2013-08-05 16:10:38.625 PROFILE  [WSACleanup] [0ms]
2013-08-05 16:10:39.078 PROFILE  [Free SF] [453ms]
2013-08-05 16:10:39.281 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-05 16:10:39.281 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-05 16:10:39.281 PROFILE  [OBK unload] [0ms]
2013-08-05 16:10:39.546 PROFILE  [LogUnInit] [0ms]
2013-08-05 16:10:51.218 PROFILE  [CM Stop & eventq uninit] [11s:674ms]
2013-08-05 16:10:51.218 PROFILE  [npcomm uninit] [0ms]
2013-08-05 16:10:51.234 PROFILE  [STOP Received - time] [13s:199ms]
2013-08-07 15:14:16.781 PROFILE  [Midas stop] [1s:396ms]
2013-08-07 15:14:23.250 PROFILE  [Stop Drivers] [6s:353ms]
2013-08-07 15:14:23.250 PROFILE  [Registration data] [0ms]
2013-08-07 15:14:23.250 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-07 15:14:23.859 PROFILE  [Parental uninit] [0ms]
2013-08-07 15:14:23.859 PROFILE  [WSACleanup] [0ms]
2013-08-07 15:14:25.859 PROFILE  [Free SF] [2s:10ms]
2013-08-07 15:14:26.218 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-07 15:14:26.218 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-07 15:14:26.218 PROFILE  [OBK unload] [0ms]
2013-08-07 15:14:26.953 PROFILE  [LogUnInit] [0ms]
2013-08-08 12:51:09.953 PROFILE  [Midas stop] [26ms]
2013-08-08 12:51:10.203 PROFILE  [Stop Drivers] [232ms]
2013-08-08 12:51:10.203 PROFILE  [Registration data] [0ms]
2013-08-08 12:51:10.203 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-08 12:51:10.203 PROFILE  [Parental uninit] [0ms]
2013-08-08 12:51:10.203 PROFILE  [WSACleanup] [0ms]
2013-08-08 12:51:10.594 PROFILE  [Free SF] [389ms]
2013-08-08 12:51:10.610 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-08 12:51:10.610 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-08 12:51:10.610 PROFILE  [OBK unload] [0ms]
2013-08-08 12:51:10.828 PROFILE  [LogUnInit] [0ms]
2013-08-08 13:06:40.625 PROFILE  [Midas stop] [89ms]
2013-08-08 13:06:41.062 PROFILE  [Stop Drivers] [441ms]
2013-08-08 13:06:41.062 PROFILE  [Registration data] [0ms]
2013-08-08 13:06:41.062 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-08 13:06:41.187 PROFILE  [Parental uninit] [0ms]
2013-08-08 13:06:41.187 PROFILE  [WSACleanup] [0ms]
2013-08-08 13:06:41.562 PROFILE  [Free SF] [370ms]
2013-08-08 13:06:41.562 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-08 13:06:41.562 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-08 13:06:41.718 PROFILE  [OBK unload] [154ms]
2013-08-08 13:06:42.250 PROFILE  [LogUnInit] [0ms]
2013-08-08 13:06:46.828 PROFILE  [CM Stop & eventq uninit] [4s:585ms]
2013-08-08 13:06:46.828 PROFILE  [npcomm uninit] [0ms]
2013-08-08 13:06:46.828 PROFILE  [STOP Received - time] [6s:398ms]
2013-08-08 18:36:29.078 PROFILE  [Midas stop] [43ms]
2013-08-08 18:36:30.546 PROFILE  [Stop Drivers] [1s:465ms]
2013-08-08 18:36:30.546 PROFILE  [Registration data] [0ms]
2013-08-08 18:36:30.546 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-08 18:36:30.843 PROFILE  [Parental uninit] [114ms]
2013-08-08 18:36:30.843 PROFILE  [WSACleanup] [0ms]
2013-08-08 18:36:31.656 PROFILE  [Free SF] [825ms]
2013-08-08 18:36:31.750 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-08 18:36:31.750 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-08 18:36:31.781 PROFILE  [OBK unload] [25ms]
2013-08-08 18:36:32.375 PROFILE  [LogUnInit] [0ms]
2013-08-08 22:19:27.375 PROFILE  [Midas stop] [0ms]
2013-08-08 22:19:27.375 PROFILE  [Stop Drivers] [1ms]
2013-08-08 22:19:27.375 PROFILE  [Registration data] [0ms]
2013-08-08 22:19:27.375 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-08 22:19:27.375 PROFILE  [Parental uninit] [0ms]
2013-08-08 22:19:27.375 PROFILE  [WSACleanup] [0ms]
2013-08-08 22:19:27.671 PROFILE  [Free SF] [306ms]
2013-08-08 22:19:27.687 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-08 22:19:27.687 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-08 22:19:27.687 PROFILE  [OBK unload] [0ms]
2013-08-08 22:19:27.718 PROFILE  [LogUnInit] [0ms]
2013-08-08 22:19:35.437 PROFILE  [CM Stop & eventq uninit] [7s:712ms]
2013-08-08 22:19:35.437 PROFILE  [npcomm uninit] [0ms]
2013-08-08 22:19:35.437 PROFILE  [STOP Received - time] [8s:233ms]
2013-08-10 10:43:13.406 PROFILE  [Midas stop] [517ms]
2013-08-10 10:43:14.046 PROFILE  [Stop Drivers] [574ms]
2013-08-10 10:43:14.046 PROFILE  [Registration data] [0ms]
2013-08-10 10:43:14.046 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-10 10:43:14.046 PROFILE  [Parental uninit] [0ms]
2013-08-10 10:43:14.046 PROFILE  [WSACleanup] [0ms]
2013-08-10 10:43:14.312 PROFILE  [Free SF] [266ms]
2013-08-10 10:43:14.312 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-10 10:43:14.312 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-10 10:43:14.312 PROFILE  [OBK unload] [0ms]
2013-08-10 10:43:14.359 PROFILE  [LogUnInit] [0ms]
2013-08-10 10:43:28.359 PROFILE  [CM Stop & eventq uninit] [13s:992ms]
2013-08-10 10:43:28.359 PROFILE  [npcomm uninit] [0ms]
2013-08-10 10:43:28.359 PROFILE  [STOP Received - time] [15s:494ms]
2013-08-11 02:12:48.843 PROFILE  [Midas stop] [773ms]
2013-08-11 02:12:54.250 PROFILE  [Stop Drivers] [5s:218ms]
2013-08-11 02:12:54.250 PROFILE  [Registration data] [0ms]
2013-08-11 02:12:54.250 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-11 02:12:54.343 PROFILE  [Parental uninit] [0ms]
2013-08-11 02:12:54.343 PROFILE  [WSACleanup] [0ms]
2013-08-11 02:12:56.546 PROFILE  [Free SF] [2s:195ms]
2013-08-11 02:12:56.750 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-11 02:12:56.750 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-11 02:12:56.750 PROFILE  [OBK unload] [0ms]
2013-08-11 02:12:58.515 PROFILE  [LogUnInit] [0ms]
2013-08-11 02:32:07.875 PROFILE  [Midas stop] [281ms]
2013-08-11 02:32:08.093 PROFILE  [Stop Drivers] [231ms]
2013-08-11 02:32:08.093 PROFILE  [Registration data] [0ms]
2013-08-11 02:32:08.093 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-11 02:32:08.093 PROFILE  [Parental uninit] [0ms]
2013-08-11 02:32:08.093 PROFILE  [WSACleanup] [0ms]
2013-08-11 02:32:08.390 PROFILE  [Free SF] [287ms]
2013-08-11 02:32:08.390 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-11 02:32:08.390 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-11 02:32:08.390 PROFILE  [OBK unload] [0ms]
2013-08-11 02:32:08.406 PROFILE  [LogUnInit] [0ms]
2013-08-11 02:32:17.421 PROFILE  [CM Stop & eventq uninit] [9s:21ms]
2013-08-11 02:32:17.421 PROFILE  [npcomm uninit] [0ms]
2013-08-11 02:32:17.421 PROFILE  [STOP Received - time] [9s:936ms]
2013-08-11 04:04:09.625 PROFILE  [Midas stop] [194ms]
2013-08-11 04:04:10.265 PROFILE  [Stop Drivers] [636ms]
2013-08-11 04:04:10.265 PROFILE  [Registration data] [0ms]
2013-08-11 04:04:10.265 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-11 04:04:10.265 PROFILE  [Parental uninit] [0ms]
2013-08-11 04:04:10.265 PROFILE  [WSACleanup] [0ms]
2013-08-11 04:04:10.375 PROFILE  [Free SF] [98ms]
2013-08-11 04:04:10.390 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-11 04:04:10.390 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-11 04:04:10.390 PROFILE  [OBK unload] [0ms]
2013-08-11 04:04:10.484 PROFILE  [LogUnInit] [0ms]
2013-08-11 11:55:19.109 PROFILE  [Midas stop] [539ms]
2013-08-11 11:55:20.312 PROFILE  [Stop Drivers] [1s:200ms]
2013-08-11 11:55:20.312 PROFILE  [Registration data] [0ms]
2013-08-11 11:55:20.312 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-11 11:55:20.359 PROFILE  [Parental uninit] [0ms]
2013-08-11 11:55:20.406 PROFILE  [WSACleanup] [0ms]
2013-08-11 11:55:21.296 PROFILE  [Free SF] [884ms]
2013-08-11 11:55:21.656 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-11 11:55:21.656 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-11 11:55:21.656 PROFILE  [OBK unload] [0ms]
2013-08-11 11:55:22.234 PROFILE  [LogUnInit] [0ms]
2013-08-11 12:18:34.187 PROFILE  [Midas stop] [325ms]
2013-08-11 12:18:34.281 PROFILE  [Stop Drivers] [94ms]
2013-08-11 12:18:34.281 PROFILE  [Registration data] [0ms]
2013-08-11 12:18:34.281 PROFILE  [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2013-08-11 12:18:34.281 PROFILE  [Parental uninit] [0ms]
2013-08-11 12:18:34.281 PROFILE  [WSACleanup] [0ms]
2013-08-11 12:18:34.328 PROFILE  [Free SF] [44ms]
2013-08-11 12:18:34.328 PROFILE  [UninitializeMultiUserSupport] [0ms]
2013-08-11 12:18:34.328 PROFILE  [AntiPh & AS unload] [0ms]
2013-08-11 12:18:34.328 PROFILE  [OBK unload] [0ms]
2013-08-11 12:18:34.390 PROFILE  [LogUnInit] [0ms]
2013-08-11 12:18:43.421 PROFILE  [CM Stop & eventq uninit] [9s:32ms]
2013-08-11 12:18:43.421 PROFILE  [npcomm uninit] [0ms]
2013-08-11 12:18:43.453 PROFILE  [STOP Received - time] [9s:761ms]
 
 
OK - what next?

Edited by Ship, 11 August 2013 - 06:35 AM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 AM

Posted 11 August 2013 - 07:24 AM


This script will remove the remnant items from AVG.

Open notepad and copy/paste the text in the quote box below into it:


SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}
{8decf618-9569-4340-b34a-d78d28969b66}

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

All looks good.

Let me know what problem persists.

p.s.
I have no way of checking the BD log.

#12 Ship

Ship
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 11 August 2013 - 11:41 AM

I did exactly as requested however I still got exactly the same warning messages about AVG still being already installed and proceed at your own risk... which I then did. 

 

More shortly.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 AM

Posted 11 August 2013 - 12:31 PM

Run the ComboFix script and ignore the message.

Restart the computer normally.

Post a fresh ComboFix log.

#14 Ship

Ship
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 11 August 2013 - 02:15 PM

ComboFix 13-08-11.02 - Xxxx 1/Aug/2013  17:42:10.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.3070.2100 [GMT 1:00]
Running from: c:\documents and settings\Xxxx\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Xxxx\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
.
.
2013-08-08 21:18 . 2013-08-08 21:18 -------- d-----w- c:\program files\ESET
2013-08-08 12:25 . 2013-08-08 12:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-08 12:25 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-07 11:06 . 2013-08-07 11:06 -------- d-----w- c:\windows\ERUNT
2013-08-05 15:21 . 2013-08-05 15:21 -------- d-----w- c:\documents and settings\Xxxx\Local Settings\Application Data\Sun
2013-08-05 14:40 . 2013-08-05 14:40 -------- d-----w- c:\program files\Common Files\Java
2013-08-05 14:40 . 2013-08-05 14:37 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-05 14:39 . 2013-08-05 14:37 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-05 14:39 . 2013-08-05 14:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-05 11:11 . 2013-08-05 14:18 -------- d-----w- c:\windows\027B5748C40941FE949B7B81A8304EF4.TMP
2013-08-04 09:31 . 2013-08-04 09:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
2013-08-03 01:47 . 2013-08-03 01:47 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-08-03 01:16 . 2013-08-03 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2013-08-03 01:16 . 2013-07-23 15:50 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-08-03 01:16 . 2013-02-22 18:46 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2013-08-03 01:16 . 2007-04-11 10:11 511328 ----a-w- c:\windows\capicom.dll
2013-08-03 01:15 . 2013-07-19 17:06 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-08-03 01:15 . 2013-07-19 17:03 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-08-03 01:15 . 2012-11-02 13:17 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-08-03 01:15 . 2013-08-03 01:15 -------- d-----w- c:\documents and settings\Xxxx\Application Data\Bitdefender
2013-08-03 01:11 . 2013-08-03 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
2013-08-03 01:11 . 2012-10-04 13:30 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-08-03 01:11 . 2013-08-03 01:11 -------- d-----w- c:\program files\Bitdefender
2013-08-03 01:11 . 2013-05-28 11:11 355744 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-08-03 00:26 . 2013-08-03 00:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan
2013-08-03 00:22 . 2013-08-03 00:22 -------- d-----w- c:\documents and settings\Xxxx\Application Data\QuickScan
2013-08-03 00:19 . 2013-08-03 01:11 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-08-01 09:53 . 2013-08-05 11:11 -------- d-----w- c:\program files\Enigma Software Group
2013-08-01 09:53 . 2013-08-01 11:13 -------- d-----w- c:\windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-07-31 15:30 . 2013-07-31 15:30 59816 ----a-r- c:\documents and settings\Xxxx\Application Data\Microsoft\Installer\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}\ARPPRODUCTICON.exe
2013-07-22 16:07 . 2013-07-22 16:07 -------- d-----w- c:\documents and settings\Xxxx\Local Settings\Application Data\Downloaded Installations
2013-07-19 09:12 . 2013-07-19 09:12 -------- d-----w- c:\documents and settings\Xxxx\Application Data\Windows Search
2013-07-15 15:33 . 2013-07-15 15:33 -------- d-----w- c:\program files\Dropbox
2013-07-12 17:09 . 2013-07-12 17:16 -------- d-----w- c:\windows\system32\MRT
2013-07-12 17:02 . 2013-07-15 23:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2013-07-12 16:56 . 2013-07-12 16:56 -------- d-----w- c:\documents and settings\Xxxx\Local Settings\Application Data\Identities
2013-07-12 16:56 . 2013-07-22 10:37 -------- d-----w- c:\program files\Windows Desktop Search
2013-07-12 16:55 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2013-07-12 16:55 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2013-07-12 16:55 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-11 10:40 . 2012-04-18 09:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-11 10:40 . 2011-06-09 22:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-05 14:37 . 2010-05-03 17:16 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-23 18:33 . 2007-04-27 11:43 120200 ------w- c:\windows\system32\DLLDEV32i.dll
2013-06-20 16:42 . 2013-06-20 16:42 338216 ----a-w- c:\windows\system32\TpShocks.exe
2013-06-20 16:42 . 2013-06-20 16:42 280872 ----a-w- c:\windows\system32\TpShEvUI.exe
2013-06-20 16:42 . 2013-06-20 16:42 108840 ----a-w- c:\windows\system32\TpShCTL.exe
2013-06-20 16:42 . 2013-06-20 16:42 493864 ----a-w- c:\windows\system32\TpShCPL.dll
2013-06-20 16:42 . 2013-06-20 16:42 387368 ----a-w- c:\windows\system32\TpShCPL.cpl
2013-06-20 15:49 . 2013-06-20 15:49 42240 ----a-w- c:\windows\system32\TPHDEXLG.exe
2013-06-20 15:49 . 2013-06-20 15:49 22784 ----a-w- c:\windows\system32\drivers\ApsHM86.sys
2013-06-20 15:49 . 2013-06-20 15:49 22520 ----a-w- c:\windows\system32\Sensor.DLL
2013-06-20 15:49 . 2013-06-20 15:49 131328 ----a-w- c:\windows\system32\drivers\ApsX86.sys
2013-06-08 14:08 . 2010-02-23 15:40 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 14:08 . 2010-02-23 15:40 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 14:08 . 2010-02-23 15:40 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-06-08 14:08 . 2010-02-23 15:40 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-06-07 22:55 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 12:00 562688 ------w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-29 20:43 . 2008-07-03 22:53 347888 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-05-29 20:43 . 2013-07-01 17:55 143088 ----a-w- c:\windows\system32\SynTPCo14.dll
2013-05-29 20:43 . 2008-07-03 23:09 175856 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-05-29 20:43 . 2008-07-03 22:55 540400 ----a-w- c:\windows\system32\SynCOM.dll
2013-05-27 18:40 . 2010-02-23 15:40 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-05-27 18:40 . 2010-02-23 15:40 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2010-12-23 831488]
"X1FileMonitor.exe"="c:\progra~1\X1\X1FileMonitor.exe" [2012-06-06 400024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-07-26 470520]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-07-26 613696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2013-06-20 338216]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2013-01-11 3713832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2009-09-03 436800]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2012-09-07 432016]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2012-09-07 190352]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2011-10-20 101440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-05-29 2379504]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-07-24 1830144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-07-26 470520]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-08-03 899024]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-07-26 613696]
.
c:\documents and settings\Xxxx\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-6-12 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2013-06-08 14:08 92488 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 13:41 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Xxxx\\Desktop\\utorrent.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\Xxxx\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [03/Aug/2013 02:15 640560]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [22/Jan/2010 04:29 24264]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [03/Aug/2013 02:11 162976]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [20/Jun/2013 16:49 22784]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [01/Apr/2010 18:55 13680]
R2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [03/Aug/2013 02:16 68344]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [22/Jan/2010 04:29 280640]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [20/Apr/2011 22:37 109728]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [25/Jul/2012 10:44 12184]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [29/Sep/2010 18:50 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/Aug/2008 13:41 13624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [08/Aug/2013 13:25 418376]
R2 OrangeMobileBroadband_Service;OrangeMobileBroadband_Service;c:\program files\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe [25/Jan/2011 18:14 333264]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [22/Jan/2010 04:29 1645568]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [09/Jun/2011 23:36 1663272]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13/Mar/2009 15:47 12560]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [01/Dec/2012 22:36 4150112]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [14/May/2008 17:25 520192]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [03/Aug/2013 02:16 54960]
R2 WTGService;WTGService;c:\program files\InternetEverywhere\WTGService.exe [19/Dec/2010 18:10 308688]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [03/Aug/2013 02:15 242504]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [03/Aug/2013 02:16 116560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/Aug/2013 13:25 22856]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [11/Dec/2010 18:36 6609920]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/Feb/2008 16:54 37312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/Jan/2010 02:10 135664]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe --> c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/Aug/2013 13:25 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21/Jun/2013 09:53 162408]
S2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [12/Jun/2011 23:38 272864]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [03/Aug/2013 02:15 490144]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [12/Jun/2011 23:38 642432]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [03/Aug/2013 02:16 66832]
S3 CH341ENUM;CH341ENUM;c:\windows\system32\DRIVERS\CH34ENUM.sys --> c:\windows\system32\DRIVERS\CH34ENUM.sys [?]
S3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS --> c:\windows\system32\Drivers\CH341SER.SYS [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/Dec/2009 10:58 11336]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [26/Jan/2011 00:21 100224]
S3 FSDFU;FSDFU;c:\windows\system32\drivers\fsdfu.sys [15/Apr/2011 13:29 10433]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [19/Dec/2010 18:10 66560]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [19/Dec/2010 18:10 107520]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [19/Dec/2010 18:10 8064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22/Jan/2010 02:10 135664]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [02/Sep/2011 07:31 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [02/Sep/2011 07:31 12184]
S4 Hwsl2vic;Hwsl2vic; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-30 18:57 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 01:10]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 01:10]
.
2013-07-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2013-08-11 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-01-22 04:20]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Docs/My_Clients/Traigh/web/t1/t1/launch.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Bitdefender\Bitdefender\BdProvider.dll
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Xxxx\Application Data\Mozilla\Firefox\Profiles\cd1s817r.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Docs/My_Clients/Traigh/web/t1/t1/launch.html
FF - prefs.js: network.proxy.ftp - 77.68.53.63
FF - prefs.js: network.proxy.ftp_port - 808
FF - prefs.js: network.proxy.http - 77.68.53.63
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.socks - 77.68.53.63
FF - prefs.js: network.proxy.socks_port - 808
FF - prefs.js: network.proxy.ssl - 77.68.53.63
FF - prefs.js: network.proxy.ssl_port - 808
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-08-02 15:50; ffpwdman@bitdefender.com; c:\program files\Bitdefender\Bitdefender\ffpwdman
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-11 17:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  SynTPEnh = %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe???????????????????????????????????????????????????????????????????????????????????? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1504)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1560)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\Bitdefender\Bitdefender\BdProvider.dll
.
- - - - - - - > 'explorer.exe'(1432)
c:\windows\system32\WININET.dll
c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2013-08-11  17:57:31
ComboFix-quarantined-files.txt  2013-08-11 16:57
ComboFix2.txt  2013-08-11 10:37
.
Pre-Run: 24,500,899,840 bytes free
Post-Run: 24,592,457,728 bytes free
.
- - End Of File - - 87221454AEA5DE06C6DAAD58F34D336C
72F14B9E2FA1AFFE2C0DA31FA33CC53D

 
Wait it looks like BitDefender's firewall was left on by mistake. Let me run that again and revert.

Edited by Ship, 11 August 2013 - 02:19 PM.


#15 Ship

Ship
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 11 August 2013 - 02:33 PM

OK this time I managed to disable the firewall.
 
ComboFix 13-08-11.02 - Xxxx 1/Aug/2013  20:20:06.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.3070.2190 [GMT 1:00]
Running from: c:\documents and settings\Xxxx\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
.
.
2013-08-08 21:18 . 2013-08-08 21:18 -------- d-----w- c:\program files\ESET
2013-08-08 12:25 . 2013-08-08 12:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-08 12:25 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-07 11:06 . 2013-08-07 11:06 -------- d-----w- c:\windows\ERUNT
2013-08-05 15:21 . 2013-08-05 15:21 -------- d-----w- c:\documents and settings\Xxxx\Local Settings\Application Data\Sun
2013-08-05 14:40 . 2013-08-05 14:40 -------- d-----w- c:\program files\Common Files\Java
2013-08-05 14:40 . 2013-08-05 14:37 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-05 14:39 . 2013-08-05 14:37 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-05 14:39 . 2013-08-05 14:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-05 11:11 . 2013-08-05 14:18 -------- d-----w- c:\windows\027B5748C40941FE949B7B81A8304EF4.TMP
2013-08-04 09:31 . 2013-08-04 09:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
2013-08-03 01:47 . 2013-08-03 01:47 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-08-03 01:16 . 2013-08-03 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2013-08-03 01:16 . 2013-07-23 15:50 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-08-03 01:16 . 2013-02-22 18:46 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2013-08-03 01:16 . 2007-04-11 10:11 511328 ----a-w- c:\windows\capicom.dll
2013-08-03 01:15 . 2013-07-19 17:06 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-08-03 01:15 . 2013-07-19 17:03 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-08-03 01:15 . 2012-11-02 13:17 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-08-03 01:15 . 2013-08-03 01:15 -------- d-----w- c:\documents and settings\Xxxx\Application Data\Bitdefender
2013-08-03 01:11 . 2013-08-03 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
2013-08-03 01:11 . 2012-10-04 13:30 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-08-03 01:11 . 2013-08-03 01:11 -------- d-----w- c:\program files\Bitdefender
2013-08-03 01:11 . 2013-05-28 11:11 355744 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-08-03 00:26 . 2013-08-03 00:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan
2013-08-03 00:22 . 2013-08-03 00:22 -------- d-----w- c:\documents and settings\Xxxx\Application Data\QuickScan
2013-08-03 00:19 . 2013-08-03 01:11 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-08-01 09:53 . 2013-08-05 11:11 -------- d-----w- c:\program files\Enigma Software Group
2013-08-01 09:53 . 2013-08-01 11:13 -------- d-----w- c:\windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-07-31 15:30 . 2013-07-31 15:30 59816 ----a-r- c:\documents and settings\Xxxx\Application Data\Microsoft\Installer\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}\ARPPRODUCTICON.exe
2013-07-22 16:07 . 2013-07-22 16:07 -------- d-----w- c:\documents and settings\Xxxx\Local Settings\Application Data\Downloaded Installations
2013-07-19 09:12 . 2013-07-19 09:12 -------- d-----w- c:\documents and settings\Xxxx\Application Data\Windows Search
2013-07-15 15:33 . 2013-07-15 15:33 -------- d-----w- c:\program files\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-11 10:40 . 2012-04-18 09:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-11 10:40 . 2011-06-09 22:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-05 14:37 . 2010-05-03 17:16 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-23 18:33 . 2007-04-27 11:43 120200 ------w- c:\windows\system32\DLLDEV32i.dll
2013-06-20 16:42 . 2013-06-20 16:42 338216 ----a-w- c:\windows\system32\TpShocks.exe
2013-06-20 16:42 . 2013-06-20 16:42 280872 ----a-w- c:\windows\system32\TpShEvUI.exe
2013-06-20 16:42 . 2013-06-20 16:42 108840 ----a-w- c:\windows\system32\TpShCTL.exe
2013-06-20 16:42 . 2013-06-20 16:42 493864 ----a-w- c:\windows\system32\TpShCPL.dll
2013-06-20 16:42 . 2013-06-20 16:42 387368 ----a-w- c:\windows\system32\TpShCPL.cpl
2013-06-20 15:49 . 2013-06-20 15:49 42240 ----a-w- c:\windows\system32\TPHDEXLG.exe
2013-06-20 15:49 . 2013-06-20 15:49 22784 ----a-w- c:\windows\system32\drivers\ApsHM86.sys
2013-06-20 15:49 . 2013-06-20 15:49 22520 ----a-w- c:\windows\system32\Sensor.DLL
2013-06-20 15:49 . 2013-06-20 15:49 131328 ----a-w- c:\windows\system32\drivers\ApsX86.sys
2013-06-08 14:08 . 2010-02-23 15:40 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 14:08 . 2010-02-23 15:40 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 14:08 . 2010-02-23 15:40 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-06-08 14:08 . 2010-02-23 15:40 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-06-07 22:55 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 12:00 562688 ------w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-29 20:43 . 2008-07-03 22:53 347888 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-05-29 20:43 . 2013-07-01 17:55 143088 ----a-w- c:\windows\system32\SynTPCo14.dll
2013-05-29 20:43 . 2008-07-03 23:09 175856 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-05-29 20:43 . 2008-07-03 22:55 540400 ----a-w- c:\windows\system32\SynCOM.dll
2013-05-27 18:40 . 2010-02-23 15:40 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-05-27 18:40 . 2010-02-23 15:40 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2010-12-23 831488]
"X1FileMonitor.exe"="c:\progra~1\X1\X1FileMonitor.exe" [2012-06-06 400024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-07-26 470520]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-07-26 613696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2013-06-20 338216]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2013-01-11 3713832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2009-09-03 436800]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2012-09-07 432016]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2012-09-07 190352]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2011-10-20 101440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-05-29 2379504]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-07-24 1830144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-07-26 470520]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-08-03 899024]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-07-26 613696]
.
c:\documents and settings\Xxxx\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-6-12 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2013-06-08 14:08 92488 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 13:41 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Xxxx\\Desktop\\utorrent.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\Xxxx\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [03/Aug/2013 02:15 640560]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [22/Jan/2010 04:29 24264]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [03/Aug/2013 02:11 162976]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [20/Jun/2013 16:49 22784]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [01/Apr/2010 18:55 13680]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [22/Jan/2010 04:29 280640]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [20/Apr/2011 22:37 109728]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [25/Jul/2012 10:44 12184]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [29/Sep/2010 18:50 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/Aug/2008 13:41 13624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [08/Aug/2013 13:25 418376]
R2 OrangeMobileBroadband_Service;OrangeMobileBroadband_Service;c:\program files\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe [25/Jan/2011 18:14 333264]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [22/Jan/2010 04:29 1645568]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [09/Jun/2011 23:36 1663272]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13/Mar/2009 15:47 12560]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [01/Dec/2012 22:36 4150112]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [14/May/2008 17:25 520192]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [03/Aug/2013 02:16 54960]
R2 WTGService;WTGService;c:\program files\InternetEverywhere\WTGService.exe [19/Dec/2010 18:10 308688]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [03/Aug/2013 02:15 242504]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [03/Aug/2013 02:16 116560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/Aug/2013 13:25 22856]
R3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [11/Dec/2010 18:36 6609920]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/Feb/2008 16:54 37312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/Jan/2010 02:10 135664]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe --> c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/Aug/2013 13:25 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21/Jun/2013 09:53 162408]
S2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [12/Jun/2011 23:38 272864]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [03/Aug/2013 02:15 490144]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [12/Jun/2011 23:38 642432]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [03/Aug/2013 02:16 66832]
S3 CH341ENUM;CH341ENUM;c:\windows\system32\DRIVERS\CH34ENUM.sys --> c:\windows\system32\DRIVERS\CH34ENUM.sys [?]
S3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS --> c:\windows\system32\Drivers\CH341SER.SYS [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/Dec/2009 10:58 11336]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [26/Jan/2011 00:21 100224]
S3 FSDFU;FSDFU;c:\windows\system32\drivers\fsdfu.sys [15/Apr/2011 13:29 10433]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [19/Dec/2010 18:10 66560]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [19/Dec/2010 18:10 107520]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [19/Dec/2010 18:10 8064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22/Jan/2010 02:10 135664]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [02/Sep/2011 07:31 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [02/Sep/2011 07:31 12184]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [03/Aug/2013 02:16 68344]
S4 Hwsl2vic;Hwsl2vic; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-30 18:57 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 01:10]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 01:10]
.
2013-07-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2013-08-11 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-01-22 04:20]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Docs/My_Clients/Traigh/web/t1/t1/launch.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Xxxx\Application Data\Mozilla\Firefox\Profiles\cd1s817r.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Docs/My_Clients/Traigh/web/t1/t1/launch.html
FF - prefs.js: network.proxy.ftp - 77.68.53.63
FF - prefs.js: network.proxy.ftp_port - 808
FF - prefs.js: network.proxy.http - 77.68.53.63
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.socks - 77.68.53.63
FF - prefs.js: network.proxy.socks_port - 808
FF - prefs.js: network.proxy.ssl - 77.68.53.63
FF - prefs.js: network.proxy.ssl_port - 808
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-08-02 15:50; ffpwdman@bitdefender.com; c:\program files\Bitdefender\Bitdefender\ffpwdman
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-11 20:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  SynTPEnh = %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe???????????????????????????????????????????????????????????????????????????????????? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1504)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1560)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\Bitdefender\Bitdefender\BdProvider.dll
.
- - - - - - - > 'explorer.exe'(5900)
c:\windows\system32\WININET.dll
c:\documents and settings\Xxxx\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-11  20:29:43
ComboFix-quarantined-files.txt  2013-08-11 19:29
ComboFix2.txt  2013-08-11 10:37
.
Pre-Run: 24,589,803,520 bytes free
Post-Run: 24,581,132,288 bytes free
.
- - End Of File - - 93D12E0CF7C7789A3B16BA43736690CB
72F14B9E2FA1AFFE2C0DA31FA33CC53D
 
P.S. Drat - I posted the above before I rebooted. Does that matter? (fwiw, I have now rebooted)
 
So  what next?

Edited by Ship, 11 August 2013 - 02:38 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users