djjeetu

Members

View Profile See their activity

Posts
10
Joined
August 8, 2012
Last visited
August 9, 2012

Reputation

0 Neutral

help cleaning Zeroaccess!inf

djjeetu replied to djjeetu's topic in Resolved Malware Removal Logs

this time i didn't get any msg or anything on the malwarebyte.. thank U.. this was the best... mbam-log-2012-08-09 (16-34-34).txt
- August 9, 2012
- 17 replies
help cleaning Zeroaccess!inf

djjeetu replied to djjeetu's topic in Resolved Malware Removal Logs

here is the combofix log i got back this time. ComboFix.txt
- August 9, 2012
- 17 replies
help cleaning Zeroaccess!inf

djjeetu replied to djjeetu's topic in Resolved Malware Removal Logs

here is the log i got back Fixlog.txt
- August 9, 2012
- 17 replies
help cleaning Zeroaccess!inf

djjeetu replied to djjeetu's topic in Resolved Malware Removal Logs

here you go. thanks again for guiding me. FRST.txt Search.txt
- August 9, 2012
- 17 replies
help cleaning Zeroaccess!inf

djjeetu replied to djjeetu's topic in Resolved Malware Removal Logs

RogueKiller log RKreport1.txt
- August 9, 2012
- 17 replies
help cleaning Zeroaccess!inf

djjeetu replied to djjeetu's topic in Resolved Malware Removal Logs

here are the 3 log i got. Attach.txt DDS.txt mbam-log-2012-08-09 (11-14-54).txt
- August 9, 2012
- 17 replies
help cleaning Zeroaccess!inf

djjeetu replied to djjeetu's topic in Resolved Malware Removal Logs

<p> </p> <div>ComboFix 12-08-08.03 - Harish 08/09/2012 10:25:49.2.2 - x86 NETWORK</div> <div>Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3062.2527 [GMT -4:00]</div> <div>Running from: c:\users\Harish\Desktop\ComboFix.exe</div> <div>AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}</div> <div>AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}</div> <div>FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}</div> <div>SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}</div> <div>SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}</div> <div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\windows\assembly\GAC\Desktop.ini</div> <div>.</div> <div>c:\windows\system32\Services.exe . . . is infected!!</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2012-08-09 14:52 . 2012-08-09 14:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\config\systemprofile\AppData\Local\temp</div> <div>2012-08-09 14:52 . 2012-08-09 14:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div> <div>2012-08-08 22:44 . 2012-08-08 22:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\FRST</div> <div>2012-08-08 20:04 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>353688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswSP.sys</div> <div>2012-08-08 20:04 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>21256<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswFsBlk.sys</div> <div>2012-08-08 20:04 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>54232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswTdi.sys</div> <div>2012-08-08 20:04 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>35928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswRdr.sys</div> <div>2012-08-08 20:04 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>721000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswSnx.sys</div> <div>2012-08-08 20:04 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>57656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswMonFlt.sys</div> <div>2012-08-08 20:02 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>41224<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\avastSS.scr</div> <div>2012-08-08 20:01 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>227648<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\aswBoot.exe</div> <div>2012-08-08 20:00 . 2012-08-08 20:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVAST Software</div> <div>2012-08-08 20:00 . 2012-08-08 20:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVAST Software</div> <div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>9310<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS</div> <div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>8646<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS</div> <div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>6429<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS</div> <div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>63115<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS</div> <div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>5927<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS</div> <div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>4599<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS</div> <div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>8613<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS</div> <div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>6910<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS</div> <div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>1651<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS</div> <div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>8288<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS</div> <div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>6208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS</div> <div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>18541<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS</div> <div>2012-08-08 19:45 . 2012-08-08 19:45<span class="Apple-tab-span" style="white-space:pre"> </span>7271<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS</div> <div>2012-08-08 19:45 . 2012-08-08 19:45<span class="Apple-tab-span" style="white-space:pre"> </span>51852<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS</div> <div>2012-08-08 19:45 . 2012-08-08 19:45<span class="Apple-tab-span" style="white-space:pre"> </span>23327<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS</div> <div>2012-08-08 19:45 . 2012-08-08 19:45<span class="Apple-tab-span" style="white-space:pre"> </span>20719<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS</div> <div>2012-08-08 19:45 . 2012-08-08 19:45<span class="Apple-tab-span" style="white-space:pre"> </span>8782<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS</div> <div>2012-08-07 17:41 . 2012-08-07 17:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ESET</div> <div>2012-07-23 20:48 . 2012-07-23 20:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Harish\AppData\Roaming\Malwarebytes</div> <div>2012-07-23 20:47 . 2012-07-23 20:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div> <div>2012-07-23 20:47 . 2012-07-23 20:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div> <div>2012-07-23 20:47 . 2012-07-03 17:46<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-07-23 20:41 . 2012-07-23 20:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Harish\AppData\Local\Macromedia</div> <div>2012-07-23 20:22 . 2012-07-23 20:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Harish\temp</div> <div>2012-07-19 23:17 . 2012-06-13 13:40<span class="Apple-tab-span" style="white-space:pre"> </span>2047488<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div> <div>2012-07-19 15:48 . 2012-07-19 15:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iPod</div> <div>2012-07-19 15:48 . 2012-07-19 15:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes</div> <div>2012-07-13 15:15 . 2012-07-25 14:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps</div> <div>2012-07-11 15:46 . 2012-06-05 16:47<span class="Apple-tab-span" style="white-space:pre"> </span>708608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\System\ado\msado15.dll</div> <div>2012-07-11 15:46 . 2012-06-05 16:47<span class="Apple-tab-span" style="white-space:pre"> </span>1401856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml6.dll</div> <div>2012-07-11 15:46 . 2012-06-05 16:47<span class="Apple-tab-span" style="white-space:pre"> </span>1248768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml3.dll</div> <div>2012-07-11 15:44 . 2012-06-04 15:26<span class="Apple-tab-span" style="white-space:pre"> </span>440704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\ksecdd.sys</div> <div>2012-07-11 15:44 . 2012-06-02 00:04<span class="Apple-tab-span" style="white-space:pre"> </span>278528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\schannel.dll</div> <div>2012-07-11 15:44 . 2012-06-02 00:03<span class="Apple-tab-span" style="white-space:pre"> </span>204288<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ncrypt.dll</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2012-08-07 18:02 . 2012-04-29 15:14<span class="Apple-tab-span" style="white-space:pre"> </span>426184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerApp.exe</div> <div>2012-08-07 18:02 . 2011-05-31 12:25<span class="Apple-tab-span" style="white-space:pre"> </span>70344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div> <div>2012-06-02 22:19 . 2012-06-19 05:38<span class="Apple-tab-span" style="white-space:pre"> </span>53784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuauclt.exe</div> <div>2012-06-02 22:19 . 2012-06-19 05:38<span class="Apple-tab-span" style="white-space:pre"> </span>45080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wups2.dll</div> <div>2012-06-02 22:19 . 2012-06-19 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>35864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wups.dll</div> <div>2012-06-02 22:19 . 2012-06-19 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>577048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapi.dll</div> <div>2012-06-02 22:19 . 2012-06-19 05:38<span class="Apple-tab-span" style="white-space:pre"> </span>1933848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaueng.dll</div> <div>2012-06-02 22:12 . 2012-06-19 05:38<span class="Apple-tab-span" style="white-space:pre"> </span>2422272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wucltux.dll</div> <div>2012-06-02 22:12 . 2012-06-19 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>88576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wudriver.dll</div> <div>2012-06-02 19:19 . 2012-06-19 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>171904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuwebv.dll</div> <div>2012-06-02 19:12 . 2012-06-19 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>33792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapp.exe</div> <div>.</div> <div>.</div> <div>------- Sigcheck -------</div> <div>Note: Unsigned files aren't necessarily malware.</div> <div>.</div> <div>[-] 2009-04-11 . 8737764F4FD36D6808EE80578409C843 . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe</div> <div>[7] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe</div> <div>[7] 2008-01-19 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe</div> <div>[7] 2006-11-02 . 329CF3C97CE4C19375C8ABCABAE258B0 . 279552 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]</div> <div>2012-06-07 01:33<span class="Apple-tab-span" style="white-space:pre"> </span>1519304<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Ask.com\GenericAskToolbar.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]</div> <div>"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]</div> <div>.</div> <div>[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]</div> <div>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]</div> <div>[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]</div> <div>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]</div> <div>.</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]</div> <div>"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]</div> <div>.</div> <div>[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]</div> <div>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]</div> <div>[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]</div> <div>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]</div> <div>@="{472083B0-C522-11CF-8763-00608CC02F24}"</div> <div>[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]</div> <div>2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>121528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVAST Software\Avast\ashShell.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]</div> <div>"GrpConv"="grpconv -o" [X]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]</div> <div>"AppInit_DLLs"=c:\windows\System32\APSHook.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]</div> <div>"aux"=wdmaud.drv</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]</div> <div>@="Driver"</div> <div>.</div> <div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]</div> <div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk</div> <div>backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup</div> <div>backupExtension=.CommonStartup</div> <div>.</div> <div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]</div> <div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk</div> <div>backup=c:\windows\pss\DVD Check.lnk.CommonStartup</div> <div>backupExtension=.CommonStartup</div> <div>.</div> <div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]</div> <div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk</div> <div>backup=c:\windows\pss\VPN Client.lnk.CommonStartup</div> <div>backupExtension=.CommonStartup</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]</div> <div>2012-01-03 13:10<span class="Apple-tab-span" style="white-space:pre"> </span>843712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]</div> <div>2012-05-03 18:07<span class="Apple-tab-span" style="white-space:pre"> </span>217256<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]</div> <div>2012-06-07 01:33<span class="Apple-tab-span" style="white-space:pre"> </span>1564872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Ask.com\Updater\Updater.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]</div> <div>2012-05-31 00:06<span class="Apple-tab-span" style="white-space:pre"> </span>59280<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]</div> <div>2012-03-28 13:47<span class="Apple-tab-span" style="white-space:pre"> </span>39816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Citrix\GoToMeeting\880\g2mstart.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]</div> <div>2008-10-09 12:58<span class="Apple-tab-span" style="white-space:pre"> </span>75008<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]</div> <div>2007-10-03 19:15<span class="Apple-tab-span" style="white-space:pre"> </span>480560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]</div> <div>2009-02-13 20:01<span class="Apple-tab-span" style="white-space:pre"> </span>141848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\System32\igfxtray.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]</div> <div>2009-01-07 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>1468296<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft IntelliPoint\ipoint.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]</div> <div>2012-06-07 23:33<span class="Apple-tab-span" style="white-space:pre"> </span>421776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes\iTunesHelper.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]</div> <div>2009-04-01 11:06<span class="Apple-tab-span" style="white-space:pre"> </span>320024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\PDF Complete\pdfsty.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]</div> <div>2009-02-13 20:00<span class="Apple-tab-span" style="white-space:pre"> </span>150552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\System32\igfxpers.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]</div> <div>2007-01-09 22:52<span class="Apple-tab-span" style="white-space:pre"> </span>145184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Push Client]</div> <div>2009-09-17 22:50<span class="Apple-tab-span" style="white-space:pre"> </span>935240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Harish\AppData\Local\ATT Connect\Participant\pull.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]</div> <div>2009-04-11 06:28<span class="Apple-tab-span" style="white-space:pre"> </span>1233920<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Sidebar\sidebar.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]</div> <div>2007-02-21 22:14<span class="Apple-tab-span" style="white-space:pre"> </span>1183744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Analog Devices\Core\smax4pnp.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]</div> <div>2012-01-17 15:07<span class="Apple-tab-span" style="white-space:pre"> </span>252296<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Java\Java Update\jusched.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]</div> <div>2009-01-09 17:44<span class="Apple-tab-span" style="white-space:pre"> </span>39408<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]</div> <div>2010-06-04 07:17<span class="Apple-tab-span" style="white-space:pre"> </span>1791272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Synaptics\SynTP\SynTPEnh.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]</div> <div>2007-09-15 07:29<span class="Apple-tab-span" style="white-space:pre"> </span>102400<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Synaptics\SynTP\SynTPStart.exe</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]</div> <div>"DisableMonitoring"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]</div> <div>"DisableMonitoring"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]</div> <div>"DisableMonitoring"=dword:00000001</div> <div>.</div> <div>R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]</div> <div>R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]</div> <div>.</div> <div>.</div> <div>--- Other Services/Drivers In Memory ---</div> <div>.</div> <div>*NewlyCreated* - ECACHE</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div> <div>LocalServiceNoNetwork<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>PLA DPS BFE mpssvc</div> <div>bthsvcs<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>BthServ</div> <div>Cognizance<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>ASBroker ASChannel</div> <div>LocalServiceAndNoImpersonation<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>FontCache</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]</div> <div>2007-04-19 20:23<span class="Apple-tab-span" style="white-space:pre"> </span>452136<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\LightScribe\LSRunOnce.exe</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job</div> <div>- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 18:02]</div> <div>.</div> <div>2012-07-25 c:\windows\Tasks\Google Software Updater.job</div> <div>- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-28 14:13]</div> <div>.</div> <div>2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-13 12:19]</div> <div>.</div> <div>2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-13 12:19]</div> <div>.</div> <div>2012-07-19 c:\windows\Tasks\HPCeeScheduleForHarish.job</div> <div>- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-07-03 18:38]</div> <div>.</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uStart Page = hxxp://www.agilisinternational.com/</div> <div>mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop</div> <div>uInternet Settings,ProxyServer = proxy.bls.com:8080</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>TCP: DhcpNameServer = 192.168.40.78 4.2.2.2 8.8.8.8</div> <div>TCP: Interfaces\{13258AD6-BD51-4005-AB9E-8F808C3AC8B2}: NameServer = 4.2.2.2</div> <div>FF - ProfilePath - c:\users\Harish\AppData\Roaming\Mozilla\Firefox\Profiles\axvvtmuj.default\</div> <div>FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=</div> <div>FF - prefs.js: browser.search.selectedEngine - Ask.com</div> <div>FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=WLEM&ocid=bb7hp</div> <div>FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_031&u=USERGUID&q=</div> <div>FF - prefs.js: network.proxy.ftp - proxy.bls.com</div> <div>FF - prefs.js: network.proxy.ftp_port - 8080</div> <div>FF - prefs.js: network.proxy.gopher - proxy.bls.com</div> <div>FF - prefs.js: network.proxy.gopher_port - 8080</div> <div>FF - prefs.js: network.proxy.http - proxy.bls.com</div> <div>FF - prefs.js: network.proxy.http_port - 8080</div> <div>FF - prefs.js: network.proxy.socks - proxy.bls.com</div> <div>FF - prefs.js: network.proxy.socks_port - 8080</div> <div>FF - prefs.js: network.proxy.ssl - proxy.bls.com</div> <div>FF - prefs.js: network.proxy.ssl_port - 8080</div> <div>FF - prefs.js: network.proxy.type - 0</div> <div>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</div> <div>FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div> <div>FF - Ext: Yontoo: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com</div> <div>FF - Ext: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - %profile%\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}</div> <div>FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}</div> <div>FF - Ext: Performance Cache: vbapxexskl@vbapxexskl.org - %profile%\extensions\vbapxexskl@vbapxexskl.org</div> <div>FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension</div> <div>FF - Ext: Norton Vulnerability Protection: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn</div> <div>FF - user.js: extentions.y2layers.installId - 4d7ae60f-10df-4d4e-ae19-7c048112865b</div> <div>FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,</div> <div>FF - user.js: extensions.autoDisableScopes - 14</div> <div>FF - user.js: security.csp.enable - false</div> <div>FF - user.js: yahoo.ytff.general.dontshowhpoffer - true</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>HKLM-RunOnce-<NO NAME> - (no file)</div> <div>.</div> <div>.</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div> <div>Rootkit scan 2012-08-09 10:52</div> <div>Windows 6.0.6002 Service Pack 2 NTFS</div> <div>.</div> <div>scanning hidden processes ... </div> <div>.</div> <div>scanning hidden autostart entries ... </div> <div>.</div> <div>scanning hidden files ... </div> <div>.</div> <div>scan completed successfully</div> <div>hidden files: 0</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\N360]</div> <div>"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"</div> <div>--</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\pdfcDispatcher]</div> <div>"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\8291c7b0]</div> <div>"imagepath"="\??\c:\windows\TEMP\7A4D.tmp"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\e4c76d50]</div> <div>"imagepath"="\??\c:\windows\TEMP\5F73.tmp"</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>"MSCurrentCountry"=dword:000000b5</div> <div>.</div> <div>Completion time: 2012-08-09 10:57:02</div> <div>ComboFix-quarantined-files.txt 2012-08-09 14:57</div> <div>ComboFix2.txt 2012-08-08 17:01</div> <div>ComboFix3.txt 2012-08-08 15:14</div> <div>.</div> <div>Pre-Run: 541,787,852,800 bytes free</div> <div>Post-Run: 541,734,428,672 bytes free</div> <div>.</div> <div>- - End Of File - - BBDB59A2BD1AC37CDAF416A48CA0630D</div> <div> </div>
- August 9, 2012
- 17 replies
help cleaning Zeroaccess!inf

djjeetu replied to djjeetu's topic in Resolved Malware Removal Logs

<p> </p> <div>.</div> <div>UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.</div> <div>IF REQUESTED, ZIP IT UP & ATTACH IT</div> <div>.</div> <div>DDS (Ver_2011-08-26.01)</div> <div>.</div> <div>Microsoft® Windows Vista™ Business </div> <div>Boot Device: \Device\HarddiskVolume1</div> <div>Install Date: 11/30/2007 1:06:29 AM</div> <div>System Uptime: 8/9/2012 12:02:19 PM (0 hours ago)</div> <div>.</div> <div>Motherboard: Hewlett-Packard | | 30C0</div> <div>Processor: Intel® Core2 Duo CPU T7100 @ 1.80GHz | U10 | 1800/200mhz</div> <div>.</div> <div>==== Disk Partitions =========================</div> <div>.</div> <div>C: is FIXED (NTFS) - 587 GiB total, 501.518 GiB free.</div> <div>D: is FIXED (NTFS) - 8 GiB total, 0.758 GiB free.</div> <div>E: is FIXED (NTFS) - 2 GiB total, 1.319 GiB free.</div> <div>F: is CDROM ()</div> <div>.</div> <div>==== Disabled Device Manager Items =============</div> <div>.</div> <div>Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}</div> <div>Description: Microsoft ISATAP Adapter</div> <div>Device ID: ROOT\*ISATAP\0022</div> <div>Manufacturer: Microsoft</div> <div>Name: Microsoft ISATAP Adapter #22</div> <div>PNP Device ID: ROOT\*ISATAP\0022</div> <div>Service: tunnel</div> <div>.</div> <div>Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}</div> <div>Description: Cisco Systems VPN Adapter</div> <div>Device ID: ROOT\NET\0000</div> <div>Manufacturer: Cisco Systems</div> <div>Name: Cisco Systems VPN Adapter</div> <div>PNP Device ID: ROOT\NET\0000</div> <div>Service: CVirtA</div> <div>.</div> <div>==== System Restore Points ===================</div> <div>.</div> <div>.</div> <div>==== Installed Programs ======================</div> <div>.</div> <div>.</div> <div> Update for Microsoft Office 2007 (KB2508958)</div> <div>2007 Microsoft Office system</div> <div>7-Zip 9.20</div> <div>Activation Assistant for the 2007 Microsoft Office suites</div> <div>ActiveCheck component for HP Active Support Library</div> <div>Adobe AIR</div> <div>Adobe Flash Player 11 ActiveX</div> <div>Adobe Flash Player 11 Plugin</div> <div>Adobe Reader X (10.1.3)</div> <div>Anti-phishing Domain Advisor</div> <div>Apple Application Support</div> <div>Apple Mobile Device Support</div> <div>Apple Software Update</div> <div>Application Installer 4.00.B14</div> <div>Ask Toolbar</div> <div>Ask Toolbar Updater</div> <div>AT&T Connect Participant Application v8.8.53</div> <div>avast! Free Antivirus</div> <div>Bing Bar</div> <div>blekko search bar</div> <div>Bonjour</div> <div>Business Contact Manager for Outlook 2007 SP2</div> <div>CCleaner</div> <div>Cisco Systems VPN Client 5.0.00.0340</div> <div>Cisco WebEx Meetings</div> <div>Credential Manager for HP ProtectTools</div> <div>ESET Online Scanner v3</div> <div>ESU for Microsoft Vista</div> <div>Everyone's Legal Forms 2007</div> <div>Ez-Architect 5</div> <div>GEAR driver installer for x86 and x64</div> <div>GearDrvs</div> <div>Google Chrome</div> <div>Google Earth</div> <div>Google Toolbar for Internet Explorer</div> <div>Google Update Helper</div> <div>Google Updater</div> <div>GoToMeeting 5.1.0.880</div> <div>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)</div> <div>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)</div> <div>HP Active Support Library</div> <div>HP Active Support Library 32 bit components</div> <div>HP Backup & Recovery Manager Installer</div> <div>HP BIOS Configuration for ProtectTools</div> <div>HP Customer Experience Enhancements</div> <div>HP Doc Viewer</div> <div>HP Easy Setup - Core</div> <div>HP Easy Setup - Frontend</div> <div>HP Help and Support</div> <div>HP Notebook Accessories Product Tour</div> <div>HP Product Detection</div> <div>HP ProtectTools Security Manager</div> <div>HP Quick Launch Buttons</div> <div>HP Update</div> <div>HP User Guides 0064</div> <div>HP Wireless Assistant</div> <div>HPAsset component for HP Active Support Library</div> <div>HPNetworkAssistant</div> <div>Intel® Graphics Media Accelerator Driver</div> <div>Intel® TV Wizard</div> <div>InterVideo DVD Check</div> <div>InterVideo Register Manager</div> <div>InterVideo WinDVD</div> <div>iTunes</div> <div>Java Auto Updater</div> <div>Java 6 Update 11</div> <div>Java 6 Update 3</div> <div>Java 6 Update 5</div> <div>Java 6 Update 7</div> <div>Java 7 Update 4</div> <div>Java SE Runtime Environment 6</div> <div>JavaFX 2.1.0</div> <div>join.me</div> <div>Junk Mail filter update</div> <div>LightScribe 1.6.43.1</div> <div>Malwarebytes Anti-Malware version 1.62.0.1300</div> <div>Microsoft .NET Framework 1.1</div> <div>Microsoft .NET Framework 1.1 Security Update (KB2416447)</div> <div>Microsoft .NET Framework 1.1 Security Update (KB979906)</div> <div>Microsoft .NET Framework 3.5 SP1</div> <div>Microsoft .NET Framework 4 Client Profile</div> <div>Microsoft Application Error Reporting</div> <div>Microsoft Choice Guard</div> <div>Microsoft IntelliPoint 6.3</div> <div>Microsoft Office 2003 Web Components</div> <div>Microsoft Office 2007 Primary Interop Assemblies</div> <div>Microsoft Office 2007 Service Pack 3 (SP3)</div> <div>Microsoft Office Access MUI (English) 2007</div> <div>Microsoft Office Access Setup Metadata MUI (English) 2007</div> <div>Microsoft Office Excel MUI (English) 2007</div> <div>Microsoft Office File Validation Add-In</div> <div>Microsoft Office Live Add-in 1.5</div> <div>Microsoft Office Outlook MUI (English) 2007</div> <div>Microsoft Office PowerPoint MUI (English) 2007</div> <div>Microsoft Office Professional Hybrid 2007</div> <div>Microsoft Office Project 2007 Service Pack 3 (SP3)</div> <div>Microsoft Office Project MUI (English) 2007</div> <div>Microsoft Office Project Professional 2007</div> <div>Microsoft Office Proof (English) 2007</div> <div>Microsoft Office Proof (French) 2007</div> <div>Microsoft Office Proof (Spanish) 2007</div> <div>Microsoft Office Proofing (English) 2007</div> <div>Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div> <div>Microsoft Office Publisher MUI (English) 2007</div> <div>Microsoft Office Shared MUI (English) 2007</div> <div>Microsoft Office Shared Setup Metadata MUI (English) 2007</div> <div>Microsoft Office Small Business Connectivity Components</div> <div>Microsoft Office Visio 2007 Service Pack 3 (SP3)</div> <div>Microsoft Office Visio MUI (English) 2007</div> <div>Microsoft Office Visio Professional 2007</div> <div>Microsoft Office Word MUI (English) 2007</div> <div>Microsoft Silverlight</div> <div>Microsoft SQL Server 2005</div> <div>Microsoft SQL Server 2005 Compact Edition [ENU]</div> <div>Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)</div> <div>Microsoft SQL Server Native Client</div> <div>Microsoft SQL Server Setup Support Files (English)</div> <div>Microsoft SQL Server VSS Writer</div> <div>Microsoft Sync Framework Runtime Native v1.0 (x86)</div> <div>Microsoft Sync Framework Services Native v1.0 (x86)</div> <div>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053</div> <div>Microsoft Visual C++ 2005 Redistributable</div> <div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148</div> <div>MobileMe Control Panel</div> <div>Mozilla Firefox (3.6.15)</div> <div>MSCU for Microsoft Vista</div> <div>MSVCRT</div> <div>MSXML 4.0 SP2 (KB936181)</div> <div>MSXML 4.0 SP2 (KB941833)</div> <div>MSXML 4.0 SP2 (KB954430)</div> <div>MSXML 4.0 SP2 (KB973688)</div> <div>NetMind Configuration System</div> <div>NetMind Hotlist Manager</div> <div>NetMind Profile Manager</div> <div>NetMind Workflow System</div> <div>Nortel VPN Client</div> <div>Norton 360</div> <div>Octoshape add-in for Adobe Flash Player</div> <div>OGA Notifier 2.0.0048.0</div> <div>OpenOffice.org Installer 1.0</div> <div>Oracle Data Provider for .NET Help</div> <div>PDF Complete Corporate Edition</div> <div>QuickTime</div> <div>Roxio Creator Tools</div> <div>Roxio Express Labeler 3</div> <div>Safari</div> <div>Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)</div> <div>Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)</div> <div>Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition </div> <div>Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition </div> <div>Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition</div> <div>Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition</div> <div>Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition</div> <div>Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition </div> <div>Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition </div> <div>Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition</div> <div>Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition</div> <div>Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition </div> <div>Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition </div> <div>Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition</div> <div>Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition</div> <div>Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition</div> <div>Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition </div> <div>Sonic Activation Module</div> <div>SoundMAX</div> <div>Symantec Technical Support Advanced Chat Controls</div> <div>Synaptics Pointing Device Driver</div> <div>TeamViewer 7</div> <div>Update for 2007 Microsoft Office System (KB967642)</div> <div>Update for Microsoft .NET Framework 3.5 SP1 (KB963707)</div> <div>Update for Microsoft .NET Framework 4 Client Profile (KB2468871)</div> <div>Update for Microsoft .NET Framework 4 Client Profile (KB2533523)</div> <div>Update for Microsoft .NET Framework 4 Client Profile (KB2600217)</div> <div>Update for Microsoft Office 2007 Help for Common Features (KB963673)</div> <div>Update for Microsoft Office Access 2007 Help (KB963663)</div> <div>Update for Microsoft Office Excel 2007 Help (KB963678)</div> <div>Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition</div> <div>Update for Microsoft Office Outlook 2007 Help (KB963677)</div> <div>Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition</div> <div>Update for Microsoft Office Powerpoint 2007 Help (KB963669)</div> <div>Update for Microsoft Office Project 2007 Help (KB963668)</div> <div>Update for Microsoft Office Publisher 2007 Help (KB963667)</div> <div>Update for Microsoft Office Script Editor Help (KB963671)</div> <div>Update for Microsoft Office Visio 2007 Help (KB963666)</div> <div>Update for Microsoft Office Word 2007 Help (KB963665)</div> <div>Vista Default Settings</div> <div>VMware Server</div> <div>Windows Live Call</div> <div>Windows Live Communications Platform</div> <div>Windows Live Essentials</div> <div>Windows Live Family Safety</div> <div>Windows Live ID Sign-in Assistant</div> <div>Windows Live Mail</div> <div>Windows Live Messenger</div> <div>Windows Live Movie Maker</div> <div>Windows Live OneCare safety scanner</div> <div>Windows Live Photo Gallery</div> <div>Windows Live Sync</div> <div>Windows Live Toolbar</div> <div>Windows Live Upload Tool</div> <div>Windows Live Writer</div> <div>Windows Resource Kit Tools - SubInAcl.exe</div> <div>Yahoo! BrowserPlus 2.9.8</div> <div>Yahoo! Messenger</div> <div>Yahoo! Software Update</div> <div>Yahoo! Toolbar</div> <div>Yontoo 1.10.02</div> <div>.</div> <div>==== Event Viewer Messages From Past Week ========</div> <div>.</div> <div>8/9/2012 12:09:44 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.</div> <div>8/9/2012 12:09:44 PM, Error: SRTSP [4] - Error loading virus definitions.</div> <div>8/9/2012 12:09:44 PM, Error: Service Control Manager [7000] - </div> <div>8/9/2012 10:25:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}</div> <div>8/9/2012 10:11:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}</div> <div>8/9/2012 10:11:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}</div> <div>8/9/2012 10:07:50 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .</div> <div>8/9/2012 10:07:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}</div> <div>8/8/2012 10:08:19 AM, Error: volsnap [14] - The shadow copies of volume G: were aborted because of an IO failure on volume G:.</div> <div>8/7/2012 2:47:49 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_E4C76D50\0000 disappeared from the system without first being prepared for removal.</div> <div>8/7/2012 12:59:12 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.</div> <div>8/7/2012 12:48:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}</div> <div>.</div> <div>==== End Of File ===========================</div> <div> </div>
- August 9, 2012
- 17 replies
help cleaning Zeroaccess!inf

djjeetu replied to djjeetu's topic in Resolved Malware Removal Logs

<p> </p> <div>.</div> <div>DDS (Ver_2011-08-26.01) - NTFSx86 </div> <div>Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1</div> <div>Run by Harish at 12:13:21 on 2012-08-09</div> <div>Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3062.1600 [GMT -4:00]</div> <div>.</div> <div>AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}</div> <div>AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}</div> <div>SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}</div> <div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div>SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}</div> <div>FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}</div> <div>.</div> <div>============== Running Processes ===============</div> <div>.</div> <div>C:\Windows\system32\wininit.exe</div> <div>C:\Windows\system32\lsm.exe</div> <div>C:\Windows\system32\svchost.exe -k DcomLaunch</div> <div>C:\Windows\System32\svchost.exe -k Cognizance</div> <div>C:\Windows\system32\svchost.exe -k rpcss</div> <div>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted</div> <div>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted</div> <div>C:\Windows\system32\svchost.exe -k netsvcs</div> <div>C:\Windows\system32\svchost.exe -k GPSvcGroup</div> <div>C:\Windows\system32\SLsvc.exe</div> <div>C:\Windows\system32\svchost.exe -k LocalService</div> <div>C:\Windows\system32\Hpservice.exe</div> <div>C:\Windows\system32\svchost.exe -k NetworkService</div> <div>C:\Windows\System32\spoolsv.exe</div> <div>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork</div> <div>C:\Windows\system32\Dwm.exe</div> <div>C:\Windows\system32\taskeng.exe</div> <div>C:\Windows\Explorer.EXE</div> <div>C:\Windows\system32\taskeng.exe</div> <div>C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe</div> <div>C:\Windows\system32\AEADISRV.EXE</div> <div>C:\Windows\system32\agrsmsvc.exe</div> <div>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div> <div>C:\Program Files\Microsoft\BingBar\7.1.382.0\BBSvc.exe</div> <div>C:\Program Files\Bonjour\mDNSResponder.exe</div> <div>C:\Windows\system32\svchost.exe -k bthsvcs</div> <div>C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe</div> <div>C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe</div> <div>C:\Program Files\Common Files\LightScribe\LSSrvc.exe</div> <div>C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe</div> <div>C:\Program Files\PDF Complete\pdfsvc.exe</div> <div>c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe</div> <div>c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe</div> <div>C:\Windows\system32\svchost.exe -k imgsvc</div> <div>C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe</div> <div>C:\Program Files\VMware\VMware Server\vmware-authd.exe</div> <div>C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe</div> <div>C:\Windows\system32\vmnat.exe</div> <div>C:\Windows\System32\svchost.exe -k WerSvcGroup</div> <div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</div> <div>C:\Windows\system32\SearchIndexer.exe</div> <div>C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe</div> <div>C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe</div> <div>C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe</div> <div>C:\Windows\system32\vmnetdhcp.exe</div> <div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe</div> <div>C:\Windows\system32\igfxsrvc.exe</div> <div>C:\Windows\system32\taskeng.exe</div> <div>C:\Program Files\VMware\VMware Server\vmserverdWin32.exe</div> <div>C:\Program Files\AVAST Software\Avast\AvastUI.exe</div> <div>C:\Windows\system32\DllHost.exe</div> <div>C:\Windows\system32\wbem\wmiprvse.exe</div> <div>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation</div> <div>C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe</div> <div>C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe</div> <div>C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe</div> <div>C:\Windows\SMINST\scheduler.exe</div> <div>c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe</div> <div>C:\Windows\system32\SearchProtocolHost.exe</div> <div>C:\Windows\system32\SearchFilterHost.exe</div> <div>C:\Windows\system32\WUDFHost.exe</div> <div>C:\Windows\System32\mobsync.exe</div> <div>C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</div> <div>C:\Windows\system32\DllHost.exe</div> <div>C:\Windows\system32\DllHost.exe</div> <div>C:\Windows\system32\wbem\wmiprvse.exe</div> <div>.</div> <div>============== Pseudo HJT Report ===============</div> <div>.</div> <div>uStart Page = hxxp://www.agilisinternational.com/</div> <div>mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop</div> <div>uInternet Settings,ProxyServer = proxy.bls.com:8080</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll</div> <div>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll</div> <div>BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File</div> <div>BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll</div> <div>BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL</div> <div>BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll</div> <div>BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll</div> <div>BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll</div> <div>BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll</div> <div>BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll</div> <div>BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll</div> <div>BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll</div> <div>BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll</div> <div>BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll</div> <div>BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll</div> <div>TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll</div> <div>TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll</div> <div>TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll</div> <div>TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll</div> <div>TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll"</div> <div>TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll</div> <div>TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll</div> <div>mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui</div> <div>mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)</div> <div>mPolicies-system: EnableUIADesktopToggle = 0 (0x0)</div> <div>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll</div> <div>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL</div> <div>LSP: mswsock.dll</div> <div>DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab</div> <div>DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab</div> <div>DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP1-11759/event/ieatgpc1.cab</div> <div>TCP: Interfaces\{13258AD6-BD51-4005-AB9E-8F808C3AC8B2} : NameServer = 4.2.2.2</div> <div>TCP: Interfaces\{3FDF843A-6005-4B8F-806B-C520110037DA} : DhcpNameServer = 192.168.40.78 4.2.2.2 8.8.8.8</div> <div>Notify: igfxcui - igfxdev.dll</div> <div>AppInit_DLLs: c:\windows\system32\APSHook.dll</div> <div>mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"</div> <div>.</div> <div>================= FIREFOX ===================</div> <div>.</div> <div>FF - ProfilePath - c:\users\harish\appdata\roaming\mozilla\firefox\profiles\axvvtmuj.default\</div> <div>FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=</div> <div>FF - prefs.js: browser.search.selectedEngine - Ask.com</div> <div>FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=WLEM&ocid=bb7hp</div> <div>FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_031&u=USERGUID&q=</div> <div>FF - prefs.js: network.proxy.ftp - proxy.bls.com</div> <div>FF - prefs.js: network.proxy.ftp_port - 8080</div> <div>FF - prefs.js: network.proxy.gopher - proxy.bls.com</div> <div>FF - prefs.js: network.proxy.gopher_port - 8080</div> <div>FF - prefs.js: network.proxy.http - proxy.bls.com</div> <div>FF - prefs.js: network.proxy.http_port - 8080</div> <div>FF - prefs.js: network.proxy.socks - proxy.bls.com</div> <div>FF - prefs.js: network.proxy.socks_port - 8080</div> <div>FF - prefs.js: network.proxy.ssl - proxy.bls.com</div> <div>FF - prefs.js: network.proxy.ssl_port - 8080</div> <div>FF - prefs.js: network.proxy.type - 0</div> <div>FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\ipsffplgn\components\IPSFFPl.dll</div> <div>FF - component: c:\users\harish\appdata\roaming\mozilla\firefox\profiles\axvvtmuj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll</div> <div>FF - component: c:\users\harish\appdata\roaming\mozilla\firefox\profiles\axvvtmuj.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\components\dtTransparency.dll</div> <div>FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll</div> <div>FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll</div> <div>FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll</div> <div>FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll</div> <div>FF - plugin: c:\program files\java\jre7\bin\npjpi170_04.dll</div> <div>FF - plugin: c:\program files\microsoft\office live\npOLW.dll</div> <div>FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll</div> <div>FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll</div> <div>FF - plugin: c:\users\harish\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll</div> <div>FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll</div> <div>FF - plugin: c:\windows\system32\npDeployJava1.dll</div> <div>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</div> <div>FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div> <div>FF - Ext: Yontoo: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com</div> <div>FF - Ext: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - %profile%\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}</div> <div>FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}</div> <div>FF - Ext: Performance Cache: vbapxexskl@vbapxexskl.org - %profile%\extensions\vbapxexskl@vbapxexskl.org</div> <div>FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension</div> <div>FF - Ext: Norton Vulnerability Protection: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\IPSFFPlgn</div> <div>.</div> <div>---- FIREFOX POLICIES ----</div> <div>FF - user.js: extentions.y2layers.installId - 4d7ae60f-10df-4d4e-ae19-7c048112865b</div> <div>FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,</div> <div>FF - user.js: extensions.autoDisableScopes - 14</div> <div>FF - user.js: security.csp.enable - false</div> <div>FF - user.js: yahoo.ytff.general.dontshowhpoffer - true</div> <div>.</div> <div>============= SERVICES / DRIVERS ===============</div> <div>.</div> <div>R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\symds.sys [2012-5-18 340088]</div> <div>R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\symefa.sys [2012-5-18 905336]</div> <div>R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\definitions\bashdefs\20120804.001\BHDrvx86.sys [2012-8-8 821920]</div> <div>R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys [2012-5-18 132744]</div> <div>R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\ironx86.sys [2012-5-18 149624]</div> <div>R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys [2012-5-18 345208]</div> <div>R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]</div> <div>R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-9-29 21504]</div> <div>R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-9-29 21504]</div> <div>R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.382.0\BBSvc.EXE [2012-4-16 193616]</div> <div>R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-29 21504]</div> <div>R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-8-7 26168]</div> <div>R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-23 655944]</div> <div>R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccsvchst.exe [2012-5-18 138232]</div> <div>R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-7-3 799256]</div> <div>R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-7-23 2673064]</div> <div>R2 vmserverdWin32;VMware Registration Service;c:\program files\vmware\vmware server\vmserverdWin32.exe [2008-8-1 1650782]</div> <div>R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-3 179712]</div> <div>R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-5-12 227896]</div> <div>R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]</div> <div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-23 22344]</div> <div>R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]</div> <div>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]</div> <div>S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-13 136176]</div> <div>S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-29 250056]</div> <div>S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.382.0\SeaPort.EXE [2012-4-16 240208]</div> <div>S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-28 54632]</div> <div>S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]</div> <div>S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-13 136176]</div> <div>S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]</div> <div>S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]</div> <div>S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]</div> <div>.</div> <div>=============== Created Last 30 ================</div> <div>.</div> <div>2012-08-09 14:56:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$RECYCLE.BIN</div> <div>2012-08-08 22:44:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\FRST</div> <div>2012-08-08 20:04:09<span class="Apple-tab-span" style="white-space:pre"> </span>721000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswSnx.sys</div> <div>2012-08-08 20:04:04<span class="Apple-tab-span" style="white-space:pre"> </span>57656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswMonFlt.sys</div> <div>2012-08-08 20:02:01<span class="Apple-tab-span" style="white-space:pre"> </span>41224<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\avastSS.scr</div> <div>2012-08-08 20:00:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVAST Software</div> <div>2012-08-08 20:00:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVAST Software</div> <div>2012-08-08 19:29:23<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\pss</div> <div>2012-08-07 17:41:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ESET</div> <div>2012-07-24 14:05:44<span class="Apple-tab-span" style="white-space:pre"> </span>98816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\sed.exe</div> <div>2012-07-24 14:05:44<span class="Apple-tab-span" style="white-space:pre"> </span>518144<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SWREG.exe</div> <div>2012-07-24 14:05:44<span class="Apple-tab-span" style="white-space:pre"> </span>256000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\PEV.exe</div> <div>2012-07-24 14:05:44<span class="Apple-tab-span" style="white-space:pre"> </span>208896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\MBR.exe</div> <div>2012-07-23 20:48:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\harish\appdata\roaming\Malwarebytes</div> <div>2012-07-23 20:47:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div> <div>2012-07-23 20:47:39<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-07-23 20:47:39<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div> <div>2012-07-23 20:41:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\harish\appdata\local\Macromedia</div> <div>2012-07-23 20:22:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\harish\temp</div> <div>2012-07-19 23:17:05<span class="Apple-tab-span" style="white-space:pre"> </span>2047488<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div> <div>2012-07-19 15:48:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iPod</div> <div>2012-07-19 15:48:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes</div> <div>2012-07-11 15:46:41<span class="Apple-tab-span" style="white-space:pre"> </span>708608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\common files\system\ado\msado15.dll</div> <div>2012-07-11 15:46:36<span class="Apple-tab-span" style="white-space:pre"> </span>1401856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml6.dll</div> <div>2012-07-11 15:46:35<span class="Apple-tab-span" style="white-space:pre"> </span>1248768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml3.dll</div> <div>2012-07-11 15:44:47<span class="Apple-tab-span" style="white-space:pre"> </span>440704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\ksecdd.sys</div> <div>2012-07-11 15:44:47<span class="Apple-tab-span" style="white-space:pre"> </span>278528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\schannel.dll</div> <div>2012-07-11 15:44:47<span class="Apple-tab-span" style="white-space:pre"> </span>204288<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ncrypt.dll</div> <div>.</div> <div>==================== Find3M ====================</div> <div>.</div> <div>2012-08-07 18:02:38<span class="Apple-tab-span" style="white-space:pre"> </span>70344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div> <div>2012-08-07 18:02:38<span class="Apple-tab-span" style="white-space:pre"> </span>426184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerApp.exe</div> <div>2012-06-02 22:12:32<span class="Apple-tab-span" style="white-space:pre"> </span>2422272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wucltux.dll</div> <div>2012-06-02 22:12:13<span class="Apple-tab-span" style="white-space:pre"> </span>88576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wudriver.dll</div> <div>2012-06-02 19:19:42<span class="Apple-tab-span" style="white-space:pre"> </span>171904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuwebv.dll</div> <div>2012-06-02 19:12:20<span class="Apple-tab-span" style="white-space:pre"> </span>33792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapp.exe</div> <div>2012-06-02 08:33:25<span class="Apple-tab-span" style="white-space:pre"> </span>1800192<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\jscript9.dll</div> <div>2012-06-02 08:25:08<span class="Apple-tab-span" style="white-space:pre"> </span>1129472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wininet.dll</div> <div>2012-06-02 08:25:03<span class="Apple-tab-span" style="white-space:pre"> </span>1427968<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\inetcpl.cpl</div> <div>2012-06-02 08:20:33<span class="Apple-tab-span" style="white-space:pre"> </span>142848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ieUnatt.exe</div> <div>2012-06-02 08:16:52<span class="Apple-tab-span" style="white-space:pre"> </span>2382848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mshtml.tlb</div> <div>.</div> <div>============= FINISH: 12:19:15.15 ===============</div> <div> </div>
- August 9, 2012
- 17 replies
help cleaning Zeroaccess!inf

djjeetu posted a topic in Resolved Malware Removal Logs

norton found zeroaccess!inf. combofix said its in /system32 service.exe file I need help cleaning it. i ran gmar. windows vista thank you gmar.txt
- August 9, 2012
- 17 replies

Sign In

djjeetu

Posts

Joined

Last visited

Reputation

help cleaning Zeroaccess!inf

help cleaning Zeroaccess!inf

help cleaning Zeroaccess!inf

help cleaning Zeroaccess!inf

help cleaning Zeroaccess!inf

help cleaning Zeroaccess!inf

help cleaning Zeroaccess!inf

help cleaning Zeroaccess!inf

help cleaning Zeroaccess!inf

help cleaning Zeroaccess!inf

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information