Jump to content

marycontrary

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by marycontrary

  1. I ran tdsskiller again and this time it found nothing. I think It's clean. Do you agree? Thanks, Mary
  2. Thanks, Here are the logs you asked for. ComboFix 11-03-08.02 - HP_Owner 03/08/2011 15:33:30.2.1 - x86 Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Quicktime\QTTask.exe . . ((((((((((((((((((((((((( Files Created from 2011-02-08 to 2011-03-08 ))))))))))))))))))))))))))))))) . . 2011-03-08 21:27 . 2011-03-08 21:27 -------- d-----w- c:\windows\LastGood 2011-03-07 05:57 . 2011-03-07 05:57 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Avira 2011-03-07 05:37 . 2011-01-10 20:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-07 05:37 . 2011-01-10 20:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-07 05:37 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-03-07 05:37 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-03-07 05:37 . 2011-03-07 05:37 -------- d-----w- c:\program files\Avira 2011-03-07 05:37 . 2011-03-07 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-03-07 05:22 . 2011-03-07 05:22 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\WMTools Downloaded Files 2011-03-07 05:21 . 2010-12-20 23:59 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2011-03-07 05:21 . 2010-12-20 23:59 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2011-03-07 05:21 . 2010-12-20 23:59 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2011-03-07 05:13 . 2011-03-07 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-03-07 05:13 . 2011-03-07 05:13 -------- d-----w- c:\program files\AVAST Software 2011-03-06 19:46 . 2010-09-07 21:39 150392 ----a-w- c:\windows\junction.exe 2011-03-06 17:38 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-06 17:38 . 2011-03-06 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-06 17:38 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-06 01:57 . 2011-03-06 01:57 -------- d-sh--w- c:\documents and settings\HP_Owner\PrivacIE 2011-03-06 01:47 . 2011-03-06 01:47 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com 2011-03-06 01:46 . 2011-03-06 01:46 -------- d-sh--w- c:\documents and settings\HP_Owner\IETldCache 2011-03-05 10:14 . 2011-03-05 10:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-03-05 09:51 . 2011-03-05 09:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-03-05 09:13 . 2011-03-05 09:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-03-05 09:00 . 2011-03-05 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-03-05 09:00 . 2011-03-05 09:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-03-05 08:34 . 2011-03-05 08:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan 2011-03-05 08:13 . 2011-03-05 08:13 -------- d-----w- c:\program files\Bing Bar Installer 2011-03-05 08:13 . 2011-03-05 08:13 -------- d-----w- c:\program files\Unlocker 2011-03-05 07:27 . 2011-03-05 07:28 -------- dc-h--w- c:\windows\ie8 2011-03-05 07:26 . 2011-03-05 08:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\OpenCandy 2011-03-05 07:26 . 2011-03-05 08:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenCandy 2011-03-05 05:54 . 2011-03-05 05:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2011-03-05 05:51 . 2011-03-05 05:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\f-secure 2011-03-05 05:50 . 2011-03-05 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2011-03-05 05:00 . 2011-03-05 05:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2011-03-05 04:42 . 2011-03-05 04:42 -------- d--h--w- c:\windows\PIF 2011-03-05 04:41 . 2011-03-05 04:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org 2011-02-22 18:37 . 2011-02-22 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\oAnMjCi06511 2011-02-21 22:51 . 2011-02-24 21:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-02-21 22:50 . 2011-02-21 22:51 -------- d-----w- c:\program files\Eprom5.0C 2011-02-21 22:50 . 2011-02-21 22:50 5152 ----a-w- c:\windows\system32\drivers\io.sys 2011-02-21 22:49 . 2003-07-19 21:51 46592 ----a-w- c:\windows\system32\io.dll 2011-02-21 22:49 . 2003-07-19 21:51 46592 ----a-w- c:\windows\system\io.dll 2011-02-21 22:49 . 2003-07-19 21:51 46592 ----a-w- c:\windows\io.dll 2011-02-21 22:49 . 2011-02-21 22:49 -------- d-----w- c:\program files\EPROM50 2011-02-16 08:40 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-02-16 08:40 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-02-16 08:40 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-02-16 08:39 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-02-16 08:24 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-02-15 21:34 . 2005-02-02 00:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys 2011-02-15 21:34 . 2003-10-13 21:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll 2011-02-15 21:34 . 2003-09-26 05:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD 2011-02-15 21:34 . 2003-09-26 04:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys 2011-02-15 21:34 . 2004-12-22 07:32 369024 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS 2011-02-15 21:34 . 2004-12-22 07:32 1396831 ----a-w- c:\windows\system32\AegisE5.dll 2011-02-15 21:34 . 2003-11-21 04:03 651264 ----a-w- c:\windows\system32\libeay32.dll 2011-02-15 21:34 . 2003-11-21 04:03 147456 ----a-w- c:\windows\system32\ssleay32.dll 2011-02-15 21:34 . 2011-02-15 21:34 -------- d-----w- c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-25 01:13 . 2009-04-16 01:05 119296 ----a-w- c:\windows\system32\zlib.dll 2011-02-15 21:34 . 2009-02-04 17:04 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys 2011-01-21 14:44 . 2009-02-04 13:59 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2009-02-04 15:05 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2009-02-04 14:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2009-02-04 13:57 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2009-02-04 14:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2009-02-04 13:57 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2009-02-04 13:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2009-02-04 13:57 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2009-02-04 13:57 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2004-08-04 19:00 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2009-02-04 13:56 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42 . 2004-08-04 19:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2004-08-04 19:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-03-06_17.29.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2011-03-08 21:25 . 2011-03-08 21:25 16384 c:\windows\temp\Perflib_Perfdata_27c.dat - 2009-02-04 13:57 . 2009-03-08 10:31 66560 c:\windows\system32\mshtmled.dll + 2009-02-04 13:57 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll + 2007-08-14 00:54 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll - 2007-08-14 00:54 . 2009-03-08 10:31 55296 c:\windows\system32\msfeedsbs.dll + 2009-02-04 13:57 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll - 2009-02-04 13:57 . 2009-03-08 10:33 25600 c:\windows\system32\jsproxy.dll + 2011-03-07 05:37 . 2010-06-17 20:27 28520 c:\windows\system32\drivers\ssmdrv.sys - 2007-08-14 00:54 . 2009-03-08 10:31 66560 c:\windows\system32\dllcache\mshtmled.dll + 2007-08-14 00:54 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll - 2009-02-05 03:02 . 2009-03-08 10:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-02-05 03:02 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2007-08-14 00:44 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll - 2007-08-14 00:54 . 2009-03-08 10:33 25600 c:\windows\system32\dllcache\jsproxy.dll + 2007-08-14 00:54 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll + 2011-03-07 06:34 . 2009-03-08 10:33 12288 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll + 2011-03-07 06:34 . 2009-03-08 10:31 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll + 2011-03-07 06:34 . 2009-03-08 10:31 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll + 2011-03-07 06:34 . 2009-03-08 10:34 43008 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll + 2011-03-07 06:34 . 2009-03-08 10:33 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll + 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll - 2009-02-04 14:00 . 2009-03-08 10:33 420352 c:\windows\system32\vbscript.dll + 2009-02-04 14:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll + 2009-02-04 13:58 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll + 2009-02-04 13:58 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll - 2009-02-04 13:58 . 2009-03-08 10:32 611840 c:\windows\system32\mstime.dll + 2007-08-14 00:54 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll + 2011-03-06 19:37 . 2011-03-06 19:37 235168 c:\windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe + 2009-02-04 13:57 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll - 2009-02-04 13:57 . 2009-03-08 10:33 726528 c:\windows\system32\jscript.dll + 2009-02-04 13:57 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll + 2009-02-04 13:57 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll + 2009-02-04 13:57 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe + 2009-02-05 01:30 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll - 2007-08-14 00:54 . 2009-03-08 10:33 420352 c:\windows\system32\dllcache\vbscript.dll + 2007-08-14 00:54 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll + 2007-08-14 00:44 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll - 2007-08-14 00:54 . 2009-03-08 10:32 611840 c:\windows\system32\dllcache\mstime.dll + 2007-08-14 00:54 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll + 2009-02-05 03:02 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll - 2007-08-14 00:38 . 2009-03-08 10:33 726528 c:\windows\system32\dllcache\jscript.dll + 2007-08-14 00:38 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll + 2007-08-14 00:54 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll + 2007-08-14 00:39 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2007-08-14 00:39 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe + 2011-03-07 05:34 . 2011-03-07 05:34 219648 c:\windows\Installer\23b8f.msi + 2011-03-07 06:34 . 2009-03-08 10:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll + 2011-03-07 06:34 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll + 2011-03-07 06:34 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe + 2011-03-07 06:34 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll + 2011-03-07 06:34 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe + 2011-03-07 06:34 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll + 2011-03-07 06:33 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll + 2011-03-07 06:33 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe + 2011-03-07 06:33 . 2009-03-08 10:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll + 2011-03-07 06:34 . 2009-03-08 10:34 914944 c:\windows\ie8updates\KB2482017-IE8\wininet.dll + 2011-03-07 06:34 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll + 2011-03-07 06:34 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe + 2011-03-07 06:34 . 2009-03-08 10:34 109568 c:\windows\ie8updates\KB2482017-IE8\occache.dll + 2011-03-07 06:34 . 2009-03-08 10:32 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll + 2011-03-07 06:34 . 2009-03-08 10:32 594432 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll + 2011-03-07 06:34 . 2009-03-08 10:33 246784 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll + 2011-03-07 06:34 . 2009-03-08 10:31 183808 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll + 2011-03-07 06:34 . 2009-03-08 10:35 742912 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll + 2011-03-07 06:34 . 2009-03-08 20:09 391536 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll + 2011-03-07 06:34 . 2009-03-08 10:32 173056 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe + 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll + 2009-02-04 14:00 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll + 2009-02-04 13:57 . 2010-12-20 23:59 5961216 c:\windows\system32\mshtml.dll + 2009-07-18 03:21 . 2011-03-06 19:37 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2007-08-14 00:34 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll + 2009-02-05 01:30 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll + 2009-02-05 01:29 . 2010-12-20 23:59 5961216 c:\windows\system32\dllcache\mshtml.dll + 2009-02-05 03:02 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll + 2011-03-07 06:34 . 2009-03-08 10:34 1206784 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll + 2011-03-07 06:34 . 2009-03-08 10:41 5937152 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll + 2011-03-07 06:34 . 2009-03-08 10:32 1985024 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll + 2007-08-14 00:54 . 2010-12-21 11:29 11080704 c:\windows\system32\ieframe.dll + 2009-02-05 03:02 . 2010-12-21 11:29 11080704 c:\windows\system32\dllcache\ieframe.dll + 2011-03-07 06:34 . 2009-03-08 10:39 11063808 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] . c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] Shortcut to solixaworms.lnk - c:\documents and settings\HP_Owner\Desktop\New Folder\WA stuff\SolixaWorms\SolixaWorms\solixaworms.exe [2008-11-12 1753088] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-04-12 07:10 65536 ----a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] 2005-04-07 00:53 2805248 ----a-w- c:\windows\ALCWZRD.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExtraWebcam] 2010-05-31 07:15 1590584 ----a-w- c:\program files\ExtraWebcam\ExtraWebcamLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-08 01:07 61952 ----a-w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2005-06-08 17:59 77824 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-12 07:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-01 13:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] 2005-05-11 00:50 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RECGUARD] 2004-04-14 20:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2004-12-14 02:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-03 02:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std] 2006-09-15 18:21 675840 ----a-w- c:\windows\vsnp2std.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-04-07 00:57 90112 ----a-w- c:\windows\SOUNDMAN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 10:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-02-04 17:06 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std] 2006-07-07 20:04 258048 ----a-w- c:\windows\tsnp2std.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] 2008-06-29 22:01 52168 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Team17\\Worms Armageddon\\WA.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Cain\\Cain.exe"= "c:\\Team17\\Copy of Worms Armageddon\\WA.exe"= "c:\\Program Files\\Pidgin\\pidgin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11145:TCP"= 11145:TCP:BitComet 11145 TCP "11145:UDP"= 11145:UDP:BitComet 11145 UDP . R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704] R3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\DRIVERS\zd1211u.sys [2004-11-29 258560] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336] S2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2011-02-21 5152] S3 EWC321024;ExtraWebcam 1024x768;c:\windows\system32\DRIVERS\ExtraWebcam_x32_1024.sys [2010-04-12 22912] S3 EWC32320;ExtraWebcam 320x240;c:\windows\system32\DRIVERS\ExtraWebcam_x32_320.sys [2010-04-12 22912] S3 EWC32640;ExtraWebcam 640x480;c:\windows\system32\DRIVERS\ExtraWebcam_x32_640.sys [2010-04-12 22912] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - SSMDRV . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\t25thz7i.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-08 15:40 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-03-08 15:43:12 ComboFix-quarantined-files.txt 2011-03-08 21:43 ComboFix2.txt 2011-03-06 17:33 . Pre-Run: 236,268,310,528 bytes free Post-Run: 236,268,929,024 bytes free . - - End Of File - - 8C4F3BFA3F1F60FD1298F89F1AB8BCAC . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 7-Zip 4.65 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 7.0 Agere Systems PCI Soft Modem AiO_Scan AiOSoftware Apple Application Support Apple Mobile Device Support Apple Software Update AutoHotkey 1.0.48.00 Avira AntiVir Personal - Free Antivirus Bing Bar BitComet 1.12 Bonjour BufferChm Cain & Abel v4.9.31 CameraDrivers CloneCD Core FTP LE 2.1 CP_AtenaShokunin1Config CP_CalendarTemplates1 CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config Critical Update for Windows Media Player 11 (KB959772) CueTour Destinations DeviceManagementQFolder DocProc DocumentViewer DocumentViewerQFolder Eprom PCB5.0C 0.98D9 EPROM PCB50a(0.98D10) ExtraWebcam 3.0.0.235 Fax GIMP 2.6.4 Google Toolbar for Internet Explorer GTK+ Runtime 2.14.7 rev a (remove only) High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB981793) HP Deskjet Printer Preload HP Document Viewer 5.3 HP Image Zone 5.3 HP Imaging Device Functions 5.3 HP Photosmart 330,380,420,470,7800,8000,8200 Series HP PSC & OfficeJet 5.3.B HP Solution Center & Imaging Support Tools 5.3 HPProductAssistant HpSdpAppCoreApp InstantShareDevices Intel® Graphics Media Accelerator Driver iTunes J2SE Runtime Environment 5.0 Java 6 Update 17 Java 6 Update 7 Linksys Wireless-G PCI Network Adapter with SpeedBooster Malwarebytes' Anti-Malware ManyCam 2.4 (remove only) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Mozilla Firefox (3.6.15) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 6 Enterprise Edition NewCopy OpenOffice.org 3.0 OpenPandora 0.7.0.6 Panda ActiveScan 2.0 PanoStandAlone PC-Doctor 5 for Windows PC VGA Camera PhotoGallery Pidgin Pinnacle Game Profiler PowerDVD PSPrinters08 PSTAPlugin Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QFolder QuickTime RandMap Readme RealPlayer Realtek High Definition Audio Driver RT2500 Wireless LAN Card Scan ScannerCopy Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SkinsHP1 SolutionCenter Sonic_PrimoSDK Status TrayApp Unload Unlocker 1.9.0 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB2.0 PC Camera (SN9C201&202) VirtualCloneDrive VLC media player 0.9.8a WA Update v3.50 beta2 WebFldrs XP WebReg Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinPcap 4.1 beta5 Worms Armageddon WWP Demo XBCD 1.07 XML Paper Specification Shared Components Pack 1.0 . ==== End Of File =========================== Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5993 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/8/2011 3:51:00 PM mbam-log-2011-03-08 (15-51-00).txt Scan type: Quick scan Objects scanned: 158167 Time elapsed: 4 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Do you want the 2nd txt file dds made that says it needs to be zipped? Mary
  3. Thanks Chris . DDS (Ver_11-03-05.01) - NTFSx86 Run by HP_Owner at 23:43:22.50 on Sun 03/06/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mURLSearchHooks: H - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\shortc~2.lnk - c:\documents and settings\hp_owner\desktop\new folder\wa stuff\solixaworms\solixaworms\solixaworms.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206 IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\t25thz7i.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2011-03-07 05:37:53 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-07 05:37:51 -------- d-----w- c:\program files\Avira 2011-03-07 05:37:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-03-07 05:22:09 -------- d-----w- c:\docume~1\hp_owner\locals~1\applic~1\WMTools Downloaded Files 2011-03-07 05:13:14 -------- d-----w- c:\program files\AVAST Software 2011-03-07 05:13:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software 2011-03-06 19:46:26 150392 ----a-w- c:\windows\junction.exe 2011-03-06 17:38:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-06 17:38:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-06 17:38:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-06 17:15:17 -------- d-sha-r- C:\cmdcons 2011-03-06 17:13:09 98816 ----a-w- c:\windows\sed.exe 2011-03-06 17:13:09 89088 ----a-w- c:\windows\MBR.exe 2011-03-06 17:13:09 256512 ----a-w- c:\windows\PEV.exe 2011-03-06 17:13:09 161792 ----a-w- c:\windows\SWREG.exe 2011-03-06 01:57:29 -------- d-sh--w- c:\documents and settings\hp_owner\PrivacIE 2011-03-06 01:47:19 -------- d-----w- c:\docume~1\hp_owner\applic~1\SUPERAntiSpyware.com 2011-03-06 01:46:36 -------- d-sh--w- c:\documents and settings\hp_owner\IETldCache 2011-03-05 09:00:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2011-03-05 08:13:23 -------- d-----w- c:\program files\Bing Bar Installer 2011-03-05 08:13:15 -------- d-----w- c:\program files\Unlocker 2011-03-05 07:27:10 -------- dc-h--w- c:\windows\ie8 2011-03-05 05:50:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure 2011-03-05 04:42:24 -------- d--h--w- c:\windows\PIF 2011-02-22 18:37:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\oAnMjCi06511 2011-02-21 22:50:59 -------- d-----w- c:\program files\Eprom5.0C 2011-02-21 22:50:07 5152 ----a-w- c:\windows\system32\drivers\io.sys 2011-02-21 22:49:48 46592 ----a-w- c:\windows\system32\io.dll 2011-02-21 22:49:48 46592 ----a-w- c:\windows\system\io.dll 2011-02-21 22:49:48 46592 ----a-w- c:\windows\io.dll 2011-02-21 22:49:47 -------- d-----w- c:\program files\EPROM50 2011-02-16 08:40:31 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-02-16 08:40:31 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-02-16 08:40:14 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-02-16 08:39:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-02-16 08:24:22 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-02-15 21:34:47 94208 ----a-w- c:\windows\system32\GTW32N50.dll 2011-02-15 21:34:47 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD 2011-02-15 21:34:47 17992 ----a-w- c:\windows\system32\bcm42rly.sys 2011-02-15 21:34:47 15872 ----a-w- c:\windows\system32\GTNDIS5.sys 2011-02-15 21:34:43 369024 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS 2011-02-15 21:34:42 651264 ----a-w- c:\windows\system32\libeay32.dll 2011-02-15 21:34:42 147456 ----a-w- c:\windows\system32\ssleay32.dll 2011-02-15 21:34:42 1396831 ----a-w- c:\windows\system32\AegisE5.dll 2011-02-15 21:34:36 -------- d-----w- c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster . ==================== Find3M ==================== . 2011-02-25 01:13:25 119296 ----a-w- c:\windows\system32\zlib.dll 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 23:44:19.81 =============== Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5975 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 3/6/2011 12:16:54 PM mbam-log-2011-03-06 (12-16-54).txt Scan type: Full scan (C:\|D:\|G:\|) Objects scanned: 260023 Time elapsed: 26 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 20 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\vbmaeba5.sys.vir (Trojan.Agent) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\WinSxS\x86_microsoft.windows.shell.hweventdetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll.vir (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0105217.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0105223.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0105241.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0105248.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0105257.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0105268.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0106268.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0106408.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0106415.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0106613.sys (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0106614.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0106616.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0106703.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0106816.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0106820.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0106913.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP533\A0107290.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully. c:\WINDOWS\vbmaeba5.vir (Trojan.Agent) -> Quarantined and deleted successfully. Thanks, Mary
  4. I ran malwarebytes a second time and it came up clean and that is the log I posted. If you would like to see the previous scan log, let me know TIA Mary
  5. Hi, My son brought me his xp home sp3 desktop for me to try to clean up. He had the system tools infection and was able to run malwarebytes. MWB wanted a restart to finish clean up and that's when things got weird. Running in safe mode with networking He could not get any clean up tools to run. Everything would start a scan then close down after short time, never to run again. This includes SIW, which would close upon me clicking the processes tab. Superantispyware identified trojandropper/svchost-fake before it closed down. I ran tdsskiller which found a rootkit named vbmae5.sys but was not able to delete and would reappear at boot. I used xp recovery console to rename vbmae5.sys to vbmae5.vir and I attempted to ren C:\windows\assembly\GAC\_assemblyinfo_.ini_.old but rec console was unable to find the file.I was then able to run malwarebytes which found a bunch and deleted. I ran hijackthis which looks ok to me. This rootkit broke firefox so I reinstalled it. Computer is running better. I ran gmer and it found more stuff which concerns me and I sure would appreciate it someone could look at these logs and give me further guidance. TIA, Mary mbam-log-2011-03-06 (13-31-04).txt hijackthis.log ark.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.