Jump to content

bmg

Honorary Members
 View Profile  See their activity

  • Posts

    129

  • Joined

  • Last visited

 Content Type 

Everything posted by bmg

  1. bmg
    ComboFix 11-05-31.01 - tim 05/31/2011 19:52:15.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1407 [GMT -4:00] Running from: c:\documents and settings\tim\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\tim\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ADS - WINDOWS: deleted 0 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\mB28258OoHkP28258 c:\documents and settings\All Users\Application Data\mB28258OoHkP28258\mB28258OoHkP28258 c:\program files\Lavasoft c:\program files\Lavasoft\Ad-Aware\AAWAdmin.exe c:\program files\Lavasoft\Ad-Aware\aawapi.dll c:\program files\Lavasoft\Ad-Aware\AAWService.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\program files\Lavasoft\Ad-Aware\Ad-Aware.exe c:\program files\Lavasoft\Ad-Aware\Ad-Aware_manual_EN.chm c:\program files\Lavasoft\Ad-Aware\Ad-Aware_manual_FR.chm c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe.aawbak c:\program files\Lavasoft\Ad-Aware\Ad-AwareCommand.exe c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe c:\program files\Lavasoft\Ad-Aware\AWSC.exe c:\program files\Lavasoft\Ad-Aware\AWSCUpdate.dll c:\program files\Lavasoft\Ad-Aware\CEAPI.dll c:\program files\Lavasoft\Ad-Aware\dbghelp.dll c:\program files\Lavasoft\Ad-Aware\drivers\32\AAWDriverTool.exe c:\program files\Lavasoft\Ad-Aware\drivers\32\DIFxAPI.dll c:\program files\Lavasoft\Ad-Aware\drivers\32\lbd.cat c:\program files\Lavasoft\Ad-Aware\drivers\32\lbd.inf c:\program files\Lavasoft\Ad-Aware\drivers\32\lbd.sys c:\program files\Lavasoft\Ad-Aware\drivers\64\AAWDriverTool.exe c:\program files\Lavasoft\Ad-Aware\drivers\64\DIFxAPI.dll c:\program files\Lavasoft\Ad-Aware\drivers\64\lbd.cat c:\program files\Lavasoft\Ad-Aware\drivers\64\lbd.inf c:\program files\Lavasoft\Ad-Aware\drivers\64\lbd.sys c:\program files\Lavasoft\Ad-Aware\drivers\AAWDriverTool.exe c:\program files\Lavasoft\Ad-Aware\drivers\DIFxAPI.dll c:\program files\Lavasoft\Ad-Aware\drivers\i386\sbaphd.sys c:\program files\Lavasoft\Ad-Aware\drivers\i386\sbapifs.sys c:\program files\Lavasoft\Ad-Aware\drivers\i386\sbapifsl.sys c:\program files\Lavasoft\Ad-Aware\drivers\lbd.cat c:\program files\Lavasoft\Ad-Aware\drivers\lbd.inf c:\program files\Lavasoft\Ad-Aware\drivers\lbd.sys c:\program files\Lavasoft\Ad-Aware\drivers\sbapifs.cat c:\program files\Lavasoft\Ad-Aware\drivers\sbapifs.inf c:\program files\Lavasoft\Ad-Aware\drivers\sbapifsl.cat c:\program files\Lavasoft\Ad-Aware\drivers\sbapx64.cat c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys c:\program files\Lavasoft\Ad-Aware\Languages\resource_de-DE.xml c:\program files\Lavasoft\Ad-Aware\Languages\resource_en-US.xml c:\program files\Lavasoft\Ad-Aware\Languages\resource_es-ES.xml c:\program files\Lavasoft\Ad-Aware\Languages\resource_fr-FR.xml c:\program files\Lavasoft\Ad-Aware\Languages\resource_it-IT.xml c:\program files\Lavasoft\Ad-Aware\Languages\resource_ja-JP.xml c:\program files\Lavasoft\Ad-Aware\Languages\resource_nl-NL.xml c:\program files\Lavasoft\Ad-Aware\Languages\resource_pt-PT.xml c:\program files\Lavasoft\Ad-Aware\Languages\resource_sv-SE.xml c:\program files\Lavasoft\Ad-Aware\Languages\resource_tr-TR.xml c:\program files\Lavasoft\Ad-Aware\Languages\resource_zh-CN.xml c:\program files\Lavasoft\Ad-Aware\Languages\resource_zh-TW.xml c:\program files\Lavasoft\Ad-Aware\Languages\ResourceAdmin.xml c:\program files\Lavasoft\Ad-Aware\lavalicense.dll c:\program files\Lavasoft\Ad-Aware\lavamessage.dll c:\program files\Lavasoft\Ad-Aware\Lavasoft Homepage.url c:\program files\Lavasoft\Ad-Aware\lsdelete.exe c:\program files\Lavasoft\Ad-Aware\metafile.dat c:\program files\Lavasoft\Ad-Aware\msvcr71.dll c:\program files\Lavasoft\Ad-Aware\Neutralize.dll c:\program files\Lavasoft\Ad-Aware\PrivacyClean.dll c:\program files\Lavasoft\Ad-Aware\Rebrand.dat c:\program files\Lavasoft\Ad-Aware\Resources.dll c:\program files\Lavasoft\Ad-Aware\Resources.dll.aawbak c:\program files\Lavasoft\Ad-Aware\Resources\Carbon.eGL c:\program files\Lavasoft\Ad-Aware\Resources\Default.eGL c:\program files\Lavasoft\Ad-Aware\Resources\Gold.eGL c:\program files\Lavasoft\Ad-Aware\Resources\Orange.eGL c:\program files\Lavasoft\Ad-Aware\Resources\Sedona.eGL c:\program files\Lavasoft\Ad-Aware\RPAPI.dll c:\program files\Lavasoft\Ad-Aware\savapi3client.dll c:\program files\Lavasoft\Ad-Aware\sbap.dll c:\program files\Lavasoft\Ad-Aware\SBRE.dll c:\program files\Lavasoft\Ad-Aware\SBTE.dll c:\program files\Lavasoft\Ad-Aware\ShellExt.dll c:\program files\Lavasoft\Ad-Aware\ShellExt.dll.aawbak c:\program files\Lavasoft\Ad-Aware\threatwork.exe c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\AutoStart Manager.exe c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Settings.xml c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gbottompic.bmp c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gbottompicp.bmp c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gtoppic.bmp c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gtoppicp.bmp c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\skin.xml c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\SO.dll c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\de.xml c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\en.xml c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\es.xml c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\fr.xml c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\it.xml c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\ja.xml c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\nl.xml c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\pr.xml c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\zh-cmn-Hans.xml c:\program files\Lavasoft\Ad-Aware\ToolBox\AutoStart Manager\Translations\zh-cmn-Hant.xml c:\program files\Lavasoft\Ad-Aware\ToolBox\LT\Extras.LGFF c:\program files\Lavasoft\Ad-Aware\ToolBox\LT\HostFileEditor.exe c:\program files\Lavasoft\Ad-Aware\ToolBox\LT\Lang\DE.lslang c:\program files\Lavasoft\Ad-Aware\ToolBox\LT\Lang\EN.lslang c:\program files\Lavasoft\Ad-Aware\ToolBox\LT\Lang\ES.lslang c:\program files\Lavasoft\Ad-Aware\ToolBox\LT\Lang\FL.lslang c:\program files\Lavasoft\Ad-Aware\ToolBox\LT\Lang\FR.lslang c:\program files\Lavasoft\Ad-Aware\ToolBox\LT\Lang\IT.lslang c:\program files\Lavasoft\Ad-Aware\ToolBox\LT\Lang\NL.lslang c:\program files\Lavasoft\Ad-Aware\ToolBox\LT\Lang\PT.lslang c:\program files\Lavasoft\Ad-Aware\ToolBox\LT\ProcessWatch.dll c:\program files\Lavasoft\Ad-Aware\ToolBox\LT\ProcessWatch.exe c:\program files\Lavasoft\Ad-Aware\unrar.dll c:\program files\Lavasoft\Ad-Aware\UpdateManager.dll c:\program files\Lavasoft\Ad-Aware\UpdateManager.dll.aawbak c:\program files\Lavasoft\Ad-Aware\Vipre.dll c:\program files\Lavasoft\Ad-Aware\VipreBridge.dll c:\program files\Lavasoft\Ad-Aware\WSCUpdate.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_Lavasoft_Ad-Aware_Service -------\Legacy_Lavasoft_Ad-Aware_Service -------\Service_Lavasoft Ad-Aware Service -------\Service_Lavasoft Ad-Aware Service . . ((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 ))))))))))))))))))))))))))))))) . . 2011-05-30 02:28 . 2011-05-30 02:28 -------- d-----w- c:\program files\NT Registry Optimizer 2011-05-29 18:54 . 2011-05-29 18:54 -------- d-----w- c:\windows\system32\wbem\Repository 2011-05-29 16:38 . 2011-05-29 16:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities 2011-05-29 16:16 . 2011-05-29 16:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2011-05-29 16:02 . 2011-05-29 18:53 -------- d-s---w- c:\documents and settings\Administrator\UserData 2011-05-29 15:11 . 2011-05-29 15:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-05-27 02:01 . 2011-05-27 02:01 -------- d-----w- c:\program files\7-Zip 2011-05-18 19:19 . 2011-04-26 00:00 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-05-18 19:19 . 2011-04-26 00:00 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2011-05-15 16:55 . 2011-05-15 16:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-05-15 16:40 . 2011-05-15 16:40 -------- d-----w- c:\documents and settings\tim\Local Settings\Application Data\Sunbelt Software 2011-05-15 16:39 . 2011-05-15 16:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{91EC863D-D912-4466-91CC-9489A4A2ADD3} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-26 00:00 . 2009-08-15 15:46 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-04-26 00:00 . 2009-08-15 16:51 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-03-28 17:46 . 2010-11-30 18:28 98160 ----a-w- c:\windows\system32\drivers\idmtdi.sys 2011-03-07 05:33 . 2008-12-31 19:05 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45 . 2004-08-10 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2004-08-10 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2007-12-17 13:43 27648 --sh--w- c:\windows\system32\Smab0.dll 2008-02-04 19:26 151040 --sh--w- c:\windows\system32\VistaUltm.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-12-31 19:49 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OptiCAL Startup.lnk] backup=c:\windows\pss\OptiCAL Startup.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk] backup=c:\windows\pss\Register Mask Pro 3.0.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap] 2001-10-15 20:16 43008 ----a-w- c:\progra~1\ScanSoft\PAPERP~1\PPWEBCAP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/15/2009 11:46 AM 64512] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/19/2009 6:45 AM 93848] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [11/30/2010 2:28 PM 98160] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [5/18/2011 3:19 PM 21464] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/15/2011 12:55 PM 98392] R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/19/2009 6:44 AM 107256] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/19/2009 6:44 AM 731840] R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/9/2008 2:49 PM 693512] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [5/18/2011 3:19 PM 69976] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 6:54 AM 206120] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [1/30/2010 7:27 PM 4463400] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 6:54 AM 185640] S2 .EsetTrialReset;Trial Reset;c:\program files\ESET\ESET NOD32 Antivirus\Shahed.exe /s --> c:\program files\ESET\ESET NOD32 Antivirus\Shahed.exe [?] S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [7/3/2010 11:44 AM 29184] S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/9/2008 2:49 PM 906504] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [1/28/2010 5:28 PM 16168] . Contents of the 'Scheduled Tasks' folder . 2011-05-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-TIM-07416AF0AF2-tim.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-28 08:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" uInternet Settings,ProxyServer = http=127.0.0.1:61758 IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\tim\Application Data\Mozilla\Firefox\Profiles\uxsjyzcm.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 61758 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\tim\Application Data\IDM\idmmzcc3 FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-31 20:02 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6402ab58-768a-4bee-92e4-1e551656d9ec}] @Denied: (Full) (Everyone) "Model"=dword:0000005a "Therad"=dword:0000001d "MData"=hex(0):48,b3,89,6a,ca,5a,64,70,2f,25,21,e8,db,08,d1,fd,88,cf,7c,96,84, 16,ad,55,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):62,04,54,93,35,26,1a,1a,81,22,09,7d,8b,34,a2,be,28,38,d6,7a,60, d1,26,21,39,5f,c7,c3,c7,05,e4,c2,dd,a7,16,8d,2e,90,3d,af,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h
  2. bmg
    ComboFix 11-05-31.01 - tim 05/31/2011 18:49:35.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1213 [GMT -4:00] Running from: c:\documents and settings\tim\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\tim\Application Data\Adobe\plugs c:\documents and settings\tim\Application Data\Adobe\shed c:\documents and settings\tim\Application Data\Adobe\shed\thr1.chm c:\documents and settings\tim\GoToAssistDownloadHelper.exe c:\documents and settings\tim\WINDOWS C:\Install.exe c:\windows\system32\spool\prtprocs\w32x86\Ppbiproc.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SSHNAS . . ((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 ))))))))))))))))))))))))))))))) . . 2011-05-30 02:28 . 2011-05-30 02:28 -------- d-----w- c:\program files\NT Registry Optimizer 2011-05-29 18:54 . 2011-05-29 18:54 -------- d-----w- c:\windows\system32\wbem\Repository 2011-05-29 16:38 . 2011-05-29 16:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities 2011-05-29 16:16 . 2011-05-29 16:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2011-05-29 16:02 . 2011-05-29 18:53 -------- d-s---w- c:\documents and settings\Administrator\UserData 2011-05-29 15:11 . 2011-05-29 15:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-05-29 14:51 . 2011-05-29 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\mB28258OoHkP28258 2011-05-27 02:01 . 2011-05-27 02:01 -------- d-----w- c:\program files\7-Zip 2011-05-18 19:19 . 2011-04-26 00:00 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-05-18 19:19 . 2011-04-26 00:00 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2011-05-15 16:55 . 2011-05-15 16:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-05-15 16:40 . 2011-05-15 16:40 -------- d-----w- c:\documents and settings\tim\Local Settings\Application Data\Sunbelt Software 2011-05-15 16:39 . 2011-05-15 16:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{91EC863D-D912-4466-91CC-9489A4A2ADD3} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-26 00:00 . 2009-08-15 15:46 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-04-26 00:00 . 2009-08-15 16:51 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-03-28 17:46 . 2010-11-30 18:28 98160 ----a-w- c:\windows\system32\drivers\idmtdi.sys 2011-03-07 05:33 . 2008-12-31 19:05 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45 . 2004-08-10 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2004-08-10 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2007-12-17 13:43 27648 --sh--w- c:\windows\system32\Smab0.dll 2008-02-04 19:26 151040 --sh--w- c:\windows\system32\VistaUltm.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-12-31 19:49 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OptiCAL Startup.lnk] backup=c:\windows\pss\OptiCAL Startup.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk] backup=c:\windows\pss\Register Mask Pro 3.0.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] 2011-05-13 09:11 1191216 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap] 2001-10-15 20:16 43008 ----a-w- c:\progra~1\ScanSoft\PAPERP~1\PPWEBCAP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/15/2009 11:46 AM 64512] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/19/2009 6:45 AM 93848] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [11/30/2010 2:28 PM 98160] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [5/18/2011 3:19 PM 21464] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/15/2011 12:55 PM 98392] R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/19/2009 6:44 AM 107256] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/19/2009 6:44 AM 731840] R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/9/2008 2:49 PM 693512] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [5/18/2011 3:19 PM 69976] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 6:54 AM 206120] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [1/30/2010 7:27 PM 4463400] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 6:54 AM 185640] S2 .EsetTrialReset;Trial Reset;c:\program files\ESET\ESET NOD32 Antivirus\Shahed.exe /s --> c:\program files\ESET\ESET NOD32 Antivirus\Shahed.exe [?] S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [7/3/2010 11:44 AM 29184] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/25/2011 8:00 PM 2151128] S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/9/2008 2:49 PM 906504] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [1/28/2010 5:28 PM 16168] . Contents of the 'Scheduled Tasks' folder . 2011-05-31 c:\windows\Tasks\Ad-Aware Scan (Friday).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-26 09:11] . 2011-05-31 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-26 09:11] . 2011-05-31 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-26 09:11] . 2011-05-31 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-26 09:11] . 2011-05-31 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-26 09:11] . 2011-05-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-TIM-07416AF0AF2-tim.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-28 08:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" uInternet Settings,ProxyServer = http=127.0.0.1:61758 IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\tim\Application Data\Mozilla\Firefox\Profiles\uxsjyzcm.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 61758 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\tim\Application Data\IDM\idmmzcc3 FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . HKCU-Run-AdobeBridge - (no file) SafeBoot-31220151.sys SafeBoot-mcmscsvc SafeBoot-MCODS MSConfigStartUp-ghoicsyj - c:\docume~1\tim\LOCALS~1\Temp\jrdbkyjwu\klfmxoilajb.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-31 18:58 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6402ab58-768a-4bee-92e4-1e551656d9ec}] @Denied: (Full) (Everyone) "Model"=dword:0000005a "Therad"=dword:0000001d "MData"=hex(0):48,b3,89,6a,ca,5a,64,70,2f,25,21,e8,db,08,d1,fd,88,cf,7c,96,84, 16,ad,55,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):62,04,54,93,35,26,1a,1a,81,22,09,7d,8b,34,a2,be,28,38,d6,7a,60, d1,26,21,39,5f,c7,c3,c7,05,e4,c2,dd,a7,16,8d,2e,90,3d,af,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h
  3. bmg
    Thanks for the reply. There is no provision in Control Panel to uninstall Ad Watch Live that I can see; I wasn't even sure I had it at all, as it doesn't run all the time. I think I have managed to permanently turn it off, though. Here is the the log: . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17 Run by tim at 15:45:55 on 2011-05-31 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1373 [GMT -4:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\astsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\VERIZONDM\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\VERIZONDM\bin\tgsrvc.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\VISION~1\ONETOU~2.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Apoint\HidFind.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Documents and Settings\tim\Desktop\malware programs\logging programs\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" uInternet Settings,ProxyServer = http=127.0.0.1:61758 mSearchAssistant = BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [AdobeBridge] uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC 3.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"http://www.explorelearning.com/index.cfm?method=cResource.dspView&ResourceID=1012&ClassID=1402563" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [OneTouch Monitor] c:\progra~1\vision~1\ONETOU~2.EXE mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" dRun: [xmyyrmcn] c:\windows\temp\qqhnmftrr\etjamymsika.exe IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\tim\application data\mozilla\firefox\profiles\uxsjyzcm.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 61758 FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\tim\application data\idm\idmmzcc3\components\idmmzcc.dll FF - plugin: c:\documents and settings\tim\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\tabletplugins\npwacom.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\tim\application data\idm\idmmzcc3 . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-15 64512] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2010-11-30 98160] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 214024] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-5-18 21464] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-5-15 98392] R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840] R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-9 693512] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-18 69976] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-1-30 4463400] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640] S2 .EsetTrialReset;Trial Reset;c:\program files\eset\eset nod32 antivirus\shahed.exe /s --> c:\program files\eset\eset nod32 antivirus\Shahed.exe [?] S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-7-3 29184] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-25 2151128] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-1 79816] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-1 35272] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-1 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-1 40552] S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-9 906504] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-28 16168] . =============== Created Last 30 ================ . 2011-05-30 02:28:33 -------- d-----w- c:\program files\NT Registry Optimizer 2011-05-29 18:54:25 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-05-29 18:54:25 -------- d-----w- c:\windows\system32\wbem\Repository 2011-05-29 14:51:54 -------- d-----w- c:\documents and settings\all users\application data\mB28258OoHkP28258 2011-05-18 19:19:18 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-05-18 19:19:16 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2011-05-15 16:55:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-05-15 16:40:32 -------- d-----w- c:\documents and settings\tim\local settings\application data\Sunbelt Software 2011-05-15 16:39:29 -------- dc-h--w- c:\documents and settings\all users\application data\{91EC863D-D912-4466-91CC-9489A4A2ADD3} . ==================== Find3M ==================== . 2011-04-26 00:00:20 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-04-26 00:00:19 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-03-28 17:46:40 98160 ----a-w- c:\windows\system32\drivers\idmtdi.sys 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2007-12-17 13:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll 2008-02-04 19:26:34 151040 --sh--w- c:\windows\system32\VistaUltm.dll . ============= FINISH: 15:47:18.43 =============== AND I waa able to add the other file this time! Thanks again... attach.zip
  4. bmg
    I seemed to have contacted a redirect virus this morning and, after many attempts to start in safe mode, was able to remove it (I think.) MB found 8 infected files, but didn't seem to remove the threat on start up. Only after Kapersky located 1 further file, did the system seem to return back to normal. Here are the requested files - the MB log file is from AFTER the threat was removed - as there was no log file saved after scanning in safe mode - is this normal? Also, the GMER took over 3 hours to complete - is this also normal? As for the zipped files, the forum says I'm not permitted to post those, so those are not included. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6696 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 5/29/2011 7:50:40 PM mbam-log-2011-05-29 (19-50-40).txt Scan type: Quick scan Objects scanned: 205198 Time elapsed: 22 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17 Run by tim at 15:08:56 on 2011-05-29 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1379 [GMT -4:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\astsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\VERIZONDM\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\VERIZONDM\bin\tgsrvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\PROGRA~1\VISION~1\ONETOU~2.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Documents and Settings\tim\Desktop\malware programs\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" uInternet Settings,ProxyServer = http=127.0.0.1:61758 mSearchAssistant = uWinlogon: Shell=explorer.exe,c:\documents and settings\tim\application data\dwm.exe uWindows: load=c:\docume~1\tim\locals~1\temp\csrss.exe BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [AdobeBridge] uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC 3.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"http://www.explorelearning.com/index.cfm?method=cResource.dspView&ResourceID=1012&ClassID=1402563" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [OneTouch Monitor] c:\progra~1\vision~1\ONETOU~2.EXE mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" dRun: [xmyyrmcn] c:\windows\temp\qqhnmftrr\etjamymsika.exe IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\tim\application data\mozilla\firefox\profiles\uxsjyzcm.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 61758 FF - prefs.js: network.proxy.type - 1 FF - component: c:\documents and settings\tim\application data\idm\idmmzcc3\components\idmmzcc.dll FF - plugin: c:\documents and settings\tim\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\tabletplugins\npwacom.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\tim\application data\idm\idmmzcc3 . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-15 64512] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2010-11-30 98160] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 214024] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-5-18 21464] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-5-15 98392] R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-25 2151128] R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-9 693512] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-18 69976] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-1-30 4463400] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640] S2 .EsetTrialReset;Trial Reset;c:\program files\eset\eset nod32 antivirus\shahed.exe /s --> c:\program files\eset\eset nod32 antivirus\Shahed.exe [?] S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-7-3 29184] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-1 79816] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-1 35272] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-1 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-1 40552] S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-9 906504] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-28 16168] . =============== Created Last 30 ================ . 2011-05-29 18:54:25 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-05-29 18:54:25 -------- d-----w- c:\windows\system32\wbem\Repository 2011-05-29 14:51:54 -------- d-----w- c:\documents and settings\all users\application data\mB28258OoHkP28258 2011-05-18 19:19:18 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-05-18 19:19:16 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2011-05-15 16:55:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-05-15 16:40:32 -------- d-----w- c:\documents and settings\tim\local settings\application data\Sunbelt Software 2011-05-15 16:39:29 -------- dc-h--w- c:\documents and settings\all users\application data\{91EC863D-D912-4466-91CC-9489A4A2ADD3} . ==================== Find3M ==================== . 2011-05-29 15:54:22 90112 ----a-w- c:\windows\DUMP3e22.tmp 2011-05-29 15:53:11 90112 ----a-w- c:\windows\DUMP3cf9.tmp 2011-05-29 15:52:09 90112 ----a-w- c:\windows\DUMP3de3.tmp 2011-05-29 15:51:00 90112 ----a-w- c:\windows\DUMP3c5d.tmp 2011-05-29 15:08:35 90112 ----a-w- c:\windows\DUMP3bef.tmp 2011-04-26 00:00:20 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-04-26 00:00:19 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-03-28 17:46:40 98160 ----a-w- c:\windows\system32\drivers\idmtdi.sys 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2007-12-17 13:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll 2008-02-04 19:26:34 151040 --sh--w- c:\windows\system32\VistaUltm.dll . ============= FINISH: 15:12:13.45 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.