Jump to content

JRomero

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Below is DDS log and attached is ComboFix: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Administrator at 13:40:17 on 2011-08-16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2002.1253 [GMT -4:00] . AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* . ============== Running Processes =============== . C:\WINDOWS\System32\svchost.exe -k Cognizance C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Symantec AntiVirus\Smc.exe svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\WINDOWS\system32\ifxspmgt.exe C:\WINDOWS\system32\ifxtcs.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\PDF Complete\pdfsvc.exe C:\WINDOWS\system32\IfxPsdSv.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Intel\AMT\UNS.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\Program Files\Symantec AntiVirus\SmcGui.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [atchk] "c:\program files\intel\amt\atchk.exe" mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start mRun: [iFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule mRun: [Recguard] c:\windows\sminst\Recguard.exe mRun: [Reminder] c:\windows\creator\Remind_XP.exe mRun: [scheduler] c:\windows\sminst\Scheduler.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab DPF: {19529B56-E206-4F0B-B44E-97B5F4861E6A} - hxxp://boeprod1.uapps.net/businessobjects/enterprise115/desktoplaunch/viewers/crystalreportviewers115/ActiveXControls/PrintControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220467483054 DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://boefarm1.uapps.net/businessobjects/viewers/crystalreportviewers115/ActiveXControls/ActiveXViewer.cab DPF: {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} - hxxp://204.71.142.69/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cab DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP27-10832/event/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 172.16.1.21 172.16.1.3 TCP: Interfaces\{D6024C00-6FAE-4521-BF23-9CF3C7FADF47} : DhcpNameServer = 172.16.1.21 172.16.1.3 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll AppInit_DLLs: c:\windows\system32\APSHook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator.office\application data\mozilla\firefox\profiles\2hqaunms.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-6-13 101167] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-6-14 13184] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-4-18 39080] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-6-13 5808] R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-2-27 14336] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-2-27 14336] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-28 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-28 108392] R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-7-9 221184] R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-8-13 576024] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2011-6-28 1831024] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-8-13 2521880] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-12-18 44800] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110815.034\NAVENG.SYS [2011-8-16 86136] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110815.034\NAVEX15.SYS [2011-8-16 1576312] S1 MpKsl6ba915fc;MpKsl6ba915fc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d17c260a-18fb-4793-bc87-d11a5afe884c}\mpksl6ba915fc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d17c260a-18fb-4793-bc87-d11a5afe884c}\MpKsl6ba915fc.sys [?] S2 0028191220450047mcinstcleanup;McAfee Application Installer Cleanup (0028191220450047);c:\docume~1\admini~1\locals~1\temp\002819~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\002819~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-6-28 23888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\sminst\virtdisk.sys [2008-8-13 57344] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-08-10 12:59:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 12:57:26 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-08 20:08:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-08 20:08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-03 21:12:19 -------- d-sha-r- C:\cmdcons 2011-08-03 21:09:33 98816 ----a-w- c:\windows\sed.exe 2011-08-03 21:09:33 518144 ----a-w- c:\windows\SWREG.exe 2011-08-03 21:09:33 256000 ----a-w- c:\windows\PEV.exe 2011-08-03 21:09:33 208896 ----a-w- c:\windows\MBR.exe 2011-08-03 20:53:10 -------- d--h--w- c:\windows\system32\GroupPolicy . ==================== Find3M ==================== . 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-06-28 19:36:41 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 13:40:41.56 =============== ComboFix-8162011.txt
  2. Yes, sorry, I thought my last update posted and it did not. I ran MBAM and scan with VirusTotal the file c:\windows\system32\chg.exe The result was: 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: chg.exe Submission date: 2011-08-03 05:59:12 (UTC) Current status: finished Result: 0 /43 (0.0%) The log from MBAM is below: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7415 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/9/2011 2:57:26 PM mbam-log-2011-08-09 (14-57-26).txt Scan type: Full scan (C:\|) Objects scanned: 331025 Time elapsed: 1 hour(s), 46 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) chg.zip
  3. ComboFix 11-08-03.03 - administrator 08/03/2011 17:13:27.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2002.1407 [GMT -4:00] Running from: c:\documents and settings\Administrator.OFFICE\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\ADMINI~1.OFF\LOCALS~1\Temp\SAS249.tmp c:\documents and settings\Administrator.OFFICE\Local Settings\Temp\SAS249.tmp c:\windows\system32\it.EXE D:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 ))))))))))))))))))))))))))))))) . . 2011-08-03 21:19 . 2011-08-03 21:19 118784 ----a-w- c:\windows\system32\chg.exe 2011-08-03 20:53 . 2011-08-03 20:53 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-07-14 03:24 . 2011-07-14 03:28 -------- d-----w- c:\documents and settings\EBSi 2011-07-13 19:40 . 2011-07-13 19:40 -------- d-----w- c:\documents and settings\jromero.OFFICE 2011-07-12 19:23 . 2011-07-12 19:23 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2011-07-12 19:12 . 2011-07-12 19:12 -------- d-----w- c:\program files\Trend Micro 2011-07-11 20:17 . 2011-08-03 20:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-07-11 20:17 . 2011-08-03 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-07-10 05:38 . 2011-07-10 05:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2011-07-10 01:18 . 2011-07-10 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-07-09 13:46 . 2011-07-09 13:46 -------- d-----w- c:\documents and settings\Administrator.OFFICE\Local Settings\Application Data\Mozilla 2011-07-09 10:22 . 2004-03-09 17:00 132880 ----a-w- c:\windows\system32\MSINET.OCX 2011-07-09 10:22 . 2001-10-04 18:13 3584 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\comcat.dll 2011-07-09 10:22 . 2001-10-04 17:16 1338880 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\shdocvw.dll 2011-07-09 10:22 . 2000-05-22 21:00 203976 ----a-w- c:\windows\system32\richtx32.ocx 2011-07-09 10:22 . 1998-06-24 17:00 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX 2011-07-07 12:27 . 2011-07-07 12:27 -------- d-sh--w- c:\documents and settings\Administrator.OFFICE\IECompatCache 2011-07-05 20:39 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-28 19:36 . 2011-06-28 19:30 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys 2011-06-28 19:28 . 2011-06-28 19:28 353608 ----a-w- c:\windows\system32\sysfer.dll 2011-06-28 19:28 . 2011-06-28 19:28 89600 ----a-w- c:\windows\system32\atl71.dll 2011-06-28 19:28 . 2011-06-28 19:28 87368 ----a-w- c:\windows\system32\FwsVpn.dll 2011-06-28 19:28 . 2011-06-28 19:28 625032 ----a-w- c:\windows\system32\SymNeti.dll 2011-06-28 19:28 . 2011-06-28 19:28 43336 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys 2011-06-28 19:28 . 2011-06-28 19:28 242056 ----a-w- c:\windows\system32\SymRedir.dll 2011-06-28 19:28 . 2011-06-28 19:28 107848 ----a-w- c:\windows\system32\SymVPN.dll 2011-06-28 19:28 . 2011-06-28 19:28 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys 2011-06-28 19:28 . 2011-06-28 19:28 320944 ----a-w- c:\windows\system32\drivers\srtspl.sys 2011-06-28 19:28 . 2011-06-28 19:28 283184 ----a-w- c:\windows\system32\drivers\srtsp.sys 2011-06-28 19:28 . 2011-06-28 19:28 97096 ----a-w- c:\windows\system32\drivers\SysPlant.sys 2011-06-28 19:28 . 2011-06-28 19:28 67472 ----a-w- c:\windows\system32\drivers\Teefer2.sys 2011-06-28 19:28 . 2011-06-28 19:28 39856 ----a-w- c:\windows\system32\drivers\symids.sys 2011-06-28 19:28 . 2011-06-28 19:28 38448 ----a-w- c:\windows\system32\drivers\symndisv.sys 2011-06-28 19:28 . 2011-06-28 19:28 35120 ----a-w- c:\windows\system32\drivers\symndis.sys 2011-06-28 19:28 . 2011-06-28 19:28 26416 ----a-w- c:\windows\system32\drivers\symredrv.sys 2011-06-28 19:28 . 2011-06-28 19:28 188080 ----a-w- c:\windows\system32\drivers\symtdi.sys 2011-06-28 19:28 . 2011-06-28 19:28 145968 ----a-w- c:\windows\system32\drivers\symfw.sys 2011-06-28 19:28 . 2011-06-28 19:28 12720 ----a-w- c:\windows\system32\drivers\symdns.sys 2011-06-28 19:28 . 2011-06-28 19:28 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys 2011-06-28 19:28 . 2011-06-28 19:28 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-06-28 19:28 . 2011-06-28 19:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-06-02 14:02 . 2006-02-28 02:00 1858944 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-09 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-26 1015808] "atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-07 408344] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-06-28 115560] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ PhoneManager.lnk - c:\program files\Avaya\IP Office\Phone Manager\PhoneManager.exe [2008-7-16 9129984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\NPES\\Personify.exe"= "c:\\Documents and Settings\\CErb\\Application Data\\TMA Resources Inc\\Personify\\NPES\\7.3.1\\TIMSS.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [6/13/2007 8:53 PM 101167] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 4:31 PM 44720] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [6/14/2007 7:22 PM 13184] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [4/18/2007 10:32 PM 39080] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [6/13/2007 8:53 PM 5808] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/27/2006 10:00 PM 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/27/2006 10:00 PM 14336] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [7/9/2007 8:03 PM 221184] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [8/13/2008 6:30 PM 576024] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [8/13/2008 6:10 PM 2521880] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/28/2011 12:36 PM 105592] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/18/2007 5:46 AM 44800] S1 MpKsl6ba915fc;MpKsl6ba915fc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D17C260A-18FB-4793-BC87-D11A5AFE884C}\MpKsl6ba915fc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D17C260A-18FB-4793-BC87-D11A5AFE884C}\MpKsl6ba915fc.sys [?] S2 0028191220450047mcinstcleanup;McAfee Application Installer Cleanup (0028191220450047);c:\docume~1\ADMINI~1\LOCALS~1\Temp\002819~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\002819~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 9:59 AM 135664] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/28/2011 3:28 PM 23888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 9:59 AM 135664] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\SMINST\virtdisk.sys [8/13/2008 6:41 PM 57344] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Contents of the 'Scheduled Tasks' folder . 2010-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 13:59] . 2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 13:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 DPF: {19529B56-E206-4F0B-B44E-97B5F4861E6A} - hxxp://boeprod1.uapps.net/businessobjects/enterprise115/desktoplaunch/viewers/crystalreportviewers115/ActiveXControls/PrintControl.cab DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://boefarm1.uapps.net/businessobjects/viewers/crystalreportviewers115/ActiveXControls/ActiveXViewer.cab DPF: {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} - hxxp://204.71.142.69/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cab DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab FF - ProfilePath - c:\documents and settings\Administrator.OFFICE\Application Data\Mozilla\Firefox\Profiles\2hqaunms.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM-Run-BHR - c:\program files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe Notify-NavLogon - (no file) SafeBoot-Symantec Antvirus . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-03 17:20 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2119379497-1915432768-1073948036-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,74,fe,da,ee,86,0a,40,a4,84,97,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,74,fe,da,ee,86,0a,40,a4,84,97,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,00,90,e8,2d,59,2e,40,8d,67,96,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,00,90,e8,2d,59,2e,40,8d,67,96,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(976) c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll . - - - - - - - > 'explorer.exe'(3036) c:\windows\system32\WININET.dll c:\windows\system32\APSHook.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Symantec AntiVirus\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Intel\AMT\atchksrv.exe c:\windows\system32\ifxtcs.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Intel\AMT\LMS.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Hewlett-Packard\IAM\bin\asghost.exe c:\windows\system32\IfxPsdSv.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\igfxsrvc.exe c:\program files\Symantec AntiVirus\SmcGui.exe c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe . ************************************************************************** . Completion time: 2011-08-03 17:22:56 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-03 21:22 . Pre-Run: 125,981,147,136 bytes free Post-Run: 126,262,505,472 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - E2C3839270F503D9DFC14DE593D41302
  4. OTL logfile created on: 7/29/2011 2:01:49 PM - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\t Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 65.61% Memory free 3.80 Gb Paging File | 3.21 Gb Available in Paging File | 84.40% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 139.03 Gb Total Space | 116.94 Gb Free Space | 84.11% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 1.99 Gb Free Space | 19.85% Space Free | Partition Type: NTFS Computer Name: HP7800-05 | User Name: administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\t\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Symantec AntiVirus\Smc.exe (Symantec Corporation) PRC - C:\Program Files\Symantec AntiVirus\SmcGui.exe (Symantec Corporation) PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) PRC - C:\Program Files\Intel\AMT\UNS.exe (Intel) PRC - C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation) PRC - C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation) PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel) PRC - C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe (Infineon Technologies AG) PRC - C:\WINDOWS\system32\IfxPsdSv.exe (Infineon Technologies AG) PRC - C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Cognizance Corporation) PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\WINDOWS\SMINST\Scheduler.exe () ========== Modules (SafeList) ========== MOD - C:\t\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.) ========== Win32 Services (SafeList) ========== SRV - (0028191220450047mcinstcleanup) McAfee Application Installer Cleanup (0028191220450047) -- File not found SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (SmcService) -- C:\Program Files\Symantec AntiVirus\Smc.exe (Symantec Corporation) SRV - (SNAC) -- C:\Program Files\Symantec AntiVirus\SNAC.EXE (Symantec Corporation) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) SRV - (UNS) Intel® -- C:\Program Files\Intel\AMT\UNS.exe (Intel) SRV - (atchksrv) Intel® -- C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation) SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\LMS.exe (Intel) SRV - (PersonalSecureDriveService) -- C:\WINDOWS\system32\IfxPsdSv.exe (Infineon Technologies AG) SRV - (ASBroker) -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (ASChannel) -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation) ========== Driver Services (SafeList) ========== DRV - (MpKsl3d7183a7) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF87AB05-2C6E-4885-80D5-9D63EF5A9A9E}\MpKsl3d7183a7.sys (Microsoft Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110728.051\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110728.051\NAVENG.SYS (Symantec Corporation) DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\wpshelper.sys (Symantec Corporation) DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation) DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation) DRV - (SysPlant) -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys (Symantec Corporation) DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG) DRV - (SbFsLock) -- C:\WINDOWS\System32\drivers\SbFsLock.sys (SafeBoot International) DRV - (RsvLock) -- C:\WINDOWS\System32\drivers\rsvlock.sys (SafeBoot International) DRV - (SafeBoot) -- C:\WINDOWS\System32\drivers\SafeBoot.sys () DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (PersonalSecureDrive) -- C:\WINDOWS\System32\drivers\psd.sys (Infineon Technologies AG) DRV - (SbAlg) -- C:\WINDOWS\System32\drivers\SbAlg.sys (SafeBoot N.V.) DRV - (VirtDisk) -- c:\WINDOWS\SMINST\virtdisk.sys (XSS) DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation) DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation) DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation) DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation) DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation) DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation) DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation) DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation) DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation) DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation) DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation) DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation) DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation) DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation) DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation) DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/09 09:46:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/30 09:50:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\ [2011/07/09 09:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.OFFICE\Application Data\Mozilla\Extensions [2011/07/12 15:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.OFFICE\Application Data\Mozilla\Firefox\Profiles\2hqaunms.default\extensions [2011/07/09 09:48:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator.OFFICE\Application Data\Mozilla\Firefox\Profiles\2hqaunms.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/09/15 12:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2011/07/12 09:30:28 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation) O4 - HKLM..\Run: [bHR] File not found O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe () O4 - HKLM..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {19529B56-E206-4F0B-B44E-97B5F4861E6A} http://boeprod1.uapps.net/businessobjects/enterprise115/desktoplaunch/viewers/crystalreportviewers115/ActiveXControls/PrintControl.cab (Crystal Reports Print Control 11.5) O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab? (MiniBugTransporterX Class) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220467483054 (WUWebControl Class) O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} http://boefarm1.uapps.net/businessobjects/viewers/crystalreportviewers115/ActiveXControls/ActiveXViewer.cab (Crystal ActiveX Report Viewer Control 11.5) O16 - DPF: {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} http://204.71.142.69/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cab (Crystal Reports Print Control 12.0) O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP27-10832/event/ieatgpc.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = npes.org O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/04/30 21:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/29 13:59:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.OFFICE\My Documents\My Videos [2011/07/29 13:59:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.OFFICE\Start Menu\Programs\Administrative Tools [2011/07/12 15:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OFFICE\Start Menu\Programs\HiJackThis [2011/07/12 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/07/11 16:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy [2011/07/11 16:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011/07/11 16:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2011/07/10 01:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2011/07/09 21:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2011/07/09 21:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OFFICE\Application Data\SUPERAntiSpyware.com [2011/07/09 21:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2011/07/09 21:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/07/09 09:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OFFICE\My Documents\Downloads [2011/07/09 09:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OFFICE\Local Settings\Application Data\Mozilla [2011/07/09 09:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.OFFICE\Application Data\Mozilla [2011/07/09 06:22:27 | 000,244,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSFLXGRD.OCX [2011/07/09 06:22:27 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx [2011/07/09 06:22:27 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX [2011/07/07 08:27:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.OFFICE\IECompatCache [2011/07/05 16:39:17 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2011/07/05 16:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2011/06/29 16:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/06/29 16:44:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/29 13:55:20 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Administrator.OFFICE\Desktop\HiJackThis.lnk [2011/07/29 13:54:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/29 13:54:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/07/29 13:43:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/07/29 10:09:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/07/29 10:04:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/29 10:03:58 | 2099,560,448 | -HS- | M] () -- C:\hiberfil.sys [2011/07/13 14:38:08 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/07/13 09:01:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/07/11 16:33:08 | 000,002,976 | ---- | M] () -- C:\WINDOWS\wininit.ini [2011/07/11 16:18:53 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Administrator.OFFICE\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2011/07/11 16:18:53 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Administrator.OFFICE\Desktop\Spybot - Search & Destroy.lnk [2011/07/09 21:18:24 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/07/09 09:46:22 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\Administrator.OFFICE\Desktop\Mozilla Firefox.lnk [2011/07/09 06:28:51 | 000,002,243 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2011/06/29 16:44:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/25 11:05:14 | 2099,560,448 | -HS- | C] () -- C:\hiberfil.sys [2011/07/12 15:12:56 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\Administrator.OFFICE\Desktop\HiJackThis.lnk [2011/07/11 16:17:45 | 000,000,981 | ---- | C] () -- C:\Documents and Settings\Administrator.OFFICE\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2011/07/11 16:17:45 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\Administrator.OFFICE\Desktop\Spybot - Search & Destroy.lnk [2011/07/09 21:18:24 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/07/09 09:46:22 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\Administrator.OFFICE\Desktop\Mozilla Firefox.lnk [2011/07/05 16:39:50 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/07/05 16:34:59 | 000,002,243 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2011/07/05 16:34:40 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2011/06/29 16:44:24 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/28 11:45:55 | 000,000,248 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18603812 [2011/06/28 11:45:55 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18603812r [2011/06/28 11:45:42 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18603812 [2009/09/15 12:16:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/02/21 08:25:20 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2009/01/06 14:43:29 | 000,000,608 | ---- | C] () -- C:\WINDOWS\{9C564F6E-729F-4C69-9CD9-F476EFDAC442}.ini [2008/12/04 18:45:47 | 000,000,285 | ---- | C] () -- C:\WINDOWS\FRX.INI [2008/09/09 15:09:31 | 000,002,976 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/09/05 11:25:08 | 000,001,600 | ---- | C] () -- C:\WINDOWS\hplj1320.ini [2008/09/05 11:24:25 | 000,000,385 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini [2008/09/05 11:24:20 | 000,001,099 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini [2008/09/05 11:24:09 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\HPB1320V.DLL [2008/09/05 11:24:08 | 000,000,319 | R--- | C] () -- C:\WINDOWS\System32\HPB1320V.DAT [2008/09/03 17:53:18 | 000,048,640 | ---- | C] () -- C:\WINDOWS\quoter.exe [2008/09/03 17:31:00 | 000,000,473 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/08/13 18:49:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/08/13 18:11:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/08/13 18:11:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/08/13 18:11:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/08/13 18:11:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/08/13 18:11:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/08/13 18:11:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/08/13 17:56:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll [2008/05/22 15:59:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\it.exe [2007/06/13 20:53:28 | 000,101,167 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys [2006/04/25 14:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/04/25 13:43:54 | 000,506,052 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/04/25 13:43:54 | 000,089,390 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/04/25 13:39:48 | 000,274,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006/04/25 13:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/04/25 13:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/02/27 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/02/27 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/02/27 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/02/27 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/02/27 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/02/27 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/02/27 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/27 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/06/12 04:16:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\imsys.dll [2002/05/28 03:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 03:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002/05/08 06:12:22 | 000,000,801 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2001/07/31 06:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [1998/05/06 22:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> C:\Personify Upgrate:AFP_AfpInfo @Alternate Data Stream - 60 bytes -> C:\NPES:AFP_AfpInfo < End of report > GMER 1.0.15.15640 - http://www.gmer.net Rootkit quick scan 2011-07-29 13:58:53 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 ST3160815AS rev.3.CHH Running: 5vmxtvkj.exe; Driver: C:\DOCUME~1\ADMINI~1.OFF\LOCALS~1\Temp\fxlyrpow.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:124] 89D75E7A Thread System [4:128] 89D78008 ---- EOF - GMER 1.0.15 ---- . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by administrator at 13:59:01 on 2011-07-29 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2002.1333 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* . ============== Running Processes =============== . C:\WINDOWS\System32\svchost.exe -k Cognizance C:\WINDOWS\system32\svchost -k DcomLaunch C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Symantec AntiVirus\Smc.exe svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\WINDOWS\system32\ifxspmgt.exe C:\WINDOWS\system32\ifxtcs.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\PDF Complete\pdfsvc.exe C:\WINDOWS\system32\IfxPsdSv.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Intel\AMT\UNS.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec AntiVirus\SmcGui.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [atchk] "c:\program files\intel\amt\atchk.exe" mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start mRun: [iFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule mRun: [Recguard] c:\windows\sminst\Recguard.exe mRun: [Reminder] c:\windows\creator\Remind_XP.exe mRun: [scheduler] c:\windows\sminst\Scheduler.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [bHR] c:\program files\zamaan's software\browser hijack retaliator 4.5\BHR.exe dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab DPF: {19529B56-E206-4F0B-B44E-97B5F4861E6A} - hxxp://boeprod1.uapps.net/businessobjects/enterprise115/desktoplaunch/viewers/crystalreportviewers115/ActiveXControls/PrintControl.cab DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - hxxp://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab? DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220467483054 DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://boefarm1.uapps.net/businessobjects/viewers/crystalreportviewers115/ActiveXControls/ActiveXViewer.cab DPF: {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} - hxxp://204.71.142.69/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cab DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP27-10832/event/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll AppInit_DLLs: APSHook.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = SbHpNp scecli ASWLNPkg . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator.office\application data\mozilla\firefox\profiles\2hqaunms.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-6-13 101167] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-6-14 13184] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 MpKsl3d7183a7;MpKsl3d7183a7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ff87ab05-2c6e-4885-80d5-9d63ef5a9a9e}\MpKsl3d7183a7.sys [2011-7-29 28752] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-4-18 39080] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-6-13 5808] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-2-27 14336] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-2-27 14336] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-28 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-28 108392] R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-7-9 221184] R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-8-13 576024] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2011-6-28 1831024] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-8-13 2521880] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-12-18 44800] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110728.051\NAVENG.SYS [2011-7-29 86008] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110728.051\NAVEX15.SYS [2011-7-29 1542392] R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S1 MpKsl6ba915fc;MpKsl6ba915fc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d17c260a-18fb-4793-bc87-d11a5afe884c}\mpksl6ba915fc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d17c260a-18fb-4793-bc87-d11a5afe884c}\MpKsl6ba915fc.sys [?] S2 0028191220450047mcinstcleanup;McAfee Application Installer Cleanup (0028191220450047);c:\docume~1\admini~1\locals~1\temp\002819~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\002819~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-6-28 23888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664] S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\sminst\virtdisk.sys [2008-8-13 57344] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-07-29 14:15:54 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ff87ab05-2c6e-4885-80d5-9d63ef5a9a9e}\MpKsl3d7183a7.sys 2011-07-29 14:15:35 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ff87ab05-2c6e-4885-80d5-9d63ef5a9a9e}\mpengine.dll 2011-07-12 19:12:56 388096 ----a-r- c:\documents and settings\administrator.office\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-07-12 19:12:55 -------- d-----w- c:\program files\Trend Micro 2011-07-11 20:17:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-07-11 20:17:42 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2011-07-11 20:13:00 6600616 ----a-w- c:\temp\spybotsd_includes.exe 2011-07-11 20:12:59 16409960 ----a-w- c:\temp\spybotsd162.exe 2011-07-10 01:18:31 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2011-07-10 01:18:31 -------- d-----w- c:\documents and settings\administrator.office\application data\SUPERAntiSpyware.com 2011-07-10 01:18:21 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-07-09 13:46:30 -------- d-----w- c:\documents and settings\administrator.office\local settings\application data\Mozilla 2011-07-09 10:22:27 3584 ----a-w- c:\program files\common files\microsoft shared\dao\comcat.dll 2011-07-09 10:22:27 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX 2011-07-09 10:22:27 203976 ----a-w- c:\windows\system32\richtx32.ocx 2011-07-09 10:22:27 1338880 ----a-w- c:\program files\common files\microsoft shared\dao\shdocvw.dll 2011-07-09 10:22:27 132880 ----a-w- c:\windows\system32\MSINET.OCX 2011-07-07 12:27:24 -------- d-sh--w- c:\documents and settings\administrator.office\IECompatCache 2011-07-06 21:15:26 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2011-07-05 20:39:17 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-07-05 20:34:23 -------- d-----w- c:\program files\Microsoft Security Client 2011-06-30 13:50:20 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe 2011-06-30 13:50:17 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll 2011-06-29 20:44:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys . ==================== Find3M ==================== . 2011-06-28 19:36:41 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 14:00:09.09 ===============
  5. I am trying to fix a problem with Internet Explorer Ver 8. Computer was infected with Windows Xp Repair Spyware and after running Sys Restore and several antyspyware program I was able to clean computer from spyware but I have not been able to clean the redirect. I have run Microsoft Security Esential, Microsoft Safety Scanner, Browser Hijack, Super AntiSpyware. I ran Hijackthis but I am not sure about which file I should remove. Attached is Hijack log file, can anyone help me? I ran OTL and dowloaded "This File" GMER and attached are files: OTL.txt, extras,txt and Resutls.log Extras.Txt OTL.Txt Results.log
  6. I could not post on time on mi issue and my topic was closed. I ran yestarday the programs recommended but I could not up my reported issue. Thank you, JRomero

  7. I am trying to fix a problem with Internet Explorer Ver 8. Computer was infected with Windows Xp Repair Spyware and after running Sys Restore and several antyspyware program I was able to clean computer from spyware but I have not been able to clean the redirect. I have run Microsoft Security Esential, Microsoft Safety Scanner, Browser Hijack, Super AntiSpyware. I ran Hijackthis but I am not sure about which file I should remove. Attached is Hijack log file, can anyone help me?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.