Jump to content

multiple instances of blocking outgoing ip's


Argalby

Recommended Posts

Hi:

For the past few hours I've had continual pop-ups from Malwarebytes saying "successfully blocked access to a potentially malicious website: outgoing" each time it seems to have a different IP address. I tried running a MB scan, but no success. Thanks! Here's the log from DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27

Run by operator at 21:18:21 on 2011-12-11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1933 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\xRaidSetup.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\DS Clock\dsclock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Plustek\OpticPro ST64+\Am32Plus.exe

svchost.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

E:\Program Files\Java\bin\jqs.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

e:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

E:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\System32\ping.exe

C:\WINDOWS\explorer.exe

C:\Program Files\AVG\AVG2012\avgui.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.tgrantphoto.com

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\program files\/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - e:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\program files\/Adobe Contribute CS4/contributeieplugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - e:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERANTISPYWARE.EXE

uRun: [DS Clock] "c:\program files\ds clock\dsclock.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [WinSys2] c:\windows\system32\winsys2.exe

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [Adobe Acrobat Speed Launcher] "e:\program files\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] nwiz.exe /install

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

StartupFolder: c:\docume~1\operat~1.win\startm~1\programs\startup\openoffice.org 3.3.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\action~1.lnk - c:\program files\plustek\opticpro st64+\Am32Plus.exe

StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\colorv~1.lnk - c:\program files\colorvision\utility\ColorVisionStartup.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Lookup on Merriam Webster

IE: Lookup on Wikipedia

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - e:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\operator.winslaveoct10\application data\mozilla\firefox\profiles\ud5symp1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.tgrantphoto.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll

FF - plugin: e:\program files\acrobat 9.0\acrobat\browser\nppdf32.dll

FF - plugin: e:\program files\java\bin\new_plugin\npdeployJava1.dll

FF - plugin: e:\program files\java\bin\new_plugin\npjp2.dll

FF - plugin: e:\program files\mozilla firefox\plugins\NPCIG.dll

FF - plugin: e:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: e:\program files\opera\program\plugins\npdsplay.dll

FF - plugin: e:\program files\opera\program\plugins\npwmsdrm.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-2 366152]

R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-10-3 5554552]

R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-10-3 451960]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-14 22216]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-10-3 10752]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-11 41272]

S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]

S2 !SASCORE;SAS Core Service; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate); [x]

S2 SysAidServer;SysAid Server;e:\program files\sysaidserver\Wrapper.exe [2011-3-21 98304]

S3 Cw75;Cw75 Device;c:\windows\system32\drivers\Cw75.sys [2011-9-29 24059]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-14 135664]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-2 2214504]

.

=============== Created Last 30 ================

.

2011-12-11 22:29:13 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-12-11 22:17:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-08 22:00:50 290 ----a-w- c:\windows\wininit.tmp

2011-12-08 21:23:33 -------- d-----w- c:\program files\EA GAMES

2011-12-07 00:20:56 -------- d-----w- c:\documents and settings\operator.winslaveoct10\application data\OpenOffice.org

2011-12-07 00:12:00 -------- d-----w- c:\program files\OpenOffice.org 3

2011-12-04 21:00:38 -------- d-----w- c:\documents and settings\operator.winslaveoct10\local settings\application data\Thunderbird

2011-11-30 21:30:00 299520 ----a-w- c:\windows\uninst.exe

2011-11-30 21:29:53 -------- d-----w- c:\documents and settings\operator.winslaveoct10\WINDOWS

2011-11-30 20:07:21 172032 ----a-w- c:\windows\system32\binkw32.dll

2011-11-24 04:55:50 -------- d-----w- c:\program files\Haali

2011-11-24 04:55:37 33019 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe

2011-11-24 04:55:26 497664 ----a-w- c:\windows\system32\ac3filter.acm

2011-11-24 04:55:25 -------- d-----w- c:\program files\AC3Filter

2011-11-24 04:53:38 -------- d-----w- c:\program files\Avi2Dvd

.

==================== Find3M ====================

.

2011-11-30 20:39:16 274216 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-11-30 20:39:16 274216 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-11-30 20:39:16 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 21:43:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 10:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-16 01:43:57 22 --sha-w- c:\documents and settings\operator.winslaveoct10\application data\Sys2662.Config.Repository.bin

2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

============= FINISH: 21:20:12.38 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Hi: Thanks for helping on this! The first time I ran Combo Fix it said there was a virus in the TCP stack and that I should restart. I restarted and then ran ConboFix again. Here's the logs:

MBAM log

01:21:00 operator MESSAGE Scheduled scan executed successfully

07:32:49 operator DETECTION C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS Rootkit.0Access QUARANTINE

07:32:49 operator DETECTION C:\WINDOWS\system32\drivers\cdrom.sys Rootkit.0Access DENY

07:32:49 operator DETECTION C:\WINDOWS\system32\drivers\cdrom.sys Rootkit.0Access DENY

07:32:50 operator ERROR Quarantine failed: UtilityReadFile failed with error code 2

07:33:15 operator DETECTION C:\WINDOWS\system32\drivers\cdrom.sys Rootkit.0Access DENY

07:33:21 operator DETECTION C:\WINDOWS\system32\drivers\cdrom.sys Rootkit.0Access DENY

07:33:21 operator DETECTION C:\WINDOWS\system32\drivers\cdrom.sys Rootkit.0Access DENY

07:36:00 operator IP-BLOCK 206.161.121.126 (Type: outgoing)

07:36:03 operator IP-BLOCK 206.161.121.126 (Type: outgoing)

07:36:09 operator IP-BLOCK 206.161.121.126 (Type: outgoing)

07:36:34 operator IP-BLOCK 206.161.121.100 (Type: outgoing)

07:36:36 operator IP-BLOCK 83.133.124.245 (Type: outgoing)

07:36:37 operator IP-BLOCK 206.161.121.100 (Type: outgoing)

07:36:39 operator IP-BLOCK 83.133.124.245 (Type: outgoing)

07:36:43 operator IP-BLOCK 206.161.121.100 (Type: outgoing)

07:36:45 operator IP-BLOCK 83.133.124.245 (Type: outgoing)

07:36:57 operator IP-BLOCK 83.133.121.147 (Type: outgoing)

07:37:00 operator IP-BLOCK 83.133.121.147 (Type: outgoing)

07:37:07 operator IP-BLOCK 83.133.121.147 (Type: outgoing)

07:37:19 operator IP-BLOCK 83.133.121.156 (Type: outgoing)

07:37:28 operator IP-BLOCK 83.133.121.156 (Type: outgoing)

07:37:37 operator IP-BLOCK 83.133.124.245 (Type: outgoing)

07:37:40 operator IP-BLOCK 83.133.124.245 (Type: outgoing)

07:37:46 operator IP-BLOCK 83.133.124.245 (Type: outgoing)

07:37:58 operator IP-BLOCK 83.133.125.41 (Type: outgoing)

07:38:01 operator IP-BLOCK 83.133.125.41 (Type: outgoing)

07:38:07 operator IP-BLOCK 83.133.125.41 (Type: outgoing)

07:38:19 operator IP-BLOCK 83.133.121.147 (Type: outgoing)

07:38:22 operator IP-BLOCK 83.133.121.147 (Type: outgoing)

07:38:28 operator IP-BLOCK 83.133.121.147 (Type: outgoing)

07:38:37 operator IP-BLOCK 83.133.124.245 (Type: outgoing)

07:38:40 operator IP-BLOCK 83.133.124.245 (Type: outgoing)

07:38:46 operator IP-BLOCK 83.133.124.245 (Type: outgoing)

07:38:58 operator IP-BLOCK 83.133.125.41 (Type: outgoing)

07:39:01 operator IP-BLOCK 83.133.125.41 (Type: outgoing)

07:39:07 operator IP-BLOCK 83.133.125.41 (Type: outgoing)

07:39:19 operator IP-BLOCK 83.133.121.147 (Type: outgoing)

07:39:28 operator IP-BLOCK 83.133.121.147 (Type: outgoing)

07:39:38 operator IP-BLOCK 83.133.121.147 (Type: outgoing)

07:39:41 operator IP-BLOCK 83.133.121.147 (Type: outgoing)

07:39:47 operator IP-BLOCK 83.133.121.147 (Type: outgoing)

07:39:59 operator IP-BLOCK 83.133.124.245 (Type: outgoing)

07:40:08 operator IP-BLOCK 83.133.124.245 (Type: outgoing)

07:40:11 operator IP-BLOCK 67.29.139.199 (Type: outgoing)

07:40:14 operator IP-BLOCK 67.29.139.199 (Type: outgoing)

07:40:23 operator IP-BLOCK 83.133.125.41 (Type: outgoing)

07:40:29 operator IP-BLOCK 83.133.125.41 (Type: outgoing)

07:40:40 operator IP-BLOCK 83.133.124.245 (Type: outgoing)

07:40:43 operator IP-BLOCK 83.133.124.245 (Type: outgoing)

07:40:43 operator IP-BLOCK 67.29.139.199 (Type: outgoing)

07:40:46 operator IP-BLOCK 67.29.139.199 (Type: outgoing)

07:41:01 operator IP-BLOCK 83.133.125.41 (Type: outgoing)

07:41:04 operator IP-BLOCK 83.133.125.41 (Type: outgoing)

07:50:24 operator IP-BLOCK 146.185.250.214 (Type: outgoing)

07:50:26 operator IP-BLOCK 146.185.250.214 (Type: outgoing)

07:50:32 operator IP-BLOCK 146.185.250.214 (Type: outgoing)

07:52:01 operator IP-BLOCK 199.80.55.123 (Type: outgoing)

07:52:04 operator IP-BLOCK 199.80.55.123 (Type: outgoing)

07:52:10 operator IP-BLOCK 199.80.55.123 (Type: outgoing)

07:53:42 operator IP-BLOCK 62.122.75.230 (Type: outgoing)

07:53:45 operator IP-BLOCK 62.122.75.230 (Type: outgoing)

07:53:51 operator IP-BLOCK 62.122.75.230 (Type: outgoing)

07:56:07 operator IP-BLOCK 67.29.139.199 (Type: outgoing)

07:56:10 operator IP-BLOCK 67.29.139.199 (Type: outgoing)

07:56:16 operator IP-BLOCK 67.29.139.199 (Type: outgoing)

07:56:34 operator IP-BLOCK 67.29.139.199 (Type: outgoing)

07:56:37 operator IP-BLOCK 67.29.139.199 (Type: outgoing)

07:56:43 operator IP-BLOCK 67.29.139.199 (Type: outgoing)

08:50:09 (null) MESSAGE Protection started successfully

08:50:49 operator MESSAGE IP Protection started successfully

09:57:54 (null) MESSAGE Protection started successfully

09:59:01 operator MESSAGE IP Protection started successfully

10:40:00 operator MESSAGE IP Protection stopped

10:40:05 operator MESSAGE Database updated successfully

10:40:07 operator MESSAGE IP Protection started successfully

COMBOFIX LOG:

ComboFix 11-12-12.01 - operator 12/12/2011 10:13:12.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2593 [GMT -5:00]

Running from: c:\documents and settings\operator.WINSLAVEOCT10\Desktop\downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\operator.WINSLAVEOCT10\Application Data\ImgBurn.exe

c:\documents and settings\operator.WINSLAVEOCT10\Application Data\inst.exe

c:\documents and settings\operator.WINSLAVEOCT10\Local Settings\Temporary Internet Files\Windows12111_ConfigRepository.bin

c:\documents and settings\operator.WINSLAVEOCT10\WINDOWS

c:\program files\Program Files

c:\program files\Program Files\Common Files\Adobe\Color\ACE1Cache.lst

c:\program files\Program Files\Common Files\Adobe\TypeSpt\AdobeFnt.lst

c:\program files\Program Files\Common Files\Adobe\Workflow\Options.txt

c:\windows\system32\WinSys.exe

DDS LOG:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27

Run by operator at 10:47:51 on 2011-12-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1940 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

E:\Program Files\Java\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

e:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\DS Clock\dsclock.exe

C:\Program Files\Plustek\OpticPro ST64+\Am32Plus.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\explorer.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

E:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.tgrantphoto.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\program files\/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - e:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\program files\/Adobe Contribute CS4/contributeieplugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERANTISPYWARE.EXE

uRun: [DS Clock] "c:\program files\ds clock\dsclock.exe"

mRun: [WinSys2] c:\windows\system32\winsys2.exe

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [Adobe Acrobat Speed Launcher] "e:\program files\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] nwiz.exe /install

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

StartupFolder: c:\docume~1\operat~1.win\startm~1\programs\startup\openoffice.org 3.3.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\action~1.lnk - c:\program files\plustek\opticpro st64+\Am32Plus.exe

StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\colorv~1.lnk - c:\program files\colorvision\utility\ColorVisionStartup.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Lookup on Merriam Webster

IE: Lookup on Wikipedia

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - e:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{13C5F0B6-1A05-4013-B8CE-DBEA64995E72} : DhcpNameServer = 192.168.2.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\operator.winslaveoct10\application data\mozilla\firefox\profiles\ud5symp1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.tgrantphoto.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll

FF - plugin: e:\program files\acrobat 9.0\acrobat\browser\nppdf32.dll

FF - plugin: e:\program files\java\bin\new_plugin\npdeployJava1.dll

FF - plugin: e:\program files\java\bin\new_plugin\npjp2.dll

FF - plugin: e:\program files\mozilla firefox\plugins\NPCIG.dll

FF - plugin: e:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-2 366152]

R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-10-3 5554552]

R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-10-3 451960]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-14 22216]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-10-3 10752]

S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]

S2 !SASCORE;SAS Core Service; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate); [x]

S2 SysAidServer;SysAid Server;e:\program files\sysaidserver\Wrapper.exe [2011-3-21 98304]

S3 Cw75;Cw75 Device;c:\windows\system32\drivers\Cw75.sys [2011-9-29 24059]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-14 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-12 41272]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-2 2214504]

.

=============== Created Last 30 ================

.

2011-12-12 15:44:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-12 14:17:22 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-12-12 14:17:22 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-12-12 12:50:37 -------- d-sha-r- C:\cmdcons

2011-12-12 12:46:33 98816 ----a-w- c:\windows\sed.exe

2011-12-12 12:46:33 518144 ----a-w- c:\windows\SWREG.exe

2011-12-12 12:46:33 256000 ----a-w- c:\windows\PEV.exe

2011-12-12 12:46:33 208896 ----a-w- c:\windows\MBR.exe

2011-12-08 22:00:50 290 ----a-w- c:\windows\wininit.tmp

2011-12-08 21:23:33 -------- d-----w- c:\program files\EA GAMES

2011-12-07 00:20:56 -------- d-----w- c:\documents and settings\operator.winslaveoct10\application data\OpenOffice.org

2011-12-07 00:12:00 -------- d-----w- c:\program files\OpenOffice.org 3

2011-12-04 21:00:38 -------- d-----w- c:\documents and settings\operator.winslaveoct10\local settings\application data\Thunderbird

2011-11-30 21:30:00 299520 ----a-w- c:\windows\uninst.exe

2011-11-30 20:07:21 172032 ----a-w- c:\windows\system32\binkw32.dll

2011-11-24 04:55:50 -------- d-----w- c:\program files\Haali

2011-11-24 04:55:37 33019 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe

2011-11-24 04:55:26 497664 ----a-w- c:\windows\system32\ac3filter.acm

2011-11-24 04:55:25 -------- d-----w- c:\program files\AC3Filter

2011-11-24 04:53:38 -------- d-----w- c:\program files\Avi2Dvd

.

==================== Find3M ====================

.

2011-11-30 20:39:16 274216 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-11-30 20:39:16 274216 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-11-30 20:39:16 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 21:43:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 10:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-16 01:43:57 22 --sha-w- c:\documents and settings\operator.winslaveoct10\application data\Sys2662.Config.Repository.bin

.

============= FINISH: 10:48:06.12 ===============

.

-- Previous Run --

.

c:\windows\system32\drivers\cdrom.sys was missing

Restored copy from - c:\system volume information\_restore{52A6B98A-2363-48AA-8694-2419C6370F7C}\RP104\A0021010.sys

.

--------

.

.

((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))

.

.

2011-12-12 14:17 . 2008-04-14 12:00 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-12-12 14:17 . 2008-04-14 12:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-12-11 22:13 . 2011-12-11 22:13 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache

2011-12-08 22:00 . 2011-12-08 23:10 290 ----a-w- c:\windows\wininit.tmp

2011-12-08 21:23 . 2011-12-08 21:23 -------- d-----w- c:\program files\EA GAMES

2011-12-07 00:20 . 2011-12-07 00:20 -------- d-----w- c:\documents and settings\operator.WINSLAVEOCT10\Application Data\OpenOffice.org

2011-12-07 00:12 . 2011-12-07 00:12 -------- d-----w- c:\program files\OpenOffice.org 3

2011-12-04 21:00 . 2011-12-04 21:00 -------- d-----w- c:\documents and settings\operator.WINSLAVEOCT10\Local Settings\Application Data\Thunderbird

2011-12-04 21:00 . 2011-12-04 21:00 -------- d-----w- c:\documents and settings\operator.WINSLAVEOCT10\Application Data\Thunderbird

2011-11-30 21:30 . 1997-04-09 01:08 299520 ----a-w- c:\windows\uninst.exe

2011-11-30 20:07 . 1999-08-03 15:50 172032 ----a-w- c:\windows\system32\binkw32.dll

2011-11-24 04:55 . 2011-11-24 04:55 -------- d-----w- c:\program files\Haali

2011-11-24 04:55 . 2011-11-24 04:55 33019 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe

2011-11-24 04:55 . 2009-08-12 02:18 497664 ----a-w- c:\windows\system32\ac3filter.acm

2011-11-24 04:55 . 2011-11-24 04:55 -------- d-----w- c:\program files\AC3Filter

2011-11-24 04:53 . 2011-11-24 04:59 -------- d-----w- c:\program files\Avi2Dvd

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-10 14:22 . 2010-10-14 13:56 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 21:43 . 2011-06-22 19:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-07 10:23 . 2011-07-11 05:13 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 10:21 . 2011-07-11 05:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2010-03-18 14:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-23 01:01 . 2011-07-25 00:47 410952 ----a-r- c:\documents and settings\operator.WINSLAVEOCT10\Application Data\Microsoft\Installer\{7E681AB7-1AEA-44F5-8474-6263A24ABD88}\NewShortcut2_6F35BCCC1CB14092A42A2C780A17CD0C.exe

2011-09-23 01:01 . 2011-07-25 00:47 54600 ----a-r- c:\documents and settings\operator.WINSLAVEOCT10\Application Data\Microsoft\Installer\{7E681AB7-1AEA-44F5-8474-6263A24ABD88}\UNINST_Uninstall_A_B336E4B7DC834D2C9D139BB2DF317E94.exe

2011-09-23 01:01 . 2011-07-25 00:47 410952 ----a-r- c:\documents and settings\operator.WINSLAVEOCT10\Application Data\Microsoft\Installer\{7E681AB7-1AEA-44F5-8474-6263A24ABD88}\NewShortcut3_8484464FC5E44DE29D3C6BC72F00B0F6.exe

2011-09-23 01:01 . 2011-09-23 01:01 410952 ----a-r- c:\documents and settings\operator.WINSLAVEOCT10\Application Data\Microsoft\Installer\{7E681AB7-1AEA-44F5-8474-6263A24ABD88}\ARPPRODUCTICON.exe

2011-09-16 01:43 . 2011-09-16 01:43 22 --sha-w- c:\documents and settings\operator.WINSLAVEOCT10\Application Data\Sys2662.Config.Repository.bin

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2011-11-17 4617600]

"DS Clock"="c:\program files\DS Clock\dsclock.exe" [2003-06-06 323584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"Adobe Acrobat Speed Launcher"="e:\program files\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]

"NvMediaCenter"="NvMCTray.dll" [2011-05-21 111208]

"nwiz"="nwiz.exe" [bU]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]

.

c:\documents and settings\operator.WINSLAVEOCT10\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

Action Express (OpticPro ST64+).lnk - c:\program files\Plustek\OpticPro ST64+\Am32Plus.exe [2010-11-24 143360]

ColorVisionStartup.lnk - c:\program files\ColorVision\Utility\ColorVisionStartup.exe [2006-1-31 385024]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-20 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

avgrsstx.dll [bU]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrotray.exe]

2009-10-03 03:32 640376 ----a-w- e:\program files\Acrobat 9.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAP]

2010-08-24 01:53 481792 ----a-w- e:\program files\Tweek Auto Post\Tweek Auto Post.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"e:\\Program Files\\Opera\\opera.exe"=

"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"e:\\Program Files\\SysAidServer\\jre\\bin\\java.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 12:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 12:13 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 12:13 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 12:14 AM 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/2/2009 8:59 AM 366152]

R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [10/3/2011 7:51 PM 5554552]

R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [10/3/2011 7:53 PM 451960]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 12:14 AM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 12:14 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 12:14 AM 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/14/2010 9:35 AM 22216]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/25/2011 4:39 AM 47360]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [10/3/2011 6:20 PM 10752]

S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]

S2 !SASCORE;SAS Core Service; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 gupdate;Google Update Service (gupdate); [x]

S2 SysAidServer;SysAid Server;e:\program files\SysAidServer\Wrapper.exe [3/21/2011 4:01 PM 98304]

S3 Cw75;Cw75 Device;c:\windows\system32\drivers\Cw75.sys [9/29/2011 5:26 PM 24059]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/14/2010 2:43 PM 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [9/2/2011 9:56 AM 2214504]

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-14 19:43]

.

2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-14 19:43]

.

2011-12-12 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 47666c40-5cef-46a8-8fbe-5b59990142b7.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-20 12:31]

.

2011-12-12 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 95d97c93-f2bf-4e05-bb16-417cd157e74b.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-20 12:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.tgrantphoto.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Lookup on Merriam Webster

IE: Lookup on Wikipedia

FF - ProfilePath - c:\documents and settings\operator.WINSLAVEOCT10\Application Data\Mozilla\Firefox\Profiles\ud5symp1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.tgrantphoto.com/

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-12 10:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-329068152-117609710-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(984)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

- - - - - - - > 'explorer.exe'(1252)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-12-12 10:29:53

ComboFix-quarantined-files.txt 2011-12-12 15:29

.

Pre-Run: 2,057,191,424 bytes free

Post-Run: 2,044,973,056 bytes free

.

- - End Of File - - D2AFCAC835D1E195AC6C6BF4A5EDEAC7

Link to post
Share on other sites

Just an update: The problem seems to be fixed now, seems like that ComboFix reboot did the trick. Incidentally, when I was having problems I could see ping.exe running full throttle in the Task Manager. Should I be changing the passwords on my e-mail or do you think that since MBAM was blocking the outgoing IP's that I'm okay? Thanks again for your time on this!

Link to post
Share on other sites

  • Staff

Hi,

Yes you should definitely change your passwords.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • 1 month later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.