ChaosMastered Posted July 4, 2012 ID:566982 Share Posted July 4, 2012 Merged 2 postXP.SP3-Home desktop PC. While using Chrome, the initial issues appeared during a download(unexpected bundled product, seems to be Babylon toolbar). Impacted Chrome, where initially the icon changed. While attempting to 'fix', each effort seemed to spawn additional problems.At first I only noticed browser redirects to the Babylon search. Then things got worse.Ran Avast and MB. PC hung up/stalled, then logged me out and required a "User" login. I do not have a Guest account setup so it appeared the malware was intercepting my privledges and password. It also forced an Admin password to access the secure wireless network.After running above, the PC seemed to retract more & more Admin privledges from me. Sys32 or Temp files "not accessible", etc.When I run GMER in normal mode, the full scan runs. But when I click Save, the computer reboots. Running GMER again in safe mode(not complete as of this post)I have MB, OT, DDS, aswMBR outputs. If you prefer another scan type, please advise and I wil post here.My 2nd device, Win7 laptop, is in SafeMode as it seems to have inherited this issue through the wireless network. As I need the laptop to access internet, let's fix the XP first.Thanks in advance for your expert guidance here.070512|Midnight:Updating ticket w DDS details. Of note, I tried GMER in Safe Mode; it ran to completion but when I hit Copy or Save, the #*$&*$ gave errors indicating insufficient space, no access to blah blah blah.Although I have backups of data & some programs, I am certain it is incomplete. I hesitate to put the NAS back on the network in case it gets hit with this problem.Your early assistance is welcomed!! ~chaosmastered__________________________________________________.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27Run by user at 9:51:25 on 2012-07-04Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1099 [GMT -5:00].AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: avast! Antivirus *Disabled*.============== Running Processes ===============.C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Microsoft\BingBar\BBSvc.EXEC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\Program Files\D-Link\SharePort Utility\Spnuhelper.exeC:\Program Files\FarStone\DriveClone\Client\Efb\FBPAgent.exeC:\Program Files\FarStone\DriveClone\Client\cbp\DCSchdler.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\system32\svchost.exe -k HPServiceC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exeC:\Program Files\FarStone\DriveClone\Client\DCNTranProc.exeC:\Program Files\iTivity\bin\rfbd.exeC:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeC:\WINDOWS\system32\vmnat.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\vmnetdhcp.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Business-in-a-Box\BIBLauncher.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\ePad995\ePad995.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\PrintKey2000\Printkey2000.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Program Files\D-Link\SharePort Utility\Connect.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\taskmgr.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://todoist.com/app?v=6#startuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - No FileBHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No FileBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No FileBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No FileBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"BHO: {D5233FCD-D258-4903-89B8-FB1568E7413D} - No FileBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllTB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileuRun: [QuickenBillminder] c:\program files\quicken\Billmind.exe -startupuRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [bIBLauncher] c:\program files\business-in-a-box\BIBLauncher.exeuRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exeuRun: [GoogleChromeAutoLaunch_CC3BFD97C321DE64D73DD83160F90AC3] "c:\documents and settings\user\local settings\application data\google\chrome\application\chrome.exe" --no-startup-windowmRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /noguimRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquietmRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kmRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostartmRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [<NO NAME>]mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimeStartupFolder: c:\docume~1\user\startm~1\programs\startup\sharep~1.lnk - c:\program files\d-link\shareport utility\Connect.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epad995.lnk - c:\program files\epad995\ePad995.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllTrusted Zone: chartlinks.com\portalDPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - hxxp://content.ilinc.com/clientdownload/download/ilinci86.dllDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B}DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabDPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cabDPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://portal.chartlinks.com/NELX.cabDPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cabDPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://quickscan.bitdefender.com/cab/ActiveQscan.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{2E0B085B-3882-415B-81E2-F908D4FC844F} : DhcpNameServer = 192.168.1.1Notify: PCANotify - PCANotify.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\q721body.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npoff.dllFF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npwbe.dllFF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dllFF - plugin: c:\program files\microsoft\office live\npOLW.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false============= SERVICES / DRIVERS ===============.R0 dcsnap;dcsnap;c:\windows\system32\drivers\dcsnap.sys [2011-9-16 86168]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-24 721000]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-4 353688]R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-3-29 98392]R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2012-1-5 87064]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-4 21256]R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-4 44808]R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]R2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\d-link\shareport utility\Spnuhelper.exe [2011-9-16 40960]R2 FBAgent;File Backup Agent;c:\program files\farstone\driveclone\client\efb\FBPAgent.exe [2011-9-16 86016]R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-10-28 54760]R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2009-3-6 227352]R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-9-16 246920]R2 Tran_Process_Proc;DCNTranProc;c:\program files\farstone\driveclone\client\DCNTranProc.exe [2009-11-26 77824]R2 tridiavnc;Tridia Screen Server;c:\program files\itivity\bin\rfbd.exe [2008-9-3 434176]R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2012-4-24 1714176]R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2008-2-4 20504]S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]S1 DCDisk;DCDisk; [x]S1 efbDisk;efbDisk; [x]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 DCScheduler;DCScheduler;c:\program files\farstone\driveclone\client\cbp\DCSchdlerSRVC.exe [2011-9-16 104976]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]S3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [2011-9-16 13184]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288]S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-27 129976]S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]S3 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-12-16 188736]S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]S3 TridiaFTPServer;TridiaFTP Server;c:\program files\itivity\bin\ftpd.exe [2008-9-3 536640]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688].=============== File Associations ===============..txt=UltraEdit.txt.=============== Created Last 30 ================.2012-06-28 04:02:25 -------- d-----w- c:\documents and settings\user\local settings\application data\Microsoft_Corporation2012-06-27 21:09:18 359744 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\ssis_scriptcomponent\9.0\1033\ResourceCache.dll2012-06-27 21:09:00 359744 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\ssis_scripttask\9.0\1033\ResourceCache.dll2012-06-27 16:04:55 -------- d-----w- c:\program files\Mozilla Maintenance Service2012-06-27 16:04:49 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe2012-06-27 16:04:49 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe2012-06-13 22:57:03 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll2012-06-06 23:13:41 -------- d-----w- c:\documents and settings\all users\application data\VS.==================== Find3M ====================.2012-06-28 12:52:37 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-06-28 12:52:20 41224 ----a-w- c:\windows\avastSS.scr2012-06-27 18:59:51 59 ----a-w- c:\windows\wpd99.drv2012-06-25 12:55:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-06-25 12:55:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec2012-05-04 13:12:30 2192640 ------w- c:\windows\system32\ntoskrnl.exe2012-05-04 12:32:19 2069120 ------w- c:\windows\system32\ntkrnlpa.exe2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts2007-06-28 20:40:59 33272460 -c--a-w- c:\program files\pcAnywhere_12_1_MarketingTrialware.exe.============= FINISH: 9:53:14.06 ===============attach_070412V.zip Link to post Share on other sites More sharing options...
LDTate Posted July 6, 2012 ID:567734 Share Posted July 6, 2012 If you are using a router it might be the cause of the infection.Logs will be closed if you haven't replied within 3 days Please don't attach the scans / logs for these tools, use "copy/paste".DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Please run a new MBAM scan being sure to update before scanning.Post the scan resultsAlso please describe how your computer behaves at the moment.Please don't attach the scans / logs, use "copy/paste". Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 14, 2012 ID:570635 Share Posted July 14, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts