lizear Posted July 30, 2012 ID:578386 Share Posted July 30, 2012 Please help, here are the two logsDDS.txtAttach.txt Link to post Share on other sites More sharing options...
Maniac Posted July 30, 2012 ID:578444 Share Posted July 30, 2012 Hello lizear! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.What exactly is your problem? Link to post Share on other sites More sharing options...
lizear Posted July 30, 2012 Author ID:578672 Share Posted July 30, 2012 Sometimes when i click on a link Google redirects me to many other sites, and i also can't click on things with a java link e.g. " javascript:void(0); " Link to post Share on other sites More sharing options...
Maniac Posted July 30, 2012 ID:578724 Share Posted July 30, 2012 Step 1Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 2Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply In your next reply, post the following log files:Malwarebytes' Anti-Malware logaswMBR log Link to post Share on other sites More sharing options...
lizear Posted July 31, 2012 Author ID:578868 Share Posted July 31, 2012 Hey Maniac, thanks for the help;Here are the files you asked me to postMalwarebytes' Anti-Malware logMalwarebytes Anti-Malware (Trial) 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.31.02Windows XP Service Pack 3 x86 NTFSInternet Explorer 6.0.2900.5512Andy :: HELLGAS-C015FE4 [administrator]Protection: Enabled31/07/2012 2:53:43 PMmbam-log-2012-07-31 (14-53-43).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 196180Time elapsed: 8 minute(s), 39 second(s)Memory Processes Detected: 1C:\WINDOWS\system32\explorer.exe (Worm.Autorun) -> 1796 -> Delete on reboot.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 3HKCR\CLSID\{28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} (Worm.Autorun.B) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} (Worm.Autorun.B) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} (Worm.Autorun.B) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 6HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Worm.Autorun) -> Bad: (explorer.exe) Good: () -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Worm.Autorun) -> Bad: (Explorer.exe) Good: () -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,explorer.exe) Good: (userinit.exe) -> Quarantined and repaired successfully.Folders Detected: 1C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Quarantined and deleted successfully.Files Detected: 7C:\WINDOWS\system32\explorer.exe (Worm.Autorun) -> Delete on reboot.C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.C:\WINDOWS\system32\BReWErS.dll (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\Andy\Local Settings\Temp\7X9IA7b.exe (Trojan.Happili) -> Quarantined and deleted successfully.C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\KXQ7C5YV\info[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\Andy\Application Data\isecurity.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.(end)aswMBR logaswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-07-31 15:11:42-----------------------------15:11:42.328 OS Version: Windows 5.1.2600 Service Pack 315:11:42.328 Number of processors: 1 586 0x170615:11:42.328 ComputerName: HELLGAS-C015FE4 UserName: Andy15:11:53.890 Initialize success15:20:11.218 AVAST engine defs: 1207310015:26:22.968 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1915:26:22.968 Disk 0 Vendor: ST3500413AS JC45 Size: 476940MB BusType: 315:26:22.968 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-2615:26:22.968 Disk 1 Vendor: ST3160815AS 4.AAB Size: 152626MB BusType: 315:26:23.000 Disk 1 MBR read successfully15:26:23.000 Disk 1 MBR scan15:26:23.031 Disk 1 Windows XP default MBR code15:26:23.046 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 92161 MB offset 6315:26:23.046 Disk 1 Partition - 00 05 Extended 60463 MB offset 18874768515:26:23.046 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 60463 MB offset 18874775115:26:23.046 Disk 1 scanning sectors +31257670515:26:23.125 Disk 1 scanning C:\WINDOWS\system32\drivers15:26:33.703 Service scanning15:26:36.953 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 2115:26:49.281 Modules scanning15:26:55.343 Disk 1 trace - called modules:15:26:55.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS15:26:55.359 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b333ab8]15:26:55.359 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8b3c59e8]15:26:55.359 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-26[0x8b33dd98]15:26:55.718 AVAST engine scan C:\WINDOWS15:27:02.171 AVAST engine scan C:\WINDOWS\system3215:29:06.140 AVAST engine scan C:\WINDOWS\system32\drivers15:29:19.531 AVAST engine scan C:\Documents and Settings\Andy15:43:59.765 File: C:\Documents and Settings\Andy\Local Settings\Temp\vii10.tmp **INFECTED** Win32:Malware-gen15:43:59.812 File: C:\Documents and Settings\Andy\Local Settings\Temp\vii12.tmp **INFECTED** Win32:Malware-gen15:43:59.859 File: C:\Documents and Settings\Andy\Local Settings\Temp\vii13.tmp **INFECTED** Win32:Malware-gen15:43:59.906 File: C:\Documents and Settings\Andy\Local Settings\Temp\vii1B.tmp **INFECTED** Win32:Malware-gen15:43:59.953 File: C:\Documents and Settings\Andy\Local Settings\Temp\vii7D.tmp **INFECTED** Win32:Malware-gen15:44:00.015 File: C:\Documents and Settings\Andy\Local Settings\Temp\vii84.tmp **INFECTED** Win32:Malware-gen15:44:00.078 File: C:\Documents and Settings\Andy\Local Settings\Temp\viiC.tmp **INFECTED** Win32:Malware-gen15:44:00.156 File: C:\Documents and Settings\Andy\Local Settings\Temp\viiF.tmp **INFECTED** Win32:Malware-gen15:44:01.343 File: C:\Documents and Settings\Andy\Local Settings\Temp\win274.exe **INFECTED** Win32:Crypt-MNC [Trj]15:44:01.453 File: C:\Documents and Settings\Andy\Local Settings\Temp\win8761.exe **INFECTED** Win32:Crypt-MNC [Trj]15:47:58.203 File: C:\Documents and Settings\Andy\My Documents\Download\Warcraft\BNetGatewayEditor.exe **INFECTED** Win32:Vitro15:53:09.484 AVAST engine scan C:\Documents and Settings\All Users15:59:56.703 Scan finished successfully16:02:20.468 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Andy\Desktop\MBR.dat"16:02:20.468 The log file has been saved successfully to "C:\Documents and Settings\Andy\Desktop\aswMBR.txt"Thanks!! Link to post Share on other sites More sharing options...
Maniac Posted July 31, 2012 ID:578890 Share Posted July 31, 2012 BACKDOOR WARNINGOne or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:Help: I Got Hacked. Now What Do I Do?Help: I Got Hacked. Now What Do I Do? Part IIHow Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please post the C:\ComboFix.txt in your next reply for further review.Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
lizear Posted July 31, 2012 Author ID:578899 Share Posted July 31, 2012 ComboFix 12-07-30.03 - Andy 31/07/2012 20:34:34.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3327.2648 [GMT 10:00]Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\Andy\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2c:\documents and settings\Andy\Local Settings\Application Data\Macromedia\htevenzm.dllc:\documents and settings\Andy\WINDOWSC:\restorec:\windows\RegGenieOnUninstall.exec:\windows\system32\~GLH0001.TMPc:\windows\system32\dllcache\dlimport.exec:\windows\system32\muzapp.exec:\windows\system32\SET307.tmpc:\windows\system32\SET309.tmpc:\windows\system32\SET30D.tmpc:\windows\system32\SET315.tmpc:\windows\system32\WinSys.exec:\windows\Tab16d20.dllc:\windows\XSxS..((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))..2012-07-31 04:51 . 2012-07-31 04:51 -------- d-----w- c:\documents and settings\Andy\Application Data\Malwarebytes2012-07-31 04:50 . 2012-07-31 04:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-07-31 04:50 . 2012-07-31 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2012-07-31 04:50 . 2012-07-03 03:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-17 13:27 . 2012-07-17 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\3DMGAME2012-07-16 11:12 . 2012-07-16 11:12 -------- d-----w- c:\program files\Common Files\Steam2012-07-16 11:12 . 2012-07-31 09:43 -------- d-----w- c:\program files\Steam2012-07-13 05:09 . 2012-07-13 05:09 -------- d-----w- c:\documents and settings\Andy\jagexcache2012-07-12 13:08 . 2012-07-31 08:29 -------- d-----w- C:\TDSSKiller_Quarantine2012-07-11 10:57 . 2012-07-11 10:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Macromedia2012-07-11 04:55 . 2012-07-11 04:55 -------- d-----w- c:\documents and settings\Andy\Application Data\Intel2012-07-11 04:54 . 2012-07-11 04:54 -------- d-----w- c:\program files\Intel Corporation2012-07-04 10:58 . 2012-07-04 10:58 -------- d-----w- c:\documents and settings\Andy\Local Settings\Application Data\etax20122012-07-04 10:58 . 2012-07-04 10:58 -------- d-----w- c:\program files\etax2012...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-07-25 07:51 . 2012-05-13 03:25 772592 ----a-w- c:\windows\system32\npDeployJava1.dll2012-07-25 07:51 . 2012-04-04 12:15 687600 ----a-w- c:\windows\system32\deployJava1.dll2012-07-25 07:51 . 2012-04-04 12:15 143872 ----a-w- c:\windows\system32\javacpl.cpl2012-06-13 08:21 . 2012-06-13 08:21 53248 ----a-r- c:\documents and settings\Andy\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe2012-06-13 08:21 . 2012-06-13 08:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys2012-06-01 12:10 . 2012-04-07 06:25 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-06-01 12:10 . 2011-08-14 11:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-05-21 11:34 . 2011-01-26 12:36 140496 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2012-05-21 11:34 . 2011-01-27 03:31 280736 ----a-w- c:\windows\system32\PnkBstrB.xtr2012-05-21 11:34 . 2011-01-26 12:35 280736 ----a-w- c:\windows\system32\PnkBstrB.exe2012-05-15 13:46 . 2011-01-26 12:35 280736 ----a-w- c:\windows\system32\PnkBstrB.ex02011-10-03 00:35 . 2011-07-09 13:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"F.lux"="c:\documents and settings\Andy\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]"WinSys2"="c:\windows\system32\winsys2.exe" [2007-10-30 208896]"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-08 111208]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-08 13881448]"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]"GW Port Controller"="c:\program files\Samsung\SmarThru\PORTCTRL.EXE" [2004-02-09 163840]"nwiz"="nwiz.exe" [2008-05-02 1630208]"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-13 53760].c:\documents and settings\All Users\Start Menu\Programs\Startup\ASRock WiFi-802.11g.lnk - c:\program files\ASRock WiFi-802.11g\RtWLan.exe [2009-2-22 978944].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe""iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe""QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe""SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe""Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="c:\\Program Files\\FlashGet\\flashget.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"="c:\\Program Files\\Steam\\Steam.exe"="c:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5353:TCP"= 5353:TCP:Adobe CSI CS4"56200:TCP"= 56200:TCP:Pando Media Booster"56200:UDP"= 56200:UDP:Pando Media Booster"3132:TCP"= 3132:TCP:sirdaip.R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/13/2012 6:20 PM 12184]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/31/2012 2:50 PM 655944]R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/15/2011 11:06 AM 88576]R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 5:56 PM 5120]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/31/2012 2:50 PM 22344]R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2/22/2009 10:17 AM 269824]R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2/22/2009 10:17 AM 13532]R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 4:13 PM 1558000]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 3:11 PM 136176]S2 ldhgxcwxe;Monitor Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 5:56 PM 14336]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 3:11 PM 136176]S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [11/29/2011 4:24 PM 24576]S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 5:01 PM 21248]S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp.Contents of the 'Scheduled Tasks' folder.2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 05:11].2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 05:11].2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-746137067-839522115-1003Core.job- c:\documents and settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-11 08:54].2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-746137067-839522115-1003UA.job- c:\documents and settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-11 08:54]..------- Supplementary Scan -------.uStart Page = about:blankuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htmIE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htmIE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\v79js9jf.default\FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/cgi-bin/webcm?var%3Amain=menu&var%3Astyle=style5&getpage=%2Fusr%2Fwww_safe%2Fhtml%2Fdefs%2Fstyle5%2Fmenus%2Fmenu.html&errorpage=%2Fusr%2Fwww_safe%2Fhtml%2Fdefs%2Fstyle5%2Fmenus%2Fmenu.html&var%3Apagename=fwan&var%3Agetpagenext=&var%3Aerrorpagename=&var%3Amenu=advanced&var%3Amenutitle=Advanced&var%3Apagetitle=Port+Forwarding&var%3Apagemaster=fwan&var%3Aconid=connection2&var%3Alanip=192.168.1.2&var%3Anew=&var%3Arule=&var%3Acategory=categoryU&connection0%3Afwan%3Asettings%2Fping%2Fstate=&var%3Alangrp=lan0FF - prefs.js: network.proxy.http - proxy.tpg.com.auFF - prefs.js: network.proxy.http_port - 3128FF - prefs.js: network.proxy.type - 0FF - user.js: network.http.max-persistent-connections-per-server - 4FF - user.js: nglayout.initialpaint.delay - 600FF - user.js: content.notify.interval - 600000FF - user.js: content.max.tokenizing.time - 1800000FF - user.js: content.switch.threshold - 600000.- - - - ORPHANS REMOVED - - - -.WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)HKCU-Run-AdobeBridge - (no file)HKCU-Run-Macromedia - c:\documents and settings\Andy\Local Settings\Application Data\Macromedia\htevenzm.dllAddRemove-The Walking Dead Game EP 1&2 - c:\documents and settings\Andy\Desktop\Andy's Inventory\Uninstal.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-07-31 20:39Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....HKCU\Software\Microsoft\Windows\CurrentVersion\Run Macromedia = RUNDLL32.EXE "c:\documents and settings\Andy\Local Settings\Application Data\Macromedia\htevenzm.dll",_AvisynthPluginInit2@4?6789.scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldhgxcwxe]"ServiceDll"="c:\windows\system32\yfklrene.dll".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1343024091-746137067-839522115-1003\Software\SecuROM\License information*]"datasecu"=hex:c6,79,ec,bf,3a,76,48,c0,d9,16,5c,a4,e0,c6,24,b4,b8,0b,c3,2f,c3, ae,67,95,e1,62,68,77,18,f3,1c,f2,36,ab,ca,43,b7,ec,b8,e1,f3,0b,78,f5,e4,24,\"rkeysecu"=hex:a5,08,18,2e,4c,45,0d,8b,c0,84,c1,5c,c6,43,4a,b0.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(736)c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll.- - - - - - - > 'explorer.exe'(3584)c:\program files\iTunes\iTunesMiniPlayer.dllc:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dllc:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dllc:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\nvsvc32.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exec:\program files\Norton Ghost\Agent\VProSvc.exec:\windows\system32\PnkBstrA.exec:\windows\System32\TUProgSt.exec:\windows\system32\wscntfy.exec:\windows\system32\msdtc.exec:\windows\RTHDCPL.EXEc:\windows\system32\RUNDLL32.EXEc:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE.**************************************************************************.Completion time: 2012-07-31 20:43:08 - machine was rebootedComboFix-quarantined-files.txt 2012-07-31 10:42.Pre-Run: 37,140,877,312 bytes freePost-Run: 40,940,085,248 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect.- - End Of File - - 224DE349D77CD1D1C529A857C55143C3 Link to post Share on other sites More sharing options...
Maniac Posted July 31, 2012 ID:578936 Share Posted July 31, 2012 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:KillAll::Driver::ldhgxcwxesirdaipFile::c:\windows\system32\yfklrene.dllFolder::c:\documents and settings\NetworkService\Local Settings\Application Data\MacromediaRegistry::[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3132:TCP"=-[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldhgxcwxe]JavaClearCache::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
lizear Posted August 1, 2012 Author ID:579346 Share Posted August 1, 2012 Hey Maniac, I followed your procedure and it didn't work, in fact when i dragged the script.txt, to the combofix.exe, a blue window popped up and says ....."scanning it may take no more than 10 mins,.....". Then my desktop + the window freezes (i left my computer on over night just in case it wasn't frozen), the only thing that was moving was the mouse. Any suggestions?? thanks! Link to post Share on other sites More sharing options...
Maniac Posted August 2, 2012 ID:579864 Share Posted August 2, 2012 My first suggestion is to try again, but not with script.txt as you did, but with CFScript.txt . Link to post Share on other sites More sharing options...
lizear Posted August 4, 2012 Author ID:580631 Share Posted August 4, 2012 sorry that's what i have done, CFScript.txt, still produced the same result as my previous post Link to post Share on other sites More sharing options...
Maniac Posted August 4, 2012 ID:580707 Share Posted August 4, 2012 Try to do this in Safe mode with Networking:http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx Link to post Share on other sites More sharing options...
lizear Posted August 5, 2012 Author ID:580956 Share Posted August 5, 2012 Here is the Log:ComboFix 12-08-05.02 - Andy 05/08/2012 19:37:08.2.1 - x86 NETWORKMicrosoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3327.3037 [GMT 10:00]Running from: c:\documents and settings\Andy\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Andy\Desktop\CFScript.txt.FILE ::"c:\windows\system32\yfklrene.dll"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\NetworkService\Local Settings\Application Data\Macromediac:\windows\system32\URTTempc:\windows\system32\URTTemp\fusion.dllc:\windows\system32\URTTemp\mscoree.dllc:\windows\system32\URTTemp\mscoree.dll.localc:\windows\system32\URTTemp\mscorsn.dllc:\windows\system32\URTTemp\mscorwks.dllc:\windows\system32\URTTemp\msvcr71.dllc:\windows\system32\URTTemp\regtlib.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_LDHGXCWXE-------\Service_ldhgxcwxe..((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))..2012-07-31 12:05 . 2012-06-02 05:18 275696 ----a-w- c:\windows\system32\mucltui.dll2012-07-31 12:00 . 2012-07-31 12:00 -------- d-sh--w- c:\documents and settings\Andy\PrivacIE2012-07-31 11:53 . 2012-07-31 11:53 -------- d-sh--w- c:\documents and settings\Andy\IETldCache2012-07-31 11:47 . 2012-07-31 11:48 -------- dc-h--w- c:\windows\ie82012-07-31 11:44 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll2012-07-31 11:42 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll2012-07-31 11:42 . 2012-05-11 14:42 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll2012-07-31 11:42 . 2012-05-11 14:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2012-07-31 11:42 . 2012-05-11 14:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2012-07-31 11:42 . 2012-05-11 14:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2012-07-31 11:42 . 2012-05-11 14:42 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll2012-07-31 11:42 . 2012-05-11 14:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2012-07-31 11:42 . 2012-05-11 10:12 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll2012-07-31 11:38 . 2012-06-02 05:19 22040 ----a-w- c:\windows\system32\wucltui.dll.mui2012-07-31 11:38 . 2012-06-02 05:19 45080 ----a-w- c:\windows\system32\wups2.dll2012-07-31 11:38 . 2012-06-02 05:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui2012-07-31 11:38 . 2012-06-02 05:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2012-07-31 11:38 . 2012-06-02 05:19 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui2012-07-31 04:51 . 2012-07-31 04:51 -------- d-----w- c:\documents and settings\Andy\Application Data\Malwarebytes2012-07-31 04:50 . 2012-07-31 04:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-07-31 04:50 . 2012-07-31 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2012-07-31 04:50 . 2012-07-03 03:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-17 13:27 . 2012-07-17 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\3DMGAME2012-07-16 11:12 . 2012-07-16 11:12 -------- d-----w- c:\program files\Common Files\Steam2012-07-16 11:12 . 2012-08-05 09:17 -------- d-----w- c:\program files\Steam2012-07-13 05:09 . 2012-07-13 05:09 -------- d-----w- c:\documents and settings\Andy\jagexcache2012-07-12 13:08 . 2012-07-31 08:29 -------- d-----w- C:\TDSSKiller_Quarantine2012-07-11 04:55 . 2012-07-11 04:55 -------- d-----w- c:\documents and settings\Andy\Application Data\Intel2012-07-11 04:54 . 2012-07-11 04:54 -------- d-----w- c:\program files\Intel Corporation...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-07-25 07:51 . 2012-05-13 03:25 772592 ----a-w- c:\windows\system32\npDeployJava1.dll2012-07-25 07:51 . 2012-04-04 12:15 687600 ----a-w- c:\windows\system32\deployJava1.dll2012-07-25 07:51 . 2012-04-04 12:15 143872 ----a-w- c:\windows\system32\javacpl.cpl2012-06-13 08:21 . 2012-06-13 08:21 53248 ----a-r- c:\documents and settings\Andy\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe2012-06-13 08:21 . 2012-06-13 08:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys2012-06-04 07:35 . 2009-02-21 23:35 210968 ----a-w- c:\windows\system32\wuweb.dll2012-06-04 07:35 . 2012-06-04 07:35 222448 ----a-w- c:\windows\system32\muweb.dll2012-06-02 05:19 . 2009-02-21 23:35 329240 ----a-w- c:\windows\system32\wucltui.dll2012-06-02 05:19 . 2009-02-21 23:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl2012-06-02 05:19 . 2009-02-21 23:35 53784 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 05:19 . 2009-02-21 23:35 35864 ----a-w- c:\windows\system32\wups.dll2012-06-02 05:19 . 2004-08-04 07:56 97304 ----a-w- c:\windows\system32\cdm.dll2012-06-02 05:19 . 2009-02-21 23:35 577048 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 05:19 . 2009-02-21 23:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll2012-06-01 12:10 . 2012-04-07 06:25 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-06-01 12:10 . 2011-08-14 11:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-05-21 11:34 . 2011-01-26 12:36 140496 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2012-05-21 11:34 . 2011-01-27 03:31 280736 ----a-w- c:\windows\system32\PnkBstrB.xtr2012-05-21 11:34 . 2011-01-26 12:35 280736 ----a-w- c:\windows\system32\PnkBstrB.exe2012-05-16 15:08 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll2012-05-15 13:46 . 2011-01-26 12:35 280736 ----a-w- c:\windows\system32\PnkBstrB.ex02012-05-11 14:42 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-05-11 14:42 . 2004-08-04 07:56 43520 ------w- c:\windows\system32\licmgr10.dll2012-05-11 11:38 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec2011-10-03 00:35 . 2011-07-09 13:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((( SnapShot@2012-07-31_10.39.55 ))))))))))))))))))))))))))))))))))))))))).+ 2012-08-05 09:44 . 2012-08-05 09:44 16384 c:\windows\temp\Perflib_Perfdata_a54.dat+ 2012-08-05 09:44 . 2012-08-05 09:44 16384 c:\windows\temp\Perflib_Perfdata_1c8.dat+ 2009-02-22 00:10 . 2009-01-07 08:21 26144 c:\windows\system32\spupdsvc.exe+ 2011-09-10 12:42 . 2009-01-07 08:20 16928 c:\windows\system32\spmsg.dll+ 2012-07-31 11:38 . 2012-06-02 05:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll+ 2004-08-04 07:56 . 2009-03-07 18:31 46592 c:\windows\system32\pngfilt.dll+ 2009-01-07 08:20 . 2009-01-07 08:20 23552 c:\windows\system32\normaliz.dll+ 2009-01-07 08:20 . 2009-01-07 08:20 24576 c:\windows\system32\nlsdl.dll+ 2004-08-04 07:56 . 2009-03-07 18:31 48128 c:\windows\system32\mshtmler.dll+ 2004-08-04 07:56 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll+ 2004-08-04 07:56 . 2009-03-07 18:31 45568 c:\windows\system32\mshta.exe+ 2009-03-07 18:31 . 2009-03-07 18:31 13312 c:\windows\system32\msfeedssync.exe+ 2009-03-07 18:31 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll+ 2004-08-04 07:56 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll+ 2004-08-04 07:56 . 2009-03-07 18:32 94720 c:\windows\system32\inseng.dll+ 2004-08-04 07:56 . 2009-03-07 18:31 34816 c:\windows\system32\imgutil.dll+ 2009-03-07 18:32 . 2009-03-07 18:32 36864 c:\windows\system32\ieudinit.exe+ 2004-08-04 07:56 . 2009-03-07 18:32 71680 c:\windows\system32\iesetup.dll+ 2004-08-04 07:56 . 2009-03-07 18:32 55808 c:\windows\system32\iernonce.dll+ 2009-01-07 08:20 . 2009-01-07 08:20 26112 c:\windows\system32\idndl.dll+ 2009-03-07 18:31 . 2009-03-07 18:31 59904 c:\windows\system32\icardie.dll+ 2009-02-21 23:35 . 2012-06-02 05:19 35864 c:\windows\system32\dllcache\wups.dll+ 2009-02-21 23:35 . 2012-06-02 05:19 53784 c:\windows\system32\dllcache\wuauclt.exe+ 2009-03-07 18:31 . 2009-03-07 18:31 46592 c:\windows\system32\dllcache\pngfilt.dll+ 2009-03-07 18:31 . 2009-03-07 18:31 48128 c:\windows\system32\dllcache\mshtmler.dll+ 2009-03-07 18:31 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll+ 2009-03-07 18:31 . 2009-03-07 18:31 45568 c:\windows\system32\dllcache\mshta.exe+ 2009-03-07 18:34 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll+ 2009-03-07 18:33 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll+ 2009-03-07 18:32 . 2009-03-07 18:32 94720 c:\windows\system32\dllcache\inseng.dll+ 2009-03-07 18:31 . 2009-03-07 18:31 34816 c:\windows\system32\dllcache\imgutil.dll+ 2009-03-07 18:32 . 2009-03-07 18:32 71680 c:\windows\system32\dllcache\iesetup.dll+ 2009-03-07 18:32 . 2009-03-07 18:32 55808 c:\windows\system32\dllcache\iernonce.dll+ 2009-03-07 18:24 . 2009-03-07 18:24 68608 c:\windows\system32\dllcache\hmmapi.dll+ 2009-03-07 18:33 . 2009-03-07 18:33 18944 c:\windows\system32\dllcache\corpol.dll+ 2004-08-04 07:56 . 2012-06-02 05:19 97304 c:\windows\system32\dllcache\cdm.dll+ 2009-03-07 18:32 . 2009-03-07 18:32 72704 c:\windows\system32\dllcache\admparse.dll+ 2004-08-04 07:56 . 2009-03-07 18:33 18944 c:\windows\system32\corpol.dll+ 2004-08-04 07:56 . 2009-03-07 18:32 72704 c:\windows\system32\admparse.dll+ 2011-02-26 01:47 . 2012-08-03 05:26 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll- 2011-02-26 01:47 . 2012-03-08 01:43 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll+ 2012-07-31 11:49 . 2009-03-07 18:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll+ 2012-07-31 11:49 . 2009-03-07 18:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll+ 2012-07-31 11:49 . 2009-03-07 18:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2699988-IE8\xpshims.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2699988-IE8\mshtmled.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2699988-IE8\msfeedsbs.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2699988-IE8\licmgr10.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2699988-IE8\jsproxy.dll+ 2012-07-31 11:49 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll+ 2012-07-31 11:49 . 2009-03-07 18:31 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll+ 2012-07-31 11:49 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll+ 2012-07-31 11:49 . 2009-03-07 18:34 43008 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll+ 2012-07-31 11:49 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll+ 2012-07-31 11:47 . 2008-04-13 18:42 37888 c:\windows\ie8\url.dll+ 2012-07-31 11:48 . 2009-03-08 04:23 58464 c:\windows\ie8\spuninst\iecustom.dll+ 2012-07-31 11:47 . 2008-04-13 18:42 39424 c:\windows\ie8\pngfilt.dll+ 2012-07-31 11:47 . 2008-04-13 18:42 96256 c:\windows\ie8\occache.dll+ 2012-07-31 11:47 . 2008-04-13 10:56 56832 c:\windows\ie8\mshtmler.dll+ 2012-07-31 11:47 . 2008-04-13 18:42 29184 c:\windows\ie8\mshta.exe+ 2012-07-31 11:47 . 2008-04-13 18:41 22016 c:\windows\ie8\licmgr10.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 15872 c:\windows\ie8\jsproxy.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 96256 c:\windows\ie8\inseng.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 35840 c:\windows\ie8\imgutil.dll+ 2012-07-31 11:47 . 2008-04-13 18:42 93184 c:\windows\ie8\iexplore.exe+ 2012-07-31 11:47 . 2008-04-13 18:41 62976 c:\windows\ie8\iesetup.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 48640 c:\windows\ie8\iernonce.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 81920 c:\windows\ie8\ieencode.dll+ 2012-07-31 11:47 . 2008-04-13 18:42 34304 c:\windows\ie8\ie4uinit.exe+ 2012-07-31 11:47 . 2008-04-13 18:41 38912 c:\windows\ie8\hmmapi.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 35328 c:\windows\ie8\corpol.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 99840 c:\windows\ie8\advpack.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 61440 c:\windows\ie8\admparse.dll- 2011-02-02 10:23 . 2012-07-31 08:09 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll+ 2011-02-02 10:23 . 2012-08-05 04:42 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll- 2011-02-02 10:23 . 2012-07-31 08:10 96256 c:\windows\.jagex_cache_32\runescape\jaggl.dll+ 2011-02-02 10:23 . 2012-08-05 04:42 96256 c:\windows\.jagex_cache_32\runescape\jaggl.dll- 2011-02-02 10:23 . 2012-07-31 08:10 80896 c:\windows\.jagex_cache_32\runescape\jagdx.dll+ 2011-02-02 10:23 . 2012-08-05 04:42 80896 c:\windows\.jagex_cache_32\runescape\jagdx.dll+ 2011-02-02 10:23 . 2012-08-05 04:42 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll- 2011-02-02 10:23 . 2012-07-31 08:10 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll+ 2012-04-02 09:46 . 2012-08-05 04:42 66048 c:\windows\.jagex_cache_32\browsercontrol.dll- 2012-04-02 09:46 . 2012-07-31 08:09 66048 c:\windows\.jagex_cache_32\browsercontrol.dll+ 2012-07-31 11:49 . 2009-03-07 18:35 2048 c:\windows\ie8updates\KB2598845-IE8\iecompat.dll- 2011-12-14 01:58 . 2008-04-13 18:42 121856 c:\windows\system32\xmllite.dll+ 2011-12-14 01:58 . 2009-01-07 08:21 121856 c:\windows\system32\xmllite.dll+ 2009-03-07 18:34 . 2009-03-07 18:34 208384 c:\windows\system32\WinFXDocObj.exe+ 2004-08-04 07:56 . 2009-03-07 18:34 236544 c:\windows\system32\webcheck.dll+ 2004-08-04 07:56 . 2009-03-07 18:33 420352 c:\windows\system32\vbscript.dll+ 2004-08-04 07:56 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll+ 2012-07-31 11:38 . 2012-06-02 05:19 577048 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.6.7600.256\wuapi.dll+ 2004-08-04 07:56 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll+ 2004-08-04 07:56 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll+ 2004-08-04 07:56 . 2009-03-07 18:34 193536 c:\windows\system32\msrating.dll+ 2001-08-23 12:00 . 2009-03-07 18:22 156160 c:\windows\system32\msls31.dll+ 2009-03-07 18:32 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll+ 2009-01-07 08:20 . 2009-01-07 08:20 265720 c:\windows\system32\msdbg2.dll+ 2004-08-04 07:56 . 2009-03-07 18:33 726528 c:\windows\system32\jscript.dll+ 2009-03-07 18:22 . 2009-03-07 18:22 164352 c:\windows\system32\ieui.dll+ 2004-08-04 07:56 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll+ 2004-08-04 07:56 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll+ 2009-03-07 18:11 . 2009-03-07 18:11 445952 c:\windows\system32\ieapfltr.dll+ 2001-08-23 12:00 . 2009-03-07 18:32 163840 c:\windows\system32\ieakui.dll+ 2004-08-04 07:56 . 2009-03-07 18:33 229376 c:\windows\system32\ieaksie.dll+ 2004-08-04 07:56 . 2009-03-07 18:33 125952 c:\windows\system32\ieakeng.dll+ 2004-08-04 07:56 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe+ 2004-08-04 07:56 . 2009-03-07 18:31 216064 c:\windows\system32\dxtrans.dll+ 2004-08-04 07:56 . 2009-03-07 18:31 348160 c:\windows\system32\dxtmsft.dll+ 2009-02-21 23:35 . 2012-06-04 07:35 210968 c:\windows\system32\dllcache\wuweb.dll+ 2009-02-21 23:35 . 2012-06-02 05:19 329240 c:\windows\system32\dllcache\wucltui.dll+ 2009-02-21 23:35 . 2012-06-02 05:19 577048 c:\windows\system32\dllcache\wuapi.dll+ 2009-03-07 18:34 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll+ 2009-03-07 18:34 . 2009-03-07 18:34 236544 c:\windows\system32\dllcache\webcheck.dll+ 2009-03-07 18:33 . 2009-03-07 18:33 759296 c:\windows\system32\dllcache\VGX.dll+ 2009-03-07 18:33 . 2009-03-07 18:33 420352 c:\windows\system32\dllcache\vbscript.dll+ 2009-03-07 18:34 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll+ 2009-01-07 08:20 . 2009-01-07 08:20 134144 c:\windows\system32\dllcache\sqmapi.dll+ 2009-01-07 08:20 . 2009-01-07 08:20 474112 c:\windows\system32\dllcache\shlwapi.dll+ 2009-03-07 18:34 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll+ 2009-03-07 18:32 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll+ 2009-03-07 18:34 . 2009-03-07 18:34 193536 c:\windows\system32\dllcache\msrating.dll+ 2001-08-23 12:00 . 2009-03-07 18:22 156160 c:\windows\system32\dllcache\msls31.dll+ 2009-03-07 18:33 . 2009-03-07 18:33 726528 c:\windows\system32\dllcache\jscript.dll+ 2009-03-08 04:09 . 2009-03-08 04:09 638816 c:\windows\system32\dllcache\iexplore.exe+ 2009-03-07 18:31 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll+ 2009-03-08 04:09 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll+ 2001-08-23 12:00 . 2009-03-07 18:32 163840 c:\windows\system32\dllcache\ieakui.dll+ 2009-03-07 18:33 . 2009-03-07 18:33 229376 c:\windows\system32\dllcache\ieaksie.dll+ 2009-03-07 18:33 . 2009-03-07 18:33 125952 c:\windows\system32\dllcache\ieakeng.dll+ 2009-03-07 18:32 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe+ 2009-03-07 18:31 . 2009-03-07 18:31 216064 c:\windows\system32\dllcache\dxtrans.dll+ 2009-03-07 18:31 . 2009-03-07 18:31 348160 c:\windows\system32\dllcache\dxtmsft.dll+ 2009-03-07 18:32 . 2009-03-07 18:32 128512 c:\windows\system32\dllcache\advpack.dll+ 2004-08-04 07:56 . 2009-03-07 18:32 128512 c:\windows\system32\advpack.dll+ 2012-07-31 11:49 . 2009-03-07 18:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll+ 2012-07-31 11:49 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll+ 2012-07-31 11:49 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe+ 2012-07-31 11:49 . 2009-03-07 18:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll+ 2012-07-31 11:49 . 2009-03-07 18:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll+ 2012-07-31 11:49 . 2009-03-07 18:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll+ 2012-07-31 11:49 . 2009-03-07 18:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll+ 2012-07-31 11:49 . 2009-03-07 18:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll+ 2012-07-31 11:49 . 2009-03-07 18:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll+ 2012-07-31 11:49 . 2009-03-08 04:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll+ 2012-07-31 11:49 . 2009-03-07 18:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe+ 2012-07-31 11:50 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2699988-IE8\wininet.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2699988-IE8\url.dll+ 2012-07-31 11:50 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2699988-IE8\spuninst\updspapi.dll+ 2012-07-31 11:50 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2699988-IE8\spuninst\spuninst.exe+ 2012-07-31 11:50 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2699988-IE8\occache.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2699988-IE8\mstime.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2699988-IE8\msfeeds.dll+ 2012-07-31 11:50 . 2009-03-07 18:35 521216 c:\windows\ie8updates\KB2699988-IE8\jsdbgui.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2699988-IE8\ieproxy.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2699988-IE8\iepeers.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2699988-IE8\iedvtool.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2699988-IE8\iedkcs32.dll+ 2012-07-31 11:50 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2699988-IE8\ie4uinit.exe+ 2012-07-31 11:49 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll+ 2012-07-31 11:49 . 2009-03-07 18:34 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll+ 2012-07-31 11:49 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll+ 2012-07-31 11:49 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe+ 2012-07-31 11:49 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll+ 2012-07-31 11:49 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll+ 2012-07-31 11:49 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll+ 2012-07-31 11:49 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll+ 2012-07-31 11:49 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll+ 2012-07-31 11:49 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll+ 2012-07-31 11:49 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll+ 2012-07-31 11:49 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe+ 2012-07-31 11:49 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2598845-IE8\spuninst\updspapi.dll+ 2012-07-31 11:49 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe+ 2012-07-31 11:47 . 2008-04-13 18:42 666112 c:\windows\ie8\wininet.dll+ 2012-07-31 11:47 . 2008-04-13 18:42 276480 c:\windows\ie8\webcheck.dll+ 2012-07-31 11:47 . 2008-04-13 18:42 851968 c:\windows\ie8\vgx.dll+ 2012-07-31 11:47 . 2008-04-13 18:42 434176 c:\windows\ie8\vbscript.dll+ 2012-07-31 11:47 . 2008-04-13 18:42 619520 c:\windows\ie8\urlmon.dll+ 2012-07-31 11:48 . 2009-01-07 08:21 382496 c:\windows\ie8\spuninst\updspapi.dll+ 2012-07-31 11:48 . 2009-01-07 08:20 231456 c:\windows\ie8\spuninst\spuninst.exe+ 2012-07-31 11:47 . 2008-04-13 18:42 532480 c:\windows\ie8\mstime.dll+ 2012-07-31 11:47 . 2008-04-13 18:42 146432 c:\windows\ie8\msrating.dll+ 2012-07-31 11:47 . 2001-08-23 12:00 146432 c:\windows\ie8\msls31.dll+ 2012-07-31 11:47 . 2008-04-13 18:42 449024 c:\windows\ie8\mshtmled.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 512000 c:\windows\ie8\jscript.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 251904 c:\windows\ie8\iepeers.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 323584 c:\windows\ie8\iedkcs32.dll+ 2012-07-31 11:47 . 2001-08-23 12:00 221184 c:\windows\ie8\ieakui.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 216576 c:\windows\ie8\ieaksie.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 143360 c:\windows\ie8\ieakeng.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 205312 c:\windows\ie8\dxtrans.dll+ 2012-07-31 11:47 . 2008-04-13 18:41 357888 c:\windows\ie8\dxtmsft.dll+ 2011-02-02 10:23 . 2012-08-05 04:42 147456 c:\windows\.jagex_cache_32\runescape\jaclib.dll- 2011-02-02 10:23 . 2012-07-31 08:10 147456 c:\windows\.jagex_cache_32\runescape\jaclib.dll+ 2004-08-04 07:56 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll+ 2004-08-04 07:56 . 2012-05-11 14:42 6007808 c:\windows\system32\mshtml.dll+ 2009-03-07 18:32 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll+ 2009-02-06 11:07 . 2009-02-06 11:07 3698584 c:\windows\system32\ieapfltr.dat+ 2009-02-21 23:35 . 2012-06-02 05:19 1933848 c:\windows\system32\dllcache\wuaueng.dll+ 2009-03-07 18:34 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll+ 2009-01-07 08:20 . 2009-01-07 08:20 1497088 c:\windows\system32\dllcache\shdocvw.dll+ 2009-03-07 18:41 . 2012-05-11 14:42 6007808 c:\windows\system32\dllcache\mshtml.dll+ 2009-01-07 08:20 . 2009-01-07 08:20 1022976 c:\windows\system32\dllcache\browseui.dll+ 2012-07-31 11:49 . 2009-03-07 18:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll+ 2012-07-31 11:49 . 2009-03-07 18:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll+ 2012-07-31 11:49 . 2009-03-07 18:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2699988-IE8\urlmon.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2699988-IE8\mshtml.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2699988-IE8\iertutil.dll+ 2012-07-31 11:49 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll+ 2012-07-31 11:49 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll+ 2012-07-31 11:49 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll+ 2012-07-31 11:47 . 2008-04-13 18:42 3066880 c:\windows\ie8\mshtml.dll+ 2011-02-02 10:23 . 2012-08-05 04:42 1266688 c:\windows\.jagex_cache_32\runescape\sw3d.dll+ 2011-02-18 07:34 . 2012-07-02 17:13 57442464 c:\windows\system32\MRT.exe+ 2009-03-07 18:39 . 2012-05-11 10:12 11111424 c:\windows\system32\ieframe.dll+ 2012-08-03 05:26 . 2012-08-03 05:26 20343808 c:\windows\Installer\3b2b23.msp+ 2012-07-31 11:49 . 2009-03-07 18:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll+ 2012-07-31 11:50 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2699988-IE8\ieframe.dll+ 2012-07-31 11:49 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll.-- Snapshot reset to current date --.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"F.lux"="c:\documents and settings\Andy\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]"WinSys2"="c:\windows\system32\winsys2.exe" [2007-10-30 208896]"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-08 111208]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-08 13881448]"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]"GW Port Controller"="c:\program files\Samsung\SmarThru\PORTCTRL.EXE" [2004-02-09 163840]"nwiz"="nwiz.exe" [2008-05-02 1630208]"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-13 53760].c:\documents and settings\All Users\Start Menu\Programs\Startup\ASRock WiFi-802.11g.lnk - c:\program files\ASRock WiFi-802.11g\RtWLan.exe [2009-2-22 978944].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe""iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe""QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe""SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe""Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="c:\\Program Files\\FlashGet\\flashget.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"="c:\\Program Files\\Steam\\Steam.exe"="c:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5353:TCP"= 5353:TCP:Adobe CSI CS4"56200:TCP"= 56200:TCP:Pando Media Booster"56200:UDP"= 56200:UDP:Pando Media Booster.R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/13/2012 6:20 PM 12184]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/31/2012 2:50 PM 655944]R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/15/2011 11:06 AM 88576]R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 5:56 PM 5120]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/31/2012 2:50 PM 22344]R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2/22/2009 10:17 AM 269824]R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2/22/2009 10:17 AM 13532]R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 4:13 PM 1558000]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 3:11 PM 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 3:11 PM 136176]S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [11/29/2011 4:24 PM 24576]S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 5:01 PM 21248]S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp.Contents of the 'Scheduled Tasks' folder.2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 05:11].2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 05:11].2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-746137067-839522115-1003Core.job- c:\documents and settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-11 08:54].2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-746137067-839522115-1003UA.job- c:\documents and settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-11 08:54]..------- Supplementary Scan -------.uStart Page = about:blankuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htmIE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htmIE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\v79js9jf.default\FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/cgi-bin/webcm?var%3Amain=menu&var%3Astyle=style5&getpage=%2Fusr%2Fwww_safe%2Fhtml%2Fdefs%2Fstyle5%2Fmenus%2Fmenu.html&errorpage=%2Fusr%2Fwww_safe%2Fhtml%2Fdefs%2Fstyle5%2Fmenus%2Fmenu.html&var%3Apagename=fwan&var%3Agetpagenext=&var%3Aerrorpagename=&var%3Amenu=advanced&var%3Amenutitle=Advanced&var%3Apagetitle=Port+Forwarding&var%3Apagemaster=fwan&var%3Aconid=connection2&var%3Alanip=192.168.1.2&var%3Anew=&var%3Arule=&var%3Acategory=categoryU&connection0%3Afwan%3Asettings%2Fping%2Fstate=&var%3Alangrp=lan0FF - prefs.js: network.proxy.http - proxy.tpg.com.auFF - prefs.js: network.proxy.http_port - 3128FF - prefs.js: network.proxy.type - 0FF - user.js: network.http.max-persistent-connections-per-server - 4FF - user.js: nglayout.initialpaint.delay - 600FF - user.js: content.notify.interval - 600000FF - user.js: content.max.tokenizing.time - 1800000FF - user.js: content.switch.threshold - 600000..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-08-05 19:45Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1343024091-746137067-839522115-1003\Software\SecuROM\License information*]"datasecu"=hex:c6,79,ec,bf,3a,76,48,c0,d9,16,5c,a4,e0,c6,24,b4,b8,0b,c3,2f,c3, ae,67,95,e1,62,68,77,18,f3,1c,f2,36,ab,ca,43,b7,ec,b8,e1,f3,0b,78,f5,e4,24,\"rkeysecu"=hex:a5,08,18,2e,4c,45,0d,8b,c0,84,c1,5c,c6,43,4a,b0.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(728)c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll.- - - - - - - > 'explorer.exe'(3220)c:\windows\system32\WININET.dllc:\program files\iTunes\iTunesMiniPlayer.dllc:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dllc:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\nvsvc32.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exec:\program files\Norton Ghost\Agent\VProSvc.exec:\windows\system32\PnkBstrA.exec:\windows\System32\TUProgSt.exec:\windows\system32\wscntfy.exec:\windows\system32\msdtc.exec:\windows\RTHDCPL.EXEc:\windows\system32\RUNDLL32.EXEc:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE.**************************************************************************.Completion time: 2012-08-05 19:48:54 - machine was rebootedComboFix-quarantined-files.txt 2012-08-05 09:48ComboFix2.txt 2012-07-31 10:43.Pre-Run: 42,111,741,952 bytes freePost-Run: 41,993,736,192 bytes free.- - End Of File - - B21814F7FCD4EF588199F55B09344AB0 Link to post Share on other sites More sharing options...
Maniac Posted August 5, 2012 ID:580987 Share Posted August 5, 2012 Good! Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
lizear Posted August 6, 2012 Author ID:581305 Share Posted August 6, 2012 log.txtESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=462564931c313e4f9bdd64b7f8b6cab1# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-08-06 08:18:37# local_time=2012-08-06 06:18:37 (+1000, AUS Eastern Standard Time)# country="Australia"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=118306# found=11# cleaned=11# scan_time=2577C:\Documents and Settings\Andy\My Documents\Download\MsgPlusLive-482.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Andy\My Documents\Download\Fairstars\keygen.exe probably a variant of Win32/Agent.BUYFMNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Andy\My Documents\Download\mIRC\Crack\mirc.exe Win32/PSW.Agent.NLY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Andy\My Documents\Download\Warcraft\BNetGatewayEditor.exe Win32/Virut.NBP virus (cleaned - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Andy\My Documents\Soul Eater\Assassin's creed\ACR+11Tr-LNG.exe a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CF:\High School\eco\i-cms.htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 CF:\High School\eco\Web Design Brisbane, Website Design Brisbane, Search Engine Optimisation - Web Page Development Agency Australia.htm HTML/TrojanClicker.IFrame.NAP virus (cleaned - quarantined) 00000000000000000000000000000000 CF:\High School\eco\Yr 12\rudd-pumps-47b-into-infrastructure-20081212-6x7v.html HTML/TrojanClicker.IFrame.NAP virus (cleaned - quarantined) 00000000000000000000000000000000 CF:\High School\eco\Yr 12\us-jobs-market-faces-next-big-hit-20090109-7dk7.html HTML/TrojanClicker.IFrame.NAP virus (cleaned - quarantined) 00000000000000000000000000000000 CF:\High School\eco\Yr 12\us-unemployment-surges-to-16year-high-20090110-7du3.html HTML/TrojanClicker.IFrame.NAP virus (cleaned - quarantined) 00000000000000000000000000000000 CF:\High School\HSC MM\Assesment Tasks\Project Parts\Parts\Misc\hologram.html HTML/TrojanClicker.IFrame.NAP virus (cleaned - quarantined) 00000000000000000000000000000000 C Link to post Share on other sites More sharing options...
Maniac Posted August 6, 2012 ID:581325 Share Posted August 6, 2012 Good! How are things now? Link to post Share on other sites More sharing options...
lizear Posted August 6, 2012 Author ID:581332 Share Posted August 6, 2012 yeah it's working fine at the moment no more google redirects and my java works now Link to post Share on other sites More sharing options...
Maniac Posted August 6, 2012 ID:581334 Share Posted August 6, 2012 Glad I could help! Before we finish could you please compress the following folder using WinRaR: C:\Qoobox\Quarantine and to upload it somewhere for example in www.rapidshare.com . Then send me a download link via PM.Thanks in advance! Link to post Share on other sites More sharing options...
Maniac Posted August 9, 2012 ID:582692 Share Posted August 9, 2012 Please uninstall ComboFix:www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstallNext, uninstall ESET Online Scanner and manually delete DDS and aswMBR.Some malware prevention tips:http://forums.malwarebytes.org/index.php?showtopic=104379Safe surfing! Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 9, 2012 ID:582816 Share Posted August 9, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts