Jump to content

help cleaning Zeroaccess!inf


Recommended Posts

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

<p> </p>

<div>.</div>

<div>DDS (Ver_2011-08-26.01) - NTFSx86 </div>

<div>Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.4.1</div>

<div>Run by Harish at 12:13:21 on 2012-08-09</div>

<div>Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.3062.1600 [GMT -4:00]</div>

<div>.</div>

<div>AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}</div>

<div>AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}</div>

<div>SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}</div>

<div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div>SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}</div>

<div>FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}</div>

<div>.</div>

<div>============== Running Processes ===============</div>

<div>.</div>

<div>C:\Windows\system32\wininit.exe</div>

<div>C:\Windows\system32\lsm.exe</div>

<div>C:\Windows\system32\svchost.exe -k DcomLaunch</div>

<div>C:\Windows\System32\svchost.exe -k Cognizance</div>

<div>C:\Windows\system32\svchost.exe -k rpcss</div>

<div>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted</div>

<div>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted</div>

<div>C:\Windows\system32\svchost.exe -k netsvcs</div>

<div>C:\Windows\system32\svchost.exe -k GPSvcGroup</div>

<div>C:\Windows\system32\SLsvc.exe</div>

<div>C:\Windows\system32\svchost.exe -k LocalService</div>

<div>C:\Windows\system32\Hpservice.exe</div>

<div>C:\Windows\system32\svchost.exe -k NetworkService</div>

<div>C:\Windows\System32\spoolsv.exe</div>

<div>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork</div>

<div>C:\Windows\system32\Dwm.exe</div>

<div>C:\Windows\system32\taskeng.exe</div>

<div>C:\Windows\Explorer.EXE</div>

<div>C:\Windows\system32\taskeng.exe</div>

<div>C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe</div>

<div>C:\Windows\system32\AEADISRV.EXE</div>

<div>C:\Windows\system32\agrsmsvc.exe</div>

<div>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div>

<div>C:\Program Files\Microsoft\BingBar\7.1.382.0\BBSvc.exe</div>

<div>C:\Program Files\Bonjour\mDNSResponder.exe</div>

<div>C:\Windows\system32\svchost.exe -k bthsvcs</div>

<div>C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe</div>

<div>C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe</div>

<div>C:\Program Files\Common Files\LightScribe\LSSrvc.exe</div>

<div>C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe</div>

<div>C:\Program Files\PDF Complete\pdfsvc.exe</div>

<div>c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe</div>

<div>c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe</div>

<div>C:\Windows\system32\svchost.exe -k imgsvc</div>

<div>C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe</div>

<div>C:\Program Files\VMware\VMware Server\vmware-authd.exe</div>

<div>C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe</div>

<div>C:\Windows\system32\vmnat.exe</div>

<div>C:\Windows\System32\svchost.exe -k WerSvcGroup</div>

<div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</div>

<div>C:\Windows\system32\SearchIndexer.exe</div>

<div>C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe</div>

<div>C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe</div>

<div>C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe</div>

<div>C:\Windows\system32\vmnetdhcp.exe</div>

<div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe</div>

<div>C:\Windows\system32\igfxsrvc.exe</div>

<div>C:\Windows\system32\taskeng.exe</div>

<div>C:\Program Files\VMware\VMware Server\vmserverdWin32.exe</div>

<div>C:\Program Files\AVAST Software\Avast\AvastUI.exe</div>

<div>C:\Windows\system32\DllHost.exe</div>

<div>C:\Windows\system32\wbem\wmiprvse.exe</div>

<div>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation</div>

<div>C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe</div>

<div>C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe</div>

<div>C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe</div>

<div>C:\Windows\SMINST\scheduler.exe</div>

<div>c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe</div>

<div>C:\Windows\system32\SearchProtocolHost.exe</div>

<div>C:\Windows\system32\SearchFilterHost.exe</div>

<div>C:\Windows\system32\WUDFHost.exe</div>

<div>C:\Windows\System32\mobsync.exe</div>

<div>C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</div>

<div>C:\Windows\system32\DllHost.exe</div>

<div>C:\Windows\system32\DllHost.exe</div>

<div>C:\Windows\system32\wbem\wmiprvse.exe</div>

<div>.</div>

<div>============== Pseudo HJT Report ===============</div>

<div>.</div>

<div>uStart Page = hxxp://www.agilisinternational.com/</div>

<div>mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop</div>

<div>uInternet Settings,ProxyServer = proxy.bls.com:8080</div>

<div>uInternet Settings,ProxyOverride = *.local</div>

<div>BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll</div>

<div>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll</div>

<div>BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File</div>

<div>BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll</div>

<div>BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL</div>

<div>BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll</div>

<div>BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll</div>

<div>BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll</div>

<div>BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll</div>

<div>BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll</div>

<div>BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll</div>

<div>BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll</div>

<div>BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll</div>

<div>BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll</div>

<div>BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll</div>

<div>TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll</div>

<div>TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll</div>

<div>TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll</div>

<div>TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll</div>

<div>TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll"</div>

<div>TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll</div>

<div>TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll</div>

<div>mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui</div>

<div>mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)</div>

<div>mPolicies-system: EnableUIADesktopToggle = 0 (0x0)</div>

<div>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll</div>

<div>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL</div>

<div>LSP: mswsock.dll</div>

<div>DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab</div>

<div>DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab</div>

<div>DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP1-11759/event/ieatgpc1.cab</div>

<div>TCP: Interfaces\{13258AD6-BD51-4005-AB9E-8F808C3AC8B2} : NameServer = 4.2.2.2</div>

<div>TCP: Interfaces\{3FDF843A-6005-4B8F-806B-C520110037DA} : DhcpNameServer = 192.168.40.78 4.2.2.2 8.8.8.8</div>

<div>Notify: igfxcui - igfxdev.dll</div>

<div>AppInit_DLLs: c:\windows\system32\APSHook.dll</div>

<div>mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"</div>

<div>.</div>

<div>================= FIREFOX ===================</div>

<div>.</div>

<div>FF - ProfilePath - c:\users\harish\appdata\roaming\mozilla\firefox\profiles\axvvtmuj.default\</div>

<div>FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=</div>

<div>FF - prefs.js: browser.search.selectedEngine - Ask.com</div>

<div>FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=WLEM&ocid=bb7hp</div>

<div>FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_031&u=USERGUID&q=</div>

<div>FF - prefs.js: network.proxy.ftp - proxy.bls.com</div>

<div>FF - prefs.js: network.proxy.ftp_port - 8080</div>

<div>FF - prefs.js: network.proxy.gopher - proxy.bls.com</div>

<div>FF - prefs.js: network.proxy.gopher_port - 8080</div>

<div>FF - prefs.js: network.proxy.http - proxy.bls.com</div>

<div>FF - prefs.js: network.proxy.http_port - 8080</div>

<div>FF - prefs.js: network.proxy.socks - proxy.bls.com</div>

<div>FF - prefs.js: network.proxy.socks_port - 8080</div>

<div>FF - prefs.js: network.proxy.ssl - proxy.bls.com</div>

<div>FF - prefs.js: network.proxy.ssl_port - 8080</div>

<div>FF - prefs.js: network.proxy.type - 0</div>

<div>FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\ipsffplgn\components\IPSFFPl.dll</div>

<div>FF - component: c:\users\harish\appdata\roaming\mozilla\firefox\profiles\axvvtmuj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll</div>

<div>FF - component: c:\users\harish\appdata\roaming\mozilla\firefox\profiles\axvvtmuj.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\components\dtTransparency.dll</div>

<div>FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll</div>

<div>FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll</div>

<div>FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll</div>

<div>FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll</div>

<div>FF - plugin: c:\program files\java\jre7\bin\npjpi170_04.dll</div>

<div>FF - plugin: c:\program files\microsoft\office live\npOLW.dll</div>

<div>FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll</div>

<div>FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll</div>

<div>FF - plugin: c:\users\harish\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll</div>

<div>FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll</div>

<div>FF - plugin: c:\windows\system32\npDeployJava1.dll</div>

<div>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</div>

<div>FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div>

<div>FF - Ext: Yontoo: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com</div>

<div>FF - Ext: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - %profile%\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}</div>

<div>FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}</div>

<div>FF - Ext: Performance Cache: vbapxexskl@vbapxexskl.org - %profile%\extensions\vbapxexskl@vbapxexskl.org</div>

<div>FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension</div>

<div>FF - Ext: Norton Vulnerability Protection: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\IPSFFPlgn</div>

<div>.</div>

<div>---- FIREFOX POLICIES ----</div>

<div>FF - user.js: extentions.y2layers.installId - 4d7ae60f-10df-4d4e-ae19-7c048112865b</div>

<div>FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,</div>

<div>FF - user.js: extensions.autoDisableScopes - 14</div>

<div>FF - user.js: security.csp.enable - false</div>

<div>FF - user.js: yahoo.ytff.general.dontshowhpoffer - true</div>

<div>.</div>

<div>============= SERVICES / DRIVERS ===============</div>

<div>.</div>

<div>R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\symds.sys [2012-5-18 340088]</div>

<div>R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\symefa.sys [2012-5-18 905336]</div>

<div>R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\definitions\bashdefs\20120804.001\BHDrvx86.sys [2012-8-8 821920]</div>

<div>R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys [2012-5-18 132744]</div>

<div>R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\ironx86.sys [2012-5-18 149624]</div>

<div>R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys [2012-5-18 345208]</div>

<div>R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]</div>

<div>R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-9-29 21504]</div>

<div>R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-9-29 21504]</div>

<div>R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.382.0\BBSvc.EXE [2012-4-16 193616]</div>

<div>R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-29 21504]</div>

<div>R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-8-7 26168]</div>

<div>R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-23 655944]</div>

<div>R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccsvchst.exe [2012-5-18 138232]</div>

<div>R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-7-3 799256]</div>

<div>R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-7-23 2673064]</div>

<div>R2 vmserverdWin32;VMware Registration Service;c:\program files\vmware\vmware server\vmserverdWin32.exe [2008-8-1 1650782]</div>

<div>R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-3 179712]</div>

<div>R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-5-12 227896]</div>

<div>R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]</div>

<div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-23 22344]</div>

<div>R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]</div>

<div>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]</div>

<div>S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-13 136176]</div>

<div>S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-29 250056]</div>

<div>S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.382.0\SeaPort.EXE [2012-4-16 240208]</div>

<div>S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-28 54632]</div>

<div>S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]</div>

<div>S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-13 136176]</div>

<div>S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]</div>

<div>S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]</div>

<div>S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]</div>

<div>.</div>

<div>=============== Created Last 30 ================</div>

<div>.</div>

<div>2012-08-09 14:56:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$RECYCLE.BIN</div>

<div>2012-08-08 22:44:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\FRST</div>

<div>2012-08-08 20:04:09<span class="Apple-tab-span" style="white-space:pre"> </span>721000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswSnx.sys</div>

<div>2012-08-08 20:04:04<span class="Apple-tab-span" style="white-space:pre"> </span>57656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswMonFlt.sys</div>

<div>2012-08-08 20:02:01<span class="Apple-tab-span" style="white-space:pre"> </span>41224<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\avastSS.scr</div>

<div>2012-08-08 20:00:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVAST Software</div>

<div>2012-08-08 20:00:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVAST Software</div>

<div>2012-08-08 19:29:23<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\pss</div>

<div>2012-08-07 17:41:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ESET</div>

<div>2012-07-24 14:05:44<span class="Apple-tab-span" style="white-space:pre"> </span>98816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\sed.exe</div>

<div>2012-07-24 14:05:44<span class="Apple-tab-span" style="white-space:pre"> </span>518144<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SWREG.exe</div>

<div>2012-07-24 14:05:44<span class="Apple-tab-span" style="white-space:pre"> </span>256000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\PEV.exe</div>

<div>2012-07-24 14:05:44<span class="Apple-tab-span" style="white-space:pre"> </span>208896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\MBR.exe</div>

<div>2012-07-23 20:48:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\harish\appdata\roaming\Malwarebytes</div>

<div>2012-07-23 20:47:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div>

<div>2012-07-23 20:47:39<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2012-07-23 20:47:39<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div>

<div>2012-07-23 20:41:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\harish\appdata\local\Macromedia</div>

<div>2012-07-23 20:22:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\harish\temp</div>

<div>2012-07-19 23:17:05<span class="Apple-tab-span" style="white-space:pre"> </span>2047488<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div>

<div>2012-07-19 15:48:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iPod</div>

<div>2012-07-19 15:48:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes</div>

<div>2012-07-11 15:46:41<span class="Apple-tab-span" style="white-space:pre"> </span>708608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\common files\system\ado\msado15.dll</div>

<div>2012-07-11 15:46:36<span class="Apple-tab-span" style="white-space:pre"> </span>1401856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml6.dll</div>

<div>2012-07-11 15:46:35<span class="Apple-tab-span" style="white-space:pre"> </span>1248768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml3.dll</div>

<div>2012-07-11 15:44:47<span class="Apple-tab-span" style="white-space:pre"> </span>440704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\ksecdd.sys</div>

<div>2012-07-11 15:44:47<span class="Apple-tab-span" style="white-space:pre"> </span>278528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\schannel.dll</div>

<div>2012-07-11 15:44:47<span class="Apple-tab-span" style="white-space:pre"> </span>204288<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ncrypt.dll</div>

<div>.</div>

<div>==================== Find3M  ====================</div>

<div>.</div>

<div>2012-08-07 18:02:38<span class="Apple-tab-span" style="white-space:pre"> </span>70344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div>

<div>2012-08-07 18:02:38<span class="Apple-tab-span" style="white-space:pre"> </span>426184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerApp.exe</div>

<div>2012-06-02 22:12:32<span class="Apple-tab-span" style="white-space:pre"> </span>2422272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wucltux.dll</div>

<div>2012-06-02 22:12:13<span class="Apple-tab-span" style="white-space:pre"> </span>88576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wudriver.dll</div>

<div>2012-06-02 19:19:42<span class="Apple-tab-span" style="white-space:pre"> </span>171904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuwebv.dll</div>

<div>2012-06-02 19:12:20<span class="Apple-tab-span" style="white-space:pre"> </span>33792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapp.exe</div>

<div>2012-06-02 08:33:25<span class="Apple-tab-span" style="white-space:pre"> </span>1800192<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\jscript9.dll</div>

<div>2012-06-02 08:25:08<span class="Apple-tab-span" style="white-space:pre"> </span>1129472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wininet.dll</div>

<div>2012-06-02 08:25:03<span class="Apple-tab-span" style="white-space:pre"> </span>1427968<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\inetcpl.cpl</div>

<div>2012-06-02 08:20:33<span class="Apple-tab-span" style="white-space:pre"> </span>142848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ieUnatt.exe</div>

<div>2012-06-02 08:16:52<span class="Apple-tab-span" style="white-space:pre"> </span>2382848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mshtml.tlb</div>

<div>.</div>

<div>============= FINISH: 12:19:15.15 ===============</div>

<div> </div>

Link to post
Share on other sites

<p> </p>

<div>.</div>

<div>UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.</div>

<div>IF REQUESTED, ZIP IT UP & ATTACH IT</div>

<div>.</div>

<div>DDS (Ver_2011-08-26.01)</div>

<div>.</div>

<div>Microsoft® Windows Vista™ Business </div>

<div>Boot Device: \Device\HarddiskVolume1</div>

<div>Install Date: 11/30/2007 1:06:29 AM</div>

<div>System Uptime: 8/9/2012 12:02:19 PM (0 hours ago)</div>

<div>.</div>

<div>Motherboard: Hewlett-Packard |  | 30C0</div>

<div>Processor: Intel® Core2 Duo CPU     T7100  @ 1.80GHz | U10 | 1800/200mhz</div>

<div>.</div>

<div>==== Disk Partitions =========================</div>

<div>.</div>

<div>C: is FIXED (NTFS) - 587 GiB total, 501.518 GiB free.</div>

<div>D: is FIXED (NTFS) - 8 GiB total, 0.758 GiB free.</div>

<div>E: is FIXED (NTFS) - 2 GiB total, 1.319 GiB free.</div>

<div>F: is CDROM ()</div>

<div>.</div>

<div>==== Disabled Device Manager Items =============</div>

<div>.</div>

<div>Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}</div>

<div>Description: Microsoft ISATAP Adapter</div>

<div>Device ID: ROOT\*ISATAP\0022</div>

<div>Manufacturer: Microsoft</div>

<div>Name: Microsoft ISATAP Adapter #22</div>

<div>PNP Device ID: ROOT\*ISATAP\0022</div>

<div>Service: tunnel</div>

<div>.</div>

<div>Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}</div>

<div>Description: Cisco Systems VPN Adapter</div>

<div>Device ID: ROOT\NET\0000</div>

<div>Manufacturer: Cisco Systems</div>

<div>Name: Cisco Systems VPN Adapter</div>

<div>PNP Device ID: ROOT\NET\0000</div>

<div>Service: CVirtA</div>

<div>.</div>

<div>==== System Restore Points ===================</div>

<div>.</div>

<div>.</div>

<div>==== Installed Programs ======================</div>

<div>.</div>

<div>.</div>

<div> Update for Microsoft Office 2007 (KB2508958)</div>

<div>2007 Microsoft Office system</div>

<div>7-Zip 9.20</div>

<div>Activation Assistant for the 2007 Microsoft Office suites</div>

<div>ActiveCheck component for HP Active Support Library</div>

<div>Adobe AIR</div>

<div>Adobe Flash Player 11 ActiveX</div>

<div>Adobe Flash Player 11 Plugin</div>

<div>Adobe Reader X (10.1.3)</div>

<div>Anti-phishing Domain Advisor</div>

<div>Apple Application Support</div>

<div>Apple Mobile Device Support</div>

<div>Apple Software Update</div>

<div>Application Installer 4.00.B14</div>

<div>Ask Toolbar</div>

<div>Ask Toolbar Updater</div>

<div>AT&T Connect Participant Application v8.8.53</div>

<div>avast! Free Antivirus</div>

<div>Bing Bar</div>

<div>blekko search bar</div>

<div>Bonjour</div>

<div>Business Contact Manager for Outlook 2007 SP2</div>

<div>CCleaner</div>

<div>Cisco Systems VPN Client 5.0.00.0340</div>

<div>Cisco WebEx Meetings</div>

<div>Credential Manager for HP ProtectTools</div>

<div>ESET Online Scanner v3</div>

<div>ESU for Microsoft Vista</div>

<div>Everyone's Legal Forms 2007</div>

<div>Ez-Architect 5</div>

<div>GEAR driver installer for x86 and x64</div>

<div>GearDrvs</div>

<div>Google Chrome</div>

<div>Google Earth</div>

<div>Google Toolbar for Internet Explorer</div>

<div>Google Update Helper</div>

<div>Google Updater</div>

<div>GoToMeeting 5.1.0.880</div>

<div>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)</div>

<div>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)</div>

<div>HP Active Support Library</div>

<div>HP Active Support Library 32 bit components</div>

<div>HP Backup & Recovery Manager Installer</div>

<div>HP BIOS Configuration for ProtectTools</div>

<div>HP Customer Experience Enhancements</div>

<div>HP Doc Viewer</div>

<div>HP Easy Setup - Core</div>

<div>HP Easy Setup - Frontend</div>

<div>HP Help and Support</div>

<div>HP Notebook Accessories Product Tour</div>

<div>HP Product Detection</div>

<div>HP ProtectTools Security Manager</div>

<div>HP Quick Launch Buttons</div>

<div>HP Update</div>

<div>HP User Guides 0064</div>

<div>HP Wireless Assistant</div>

<div>HPAsset component for HP Active Support Library</div>

<div>HPNetworkAssistant</div>

<div>Intel® Graphics Media Accelerator Driver</div>

<div>Intel® TV Wizard</div>

<div>InterVideo DVD Check</div>

<div>InterVideo Register Manager</div>

<div>InterVideo WinDVD</div>

<div>iTunes</div>

<div>Java Auto Updater</div>

<div>Java 6 Update 11</div>

<div>Java 6 Update 3</div>

<div>Java 6 Update 5</div>

<div>Java 6 Update 7</div>

<div>Java 7 Update 4</div>

<div>Java SE Runtime Environment 6</div>

<div>JavaFX 2.1.0</div>

<div>join.me</div>

<div>Junk Mail filter update</div>

<div>LightScribe  1.6.43.1</div>

<div>Malwarebytes Anti-Malware version 1.62.0.1300</div>

<div>Microsoft .NET Framework 1.1</div>

<div>Microsoft .NET Framework 1.1 Security Update (KB2416447)</div>

<div>Microsoft .NET Framework 1.1 Security Update (KB979906)</div>

<div>Microsoft .NET Framework 3.5 SP1</div>

<div>Microsoft .NET Framework 4 Client Profile</div>

<div>Microsoft Application Error Reporting</div>

<div>Microsoft Choice Guard</div>

<div>Microsoft IntelliPoint 6.3</div>

<div>Microsoft Office 2003 Web Components</div>

<div>Microsoft Office 2007 Primary Interop Assemblies</div>

<div>Microsoft Office 2007 Service Pack 3 (SP3)</div>

<div>Microsoft Office Access MUI (English) 2007</div>

<div>Microsoft Office Access Setup Metadata MUI (English) 2007</div>

<div>Microsoft Office Excel MUI (English) 2007</div>

<div>Microsoft Office File Validation Add-In</div>

<div>Microsoft Office Live Add-in 1.5</div>

<div>Microsoft Office Outlook MUI (English) 2007</div>

<div>Microsoft Office PowerPoint MUI (English) 2007</div>

<div>Microsoft Office Professional Hybrid 2007</div>

<div>Microsoft Office Project 2007 Service Pack 3 (SP3)</div>

<div>Microsoft Office Project MUI (English) 2007</div>

<div>Microsoft Office Project Professional 2007</div>

<div>Microsoft Office Proof (English) 2007</div>

<div>Microsoft Office Proof (French) 2007</div>

<div>Microsoft Office Proof (Spanish) 2007</div>

<div>Microsoft Office Proofing (English) 2007</div>

<div>Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)</div>

<div>Microsoft Office Publisher MUI (English) 2007</div>

<div>Microsoft Office Shared MUI (English) 2007</div>

<div>Microsoft Office Shared Setup Metadata MUI (English) 2007</div>

<div>Microsoft Office Small Business Connectivity Components</div>

<div>Microsoft Office Visio 2007 Service Pack 3 (SP3)</div>

<div>Microsoft Office Visio MUI (English) 2007</div>

<div>Microsoft Office Visio Professional 2007</div>

<div>Microsoft Office Word MUI (English) 2007</div>

<div>Microsoft Silverlight</div>

<div>Microsoft SQL Server 2005</div>

<div>Microsoft SQL Server 2005 Compact Edition [ENU]</div>

<div>Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)</div>

<div>Microsoft SQL Server Native Client</div>

<div>Microsoft SQL Server Setup Support Files (English)</div>

<div>Microsoft SQL Server VSS Writer</div>

<div>Microsoft Sync Framework Runtime Native v1.0 (x86)</div>

<div>Microsoft Sync Framework Services Native v1.0 (x86)</div>

<div>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053</div>

<div>Microsoft Visual C++ 2005 Redistributable</div>

<div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148</div>

<div>MobileMe Control Panel</div>

<div>Mozilla Firefox (3.6.15)</div>

<div>MSCU for Microsoft Vista</div>

<div>MSVCRT</div>

<div>MSXML 4.0 SP2 (KB936181)</div>

<div>MSXML 4.0 SP2 (KB941833)</div>

<div>MSXML 4.0 SP2 (KB954430)</div>

<div>MSXML 4.0 SP2 (KB973688)</div>

<div>NetMind Configuration System</div>

<div>NetMind Hotlist Manager</div>

<div>NetMind Profile Manager</div>

<div>NetMind Workflow System</div>

<div>Nortel VPN Client</div>

<div>Norton 360</div>

<div>Octoshape add-in for Adobe Flash Player</div>

<div>OGA Notifier 2.0.0048.0</div>

<div>OpenOffice.org Installer 1.0</div>

<div>Oracle Data Provider for .NET Help</div>

<div>PDF Complete Corporate Edition</div>

<div>QuickTime</div>

<div>Roxio Creator Tools</div>

<div>Roxio Express Labeler 3</div>

<div>Safari</div>

<div>Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)</div>

<div>Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)</div>

<div>Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition </div>

<div>Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition </div>

<div>Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition</div>

<div>Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition</div>

<div>Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition</div>

<div>Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition </div>

<div>Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition </div>

<div>Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition</div>

<div>Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition</div>

<div>Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition </div>

<div>Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition </div>

<div>Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition</div>

<div>Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition</div>

<div>Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition</div>

<div>Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition </div>

<div>Sonic Activation Module</div>

<div>SoundMAX</div>

<div>Symantec Technical Support Advanced Chat Controls</div>

<div>Synaptics Pointing Device Driver</div>

<div>TeamViewer 7</div>

<div>Update for 2007 Microsoft Office System (KB967642)</div>

<div>Update for Microsoft .NET Framework 3.5 SP1 (KB963707)</div>

<div>Update for Microsoft .NET Framework 4 Client Profile (KB2468871)</div>

<div>Update for Microsoft .NET Framework 4 Client Profile (KB2533523)</div>

<div>Update for Microsoft .NET Framework 4 Client Profile (KB2600217)</div>

<div>Update for Microsoft Office 2007 Help for Common Features (KB963673)</div>

<div>Update for Microsoft Office Access 2007 Help (KB963663)</div>

<div>Update for Microsoft Office Excel 2007 Help (KB963678)</div>

<div>Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition</div>

<div>Update for Microsoft Office Outlook 2007 Help (KB963677)</div>

<div>Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition</div>

<div>Update for Microsoft Office Powerpoint 2007 Help (KB963669)</div>

<div>Update for Microsoft Office Project 2007 Help (KB963668)</div>

<div>Update for Microsoft Office Publisher 2007 Help (KB963667)</div>

<div>Update for Microsoft Office Script Editor Help (KB963671)</div>

<div>Update for Microsoft Office Visio 2007 Help (KB963666)</div>

<div>Update for Microsoft Office Word 2007 Help (KB963665)</div>

<div>Vista Default Settings</div>

<div>VMware Server</div>

<div>Windows Live Call</div>

<div>Windows Live Communications Platform</div>

<div>Windows Live Essentials</div>

<div>Windows Live Family Safety</div>

<div>Windows Live ID Sign-in Assistant</div>

<div>Windows Live Mail</div>

<div>Windows Live Messenger</div>

<div>Windows Live Movie Maker</div>

<div>Windows Live OneCare safety scanner</div>

<div>Windows Live Photo Gallery</div>

<div>Windows Live Sync</div>

<div>Windows Live Toolbar</div>

<div>Windows Live Upload Tool</div>

<div>Windows Live Writer</div>

<div>Windows Resource Kit Tools - SubInAcl.exe</div>

<div>Yahoo! BrowserPlus 2.9.8</div>

<div>Yahoo! Messenger</div>

<div>Yahoo! Software Update</div>

<div>Yahoo! Toolbar</div>

<div>Yontoo 1.10.02</div>

<div>.</div>

<div>==== Event Viewer Messages From Past Week ========</div>

<div>.</div>

<div>8/9/2012 12:09:44 PM, Error: SRTSP [5]  - Error loading Symantec real time Anti-Virus driver.</div>

<div>8/9/2012 12:09:44 PM, Error: SRTSP [4]  - Error loading virus definitions.</div>

<div>8/9/2012 12:09:44 PM, Error: Service Control Manager [7000]  - </div>

<div>8/9/2012 10:25:04 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}</div>

<div>8/9/2012 10:11:17 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}</div>

<div>8/9/2012 10:11:08 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}</div>

<div>8/9/2012 10:07:50 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048]  - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .</div>

<div>8/9/2012 10:07:50 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}</div>

<div>8/8/2012 10:08:19 AM, Error: volsnap [14]  - The shadow copies of volume G: were aborted because of an IO failure on volume G:.</div>

<div>8/7/2012 2:47:49 PM, Error: PlugPlayManager [11]  - The device Root\LEGACY_E4C76D50\0000 disappeared from the system without first being prepared for removal.</div>

<div>8/7/2012 12:59:12 PM, Error: Microsoft-Windows-WMPNSS-Service [14325]  - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.</div>

<div>8/7/2012 12:48:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}</div>

<div>.</div>

<div>==== End Of File ===========================</div>

<div> </div>

Link to post
Share on other sites

<p> </p>

<div>ComboFix 12-08-08.03 - Harish 08/09/2012  10:25:49.2.2 - x86 NETWORK</div>

<div>Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.3062.2527 [GMT -4:00]</div>

<div>Running from: c:\users\Harish\Desktop\ComboFix.exe</div>

<div>AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}</div>

<div>AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}</div>

<div>FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}</div>

<div>SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}</div>

<div>SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}</div>

<div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>c:\windows\assembly\GAC\Desktop.ini</div>

<div>.</div>

<div>c:\windows\system32\Services.exe . . . is infected!!</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((   Files Created from 2012-07-09 to 2012-08-09  )))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2012-08-09 14:52 . 2012-08-09 14:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\config\systemprofile\AppData\Local\temp</div>

<div>2012-08-09 14:52 . 2012-08-09 14:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>

<div>2012-08-08 22:44 . 2012-08-08 22:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\FRST</div>

<div>2012-08-08 20:04 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>353688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswSP.sys</div>

<div>2012-08-08 20:04 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>21256<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswFsBlk.sys</div>

<div>2012-08-08 20:04 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>54232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswTdi.sys</div>

<div>2012-08-08 20:04 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>35928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswRdr.sys</div>

<div>2012-08-08 20:04 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>721000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswSnx.sys</div>

<div>2012-08-08 20:04 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>57656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswMonFlt.sys</div>

<div>2012-08-08 20:02 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>41224<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\avastSS.scr</div>

<div>2012-08-08 20:01 . 2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>227648<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\aswBoot.exe</div>

<div>2012-08-08 20:00 . 2012-08-08 20:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVAST Software</div>

<div>2012-08-08 20:00 . 2012-08-08 20:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVAST Software</div>

<div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>9310<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS</div>

<div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>8646<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS</div>

<div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>6429<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS</div>

<div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>63115<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS</div>

<div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>5927<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS</div>

<div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>4599<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS</div>

<div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>8613<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS</div>

<div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>6910<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS</div>

<div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>1651<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS</div>

<div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>8288<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS</div>

<div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>6208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS</div>

<div>2012-08-08 19:46 . 2012-08-08 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>18541<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS</div>

<div>2012-08-08 19:45 . 2012-08-08 19:45<span class="Apple-tab-span" style="white-space:pre"> </span>7271<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS</div>

<div>2012-08-08 19:45 . 2012-08-08 19:45<span class="Apple-tab-span" style="white-space:pre"> </span>51852<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS</div>

<div>2012-08-08 19:45 . 2012-08-08 19:45<span class="Apple-tab-span" style="white-space:pre"> </span>23327<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS</div>

<div>2012-08-08 19:45 . 2012-08-08 19:45<span class="Apple-tab-span" style="white-space:pre"> </span>20719<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS</div>

<div>2012-08-08 19:45 . 2012-08-08 19:45<span class="Apple-tab-span" style="white-space:pre"> </span>8782<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS</div>

<div>2012-08-07 17:41 . 2012-08-07 17:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ESET</div>

<div>2012-07-23 20:48 . 2012-07-23 20:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Harish\AppData\Roaming\Malwarebytes</div>

<div>2012-07-23 20:47 . 2012-07-23 20:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div>

<div>2012-07-23 20:47 . 2012-07-23 20:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div>

<div>2012-07-23 20:47 . 2012-07-03 17:46<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2012-07-23 20:41 . 2012-07-23 20:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Harish\AppData\Local\Macromedia</div>

<div>2012-07-23 20:22 . 2012-07-23 20:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Harish\temp</div>

<div>2012-07-19 23:17 . 2012-06-13 13:40<span class="Apple-tab-span" style="white-space:pre"> </span>2047488<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div>

<div>2012-07-19 15:48 . 2012-07-19 15:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iPod</div>

<div>2012-07-19 15:48 . 2012-07-19 15:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes</div>

<div>2012-07-13 15:15 . 2012-07-25 14:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps</div>

<div>2012-07-11 15:46 . 2012-06-05 16:47<span class="Apple-tab-span" style="white-space:pre"> </span>708608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\System\ado\msado15.dll</div>

<div>2012-07-11 15:46 . 2012-06-05 16:47<span class="Apple-tab-span" style="white-space:pre"> </span>1401856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml6.dll</div>

<div>2012-07-11 15:46 . 2012-06-05 16:47<span class="Apple-tab-span" style="white-space:pre"> </span>1248768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml3.dll</div>

<div>2012-07-11 15:44 . 2012-06-04 15:26<span class="Apple-tab-span" style="white-space:pre"> </span>440704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\ksecdd.sys</div>

<div>2012-07-11 15:44 . 2012-06-02 00:04<span class="Apple-tab-span" style="white-space:pre"> </span>278528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\schannel.dll</div>

<div>2012-07-11 15:44 . 2012-06-02 00:03<span class="Apple-tab-span" style="white-space:pre"> </span>204288<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ncrypt.dll</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>2012-08-07 18:02 . 2012-04-29 15:14<span class="Apple-tab-span" style="white-space:pre"> </span>426184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerApp.exe</div>

<div>2012-08-07 18:02 . 2011-05-31 12:25<span class="Apple-tab-span" style="white-space:pre"> </span>70344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div>

<div>2012-06-02 22:19 . 2012-06-19 05:38<span class="Apple-tab-span" style="white-space:pre"> </span>53784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuauclt.exe</div>

<div>2012-06-02 22:19 . 2012-06-19 05:38<span class="Apple-tab-span" style="white-space:pre"> </span>45080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wups2.dll</div>

<div>2012-06-02 22:19 . 2012-06-19 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>35864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wups.dll</div>

<div>2012-06-02 22:19 . 2012-06-19 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>577048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapi.dll</div>

<div>2012-06-02 22:19 . 2012-06-19 05:38<span class="Apple-tab-span" style="white-space:pre"> </span>1933848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaueng.dll</div>

<div>2012-06-02 22:12 . 2012-06-19 05:38<span class="Apple-tab-span" style="white-space:pre"> </span>2422272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wucltux.dll</div>

<div>2012-06-02 22:12 . 2012-06-19 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>88576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wudriver.dll</div>

<div>2012-06-02 19:19 . 2012-06-19 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>171904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuwebv.dll</div>

<div>2012-06-02 19:12 . 2012-06-19 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>33792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapp.exe</div>

<div>.</div>

<div>.</div>

<div>------- Sigcheck -------</div>

<div>Note: Unsigned files aren't necessarily malware.</div>

<div>.</div>

<div>[-] 2009-04-11 . 8737764F4FD36D6808EE80578409C843 . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe</div>

<div>[7] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe</div>

<div>[7] 2008-01-19 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe</div>

<div>[7] 2006-11-02 . 329CF3C97CE4C19375C8ABCABAE258B0 . 279552 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]</div>

<div>2012-06-07 01:33<span class="Apple-tab-span" style="white-space:pre"> </span>1519304<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Ask.com\GenericAskToolbar.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]</div>

<div>"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]</div>

<div>.</div>

<div>[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]</div>

<div>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]</div>

<div>[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]</div>

<div>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]</div>

<div>.</div>

<div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]</div>

<div>"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]</div>

<div>.</div>

<div>[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]</div>

<div>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]</div>

<div>[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]</div>

<div>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]</div>

<div>@="{472083B0-C522-11CF-8763-00608CC02F24}"</div>

<div>[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]</div>

<div>2012-07-03 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>121528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVAST Software\Avast\ashShell.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]</div>

<div>"GrpConv"="grpconv -o" [X]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>

<div>"EnableUIADesktopToggle"= 0 (0x0)</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]</div>

<div>"AppInit_DLLs"=c:\windows\System32\APSHook.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]</div>

<div>"aux"=wdmaud.drv</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]</div>

<div>@="Driver"</div>

<div>.</div>

<div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]</div>

<div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk</div>

<div>backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup</div>

<div>backupExtension=.CommonStartup</div>

<div>.</div>

<div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]</div>

<div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk</div>

<div>backup=c:\windows\pss\DVD Check.lnk.CommonStartup</div>

<div>backupExtension=.CommonStartup</div>

<div>.</div>

<div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]</div>

<div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk</div>

<div>backup=c:\windows\pss\VPN Client.lnk.CommonStartup</div>

<div>backupExtension=.CommonStartup</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]</div>

<div>2012-01-03 13:10<span class="Apple-tab-span" style="white-space:pre"> </span>843712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]</div>

<div>2012-05-03 18:07<span class="Apple-tab-span" style="white-space:pre"> </span>217256<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]</div>

<div>2012-06-07 01:33<span class="Apple-tab-span" style="white-space:pre"> </span>1564872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Ask.com\Updater\Updater.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]</div>

<div>2012-05-31 00:06<span class="Apple-tab-span" style="white-space:pre"> </span>59280<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]</div>

<div>2012-03-28 13:47<span class="Apple-tab-span" style="white-space:pre"> </span>39816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Citrix\GoToMeeting\880\g2mstart.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]</div>

<div>2008-10-09 12:58<span class="Apple-tab-span" style="white-space:pre"> </span>75008<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]</div>

<div>2007-10-03 19:15<span class="Apple-tab-span" style="white-space:pre"> </span>480560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]</div>

<div>2009-02-13 20:01<span class="Apple-tab-span" style="white-space:pre"> </span>141848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\System32\igfxtray.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]</div>

<div>2009-01-07 19:46<span class="Apple-tab-span" style="white-space:pre"> </span>1468296<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft IntelliPoint\ipoint.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]</div>

<div>2012-06-07 23:33<span class="Apple-tab-span" style="white-space:pre"> </span>421776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes\iTunesHelper.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]</div>

<div>2009-04-01 11:06<span class="Apple-tab-span" style="white-space:pre"> </span>320024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\PDF Complete\pdfsty.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]</div>

<div>2009-02-13 20:00<span class="Apple-tab-span" style="white-space:pre"> </span>150552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\System32\igfxpers.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]</div>

<div>2007-01-09 22:52<span class="Apple-tab-span" style="white-space:pre"> </span>145184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Push Client]</div>

<div>2009-09-17 22:50<span class="Apple-tab-span" style="white-space:pre"> </span>935240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Harish\AppData\Local\ATT Connect\Participant\pull.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]</div>

<div>2009-04-11 06:28<span class="Apple-tab-span" style="white-space:pre"> </span>1233920<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Sidebar\sidebar.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]</div>

<div>2007-02-21 22:14<span class="Apple-tab-span" style="white-space:pre"> </span>1183744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Analog Devices\Core\smax4pnp.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]</div>

<div>2012-01-17 15:07<span class="Apple-tab-span" style="white-space:pre"> </span>252296<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Java\Java Update\jusched.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]</div>

<div>2009-01-09 17:44<span class="Apple-tab-span" style="white-space:pre"> </span>39408<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]</div>

<div>2010-06-04 07:17<span class="Apple-tab-span" style="white-space:pre"> </span>1791272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Synaptics\SynTP\SynTPEnh.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]</div>

<div>2007-09-15 07:29<span class="Apple-tab-span" style="white-space:pre"> </span>102400<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Synaptics\SynTP\SynTPStart.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]</div>

<div>"DisableMonitoring"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]</div>

<div>"DisableMonitoring"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]</div>

<div>"DisableMonitoring"=dword:00000001</div>

<div>.</div>

<div>R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]</div>

<div>R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]</div>

<div>.</div>

<div>.</div>

<div>--- Other Services/Drivers In Memory ---</div>

<div>.</div>

<div>*NewlyCreated* - ECACHE</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div>

<div>LocalServiceNoNetwork<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>PLA DPS BFE mpssvc</div>

<div>bthsvcs<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>BthServ</div>

<div>Cognizance<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>ASBroker ASChannel</div>

<div>LocalServiceAndNoImpersonation<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>FontCache</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]</div>

<div>2007-04-19 20:23<span class="Apple-tab-span" style="white-space:pre"> </span>452136<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\LightScribe\LSRunOnce.exe</div>

<div>.</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>.</div>

<div>2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job</div>

<div>- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 18:02]</div>

<div>.</div>

<div>2012-07-25 c:\windows\Tasks\Google Software Updater.job</div>

<div>- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-28 14:13]</div>

<div>.</div>

<div>2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-13 12:19]</div>

<div>.</div>

<div>2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-13 12:19]</div>

<div>.</div>

<div>2012-07-19 c:\windows\Tasks\HPCeeScheduleForHarish.job</div>

<div>- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-07-03 18:38]</div>

<div>.</div>

<div>.</div>

<div>------- Supplementary Scan -------</div>

<div>.</div>

<div>uStart Page = hxxp://www.agilisinternational.com/</div>

<div>mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop</div>

<div>uInternet Settings,ProxyServer = proxy.bls.com:8080</div>

<div>uInternet Settings,ProxyOverride = *.local</div>

<div>TCP: DhcpNameServer = 192.168.40.78 4.2.2.2 8.8.8.8</div>

<div>TCP: Interfaces\{13258AD6-BD51-4005-AB9E-8F808C3AC8B2}: NameServer = 4.2.2.2</div>

<div>FF - ProfilePath - c:\users\Harish\AppData\Roaming\Mozilla\Firefox\Profiles\axvvtmuj.default\</div>

<div>FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=</div>

<div>FF - prefs.js: browser.search.selectedEngine - Ask.com</div>

<div>FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=WLEM&ocid=bb7hp</div>

<div>FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_031&u=USERGUID&q=</div>

<div>FF - prefs.js: network.proxy.ftp - proxy.bls.com</div>

<div>FF - prefs.js: network.proxy.ftp_port - 8080</div>

<div>FF - prefs.js: network.proxy.gopher - proxy.bls.com</div>

<div>FF - prefs.js: network.proxy.gopher_port - 8080</div>

<div>FF - prefs.js: network.proxy.http - proxy.bls.com</div>

<div>FF - prefs.js: network.proxy.http_port - 8080</div>

<div>FF - prefs.js: network.proxy.socks - proxy.bls.com</div>

<div>FF - prefs.js: network.proxy.socks_port - 8080</div>

<div>FF - prefs.js: network.proxy.ssl - proxy.bls.com</div>

<div>FF - prefs.js: network.proxy.ssl_port - 8080</div>

<div>FF - prefs.js: network.proxy.type - 0</div>

<div>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</div>

<div>FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div>

<div>FF - Ext: Yontoo: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com</div>

<div>FF - Ext: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - %profile%\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}</div>

<div>FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}</div>

<div>FF - Ext: Performance Cache: vbapxexskl@vbapxexskl.org - %profile%\extensions\vbapxexskl@vbapxexskl.org</div>

<div>FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension</div>

<div>FF - Ext: Norton Vulnerability Protection: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn</div>

<div>FF - user.js: extentions.y2layers.installId - 4d7ae60f-10df-4d4e-ae19-7c048112865b</div>

<div>FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,</div>

<div>FF - user.js: extensions.autoDisableScopes - 14</div>

<div>FF - user.js: security.csp.enable - false</div>

<div>FF - user.js: yahoo.ytff.general.dontshowhpoffer - true</div>

<div>.</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>.</div>

<div>HKLM-RunOnce-<NO NAME> - (no file)</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div>

<div>Rootkit scan 2012-08-09 10:52</div>

<div>Windows 6.0.6002 Service Pack 2 NTFS</div>

<div>.</div>

<div>scanning hidden processes ...  </div>

<div>.</div>

<div>scanning hidden autostart entries ... </div>

<div>.</div>

<div>scanning hidden files ...  </div>

<div>.</div>

<div>scan completed successfully</div>

<div>hidden files: 0</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\N360]</div>

<div>"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"</div>

<div>--</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\pdfcDispatcher]</div>

<div>"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\8291c7b0]</div>

<div>"imagepath"="\??\c:\windows\TEMP\7A4D.tmp"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\e4c76d50]</div>

<div>"imagepath"="\??\c:\windows\TEMP\5F73.tmp"</div>

<div>.</div>

<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div>

<div>@Denied: (A) (Users)</div>

<div>@Denied: (A) (Everyone)</div>

<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>

<div>"BlindDial"=dword:00000000</div>

<div>"MSCurrentCountry"=dword:000000b5</div>

<div>.</div>

<div>Completion time: 2012-08-09  10:57:02</div>

<div>ComboFix-quarantined-files.txt  2012-08-09 14:57</div>

<div>ComboFix2.txt  2012-08-08 17:01</div>

<div>ComboFix3.txt  2012-08-08 15:14</div>

<div>.</div>

<div>Pre-Run: 541,787,852,800 bytes free</div>

<div>Post-Run: 541,734,428,672 bytes free</div>

<div>.</div>

<div>- - End Of File - - BBDB59A2BD1AC37CDAF416A48CA0630D</div>

<div> </div>

Link to post
Share on other sites

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Being you have Vista > you may or may not be able to do this but please try.

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.