Jump to content

Please help?


Recommended Posts

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Thanks for your response, MrC. Below are dds and attach. I hope posting them is what you wanted me to do. If not, please redirect me.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30

Run by Elaine Moore at 11:29:13 on 2012-08-31

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.819 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html

uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>;*.local

mSearchAssistant = hxxp://www.google.com/hws/sb/dell/en/side.html

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tp-lin~1.lnk - c:\program files\tp-link\tp-link wireless configuration utility\TWCU.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://www.networkcamerareviews.com/downloads/cab/DVatDec.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.evite.com/html/imageUpload/ImageUploader5.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346286314794

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/ImageUploader4.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://bigwatersedge.axiscam.net/activex/AMC.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{9AD0B609-24CC-4A53-9778-BBEB9AACCB06} : DhcpNameServer = 209.18.47.61 209.18.47.62

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 205.238.40.1 winmx.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\elaine lance\application data\mozilla\firefox\profiles\k819aebi.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\elaine lance\application data\mozilla\firefox\profiles\k819aebi.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]

R1 MpKsl4dbad353;MpKsl4dbad353;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3db0412c-4223-4e7a-a2ec-03db439e516c}\MpKsl4dbad353.sys [2012-8-31 29904]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-12-21 1756384]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-12-21 57440]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9b8aee91e1c52;Google Update Service (gupdate1c9b8aee91e1c52);c:\program files\google\update\GoogleUpdate.exe [2009-4-8 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 250568]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-8 133104]

S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\tp-link wireless configuration utility\wps\jswpsapi.exe [2011-12-21 360529]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]

.

=============== Created Last 30 ================

.

2012-08-31 18:19:15 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3db0412c-4223-4e7a-a2ec-03db439e516c}\MpKsl4dbad353.sys

2012-08-31 01:02:35 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3db0412c-4223-4e7a-a2ec-03db439e516c}\mpengine.dll

2012-08-30 01:23:18 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-29 14:59:58 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

.

==================== Find3M ====================

.

2012-08-25 13:50:00 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-25 13:49:59 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec

2012-06-06 15:49:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

.

============= FINISH: 11:29:33.20 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 2/6/2006 9:01:08 PM

System Uptime: 8/31/2012 7:44:27 AM (4 hours ago)

.

Motherboard: Dell Inc. | | 0WG261

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 70 GiB total, 12.66 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Officejet 4500 G510n-z

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 4500 G510n-z

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP2597: 8/19/2012 10:08:03 AM - System Checkpoint

RP2598: 8/19/2012 6:25:27 PM - Software Distribution Service 3.0

RP2599: 8/20/2012 5:36:46 PM - Software Distribution Service 3.0

RP2600: 8/21/2012 5:45:38 PM - Software Distribution Service 3.0

RP2601: 8/22/2012 5:34:43 PM - Software Distribution Service 3.0

RP2602: 8/23/2012 5:35:22 PM - System Checkpoint

RP2603: 8/23/2012 6:19:44 PM - Software Distribution Service 3.0

RP2604: 8/24/2012 6:07:30 PM - Software Distribution Service 3.0

RP2605: 8/25/2012 6:13:12 PM - Software Distribution Service 3.0

RP2606: 8/26/2012 5:55:24 PM - Software Distribution Service 3.0

RP2607: 8/27/2012 5:49:42 PM - Software Distribution Service 3.0

RP2608: 8/28/2012 6:15:47 PM - Software Distribution Service 3.0

RP2609: 8/29/2012 5:51:27 PM - Software Distribution Service 3.0

RP2610: 8/29/2012 6:23:01 PM - Software Distribution Service 3.0

RP2611: 8/30/2012 6:02:32 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

4500_G510nz_Help

4500G510nz

4500G510nz_Software_Min

Acrobat.com

Adobe AIR

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 2.0

Adobe Photoshop Elements 7.0

Adobe Photoshop.com Inspiration Browser

Adobe Reader X (10.1.4)

AOLIcon

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Control Panel

ATI Display Driver

AXIS Media Control Embedded

Bonjour

BufferChm

CCleaner

Creative Mass Storage Drivers

Creative System Information

Creative Zen Nano Plus

Critical Update for Windows Media Player 11 (KB959772)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Defraggler

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Game Console

Dell Support Center (Support Software)

Dell System Restore

DellSupport

Destinations

DeviceDiscovery

Digital Content Portal

DocProc

EducateU

ELIcon

ESET Online Scanner v3

Fax

Garmin Lifetime Updater

Google Earth

Google Update Helper

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Officejet 4500 G510n-z

HP Product Detection

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

HPDiagnosticAlert

HPProductAssistant

Intel® 537EP V9x DF PCI Modem

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

Java Auto Updater

Java 6 Update 30

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Expression Web

Microsoft Expression Web MUI (English)

Microsoft Expression Web Service Pack 1 (SP1)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office FrontPage 2003

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

Microsoft Office Word MUI (English) 2010

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Software Update for Web Folders (English) 14

Microsoft User-Mode Driver Framework Feature Pack 1.0

Modem Event Monitor

Modem Helper

Modem On Hold

Mozilla Firefox 15.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

Network

OCR Software by I.R.I.S. 13.0

OverDrive Media Console

PhotoshopdotcomInspirationBrowser

Polar Bowler

QuickTime

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SmartWebPrinting

SolutionCenter

Sonic Encoders

Sonic RecordNow Copy

Spelling Dictionaries Support For Adobe Reader 9

Status

TL-WN822N Driver

Toolbox

TP-LINK Wireless Configuration Utility

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

WebCyberCoach 3.2 Dell

WebFldrs XP

WebReg

WildTangent Web Driver

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Media Player 11

Windows Presentation Foundation

Windows Search 4.0

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

8/31/2012 7:31:45 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address F8D11162C3F7. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

8/29/2012 5:55:10 PM, error: Service Control Manager [7034] - The TP-LINK Configuration Service service terminated unexpectedly. It has done this 1 time(s).

8/29/2012 5:37:39 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}

8/27/2012 7:21:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE

.

==== End Of File ===========================

Link to post
Share on other sites

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Elaine Moore [Admin rights]

Mode : Scan -- Date : 08/31/2012 12:29:16

¤¤¤ Bad processes : 1 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

205.238.40.1 winmx.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380819AS +++++

--- User ---

[MBR] cdbee0871117f94324fdc3ae7fdb05bc

[bSP] 3efdd157322bc54deb4f0f8435ac64f6 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 71476 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 146496735 | Size: 4753 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~~~~~~~

There's not much showing but lets run some scans.......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

Please read the directions carefully so you don't end up deleting something that is good!!

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

That scan was clean...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-08-31.08 - Elaine Moore 08/31/2012 18:46:13.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.799 [GMT -7:00]

Running from: c:\documents and settings\Elaine Lance\My Documents\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\arclib.dll

c:\documents and settings\All Users\Documents\~WRL0003.tmp

c:\documents and settings\All Users\Documents\~WRL1973.tmp

c:\documents and settings\All Users\Documents\~WRL2538.tmp

c:\documents and settings\All Users\Documents\~WRL2775.tmp

c:\documents and settings\Elaine Lance\Local Settings\Application Data\{C7BA3DA9-B502-43F6-BCF8-A37995FBD880}

c:\documents and settings\Elaine Lance\Local Settings\Application Data\{C7BA3DA9-B502-43F6-BCF8-A37995FBD880}\chrome.manifest

c:\documents and settings\Elaine Lance\Local Settings\Application Data\{C7BA3DA9-B502-43F6-BCF8-A37995FBD880}\chrome\content\overlay.xul

c:\documents and settings\Elaine Lance\Local Settings\Application Data\{C7BA3DA9-B502-43F6-BCF8-A37995FBD880}\install.rdf

c:\documents and settings\Elaine Lance\My Documents\~WRL0001.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\unicows.1

c:\windows\wt

c:\windows\wt\data.wts

c:\windows\wt\updater\wcmdmgr.exe

c:\windows\wt\updater\wcmdmgrl.exe

c:\windows\wt\updater\wt.ini

c:\windows\wt\webdriver.dll

c:\windows\wt\webdriver\4.1.1\actorobject.dll

c:\windows\wt\webdriver\4.1.1\dx5drv.dll

c:\windows\wt\webdriver\4.1.1\dx7drv.dll

c:\windows\wt\webdriver\4.1.1\objectbundle.dll

c:\windows\wt\webdriver\4.1.1\sound.dll

c:\windows\wt\webdriver\4.1.1\wdcaps.ded

c:\windows\wt\webdriver\4.1.1\wdengine.dll

c:\windows\wt\webdriver\4.1.1\webdriver.dll

c:\windows\wt\webdriver\4.1.1\wthost.exe

c:\windows\wt\webdriver\4.1.1\wthostctl.dll

c:\windows\wt\webdriver\4.1.1\wtmulti.dll

c:\windows\wt\webdriver\4.1.1\wtmulti.jar

c:\windows\wt\webdriver\4.1.1\wtwmplug.ax

c:\windows\wt\webdriver\4.1.1\wtwmplug.ini

c:\windows\wt\webdriver\export.dat

c:\windows\wt\webdriver\jdriver.dll

c:\windows\wt\webdriver\rdriver.dll

c:\windows\wt\webdriver\wildtangent.jar

c:\windows\wt\webdriver\wtdmmp.dll

c:\windows\wt\webdriver\wtdmmpi.jar

c:\windows\wt\webdriver\wtdmmpv.dll

c:\windows\wt\wt3d.dll

c:\windows\wt\wt3d.ini

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\controlPanel\index.html

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\update_info\data.wts

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpi.jar

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll

c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\dmmp.cdanfo

c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\DMMP_Uninstall.cdas

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\wt.sto

c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo

c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas

c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html

c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts

c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt

c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts

c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded

c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo

c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas

c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas

c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar

c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini

c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe

c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar

c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax

c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini

c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo

c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll

c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html

c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo

c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas

c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll

c:\windows\wt\wtupdates\wtdmmp\update_info\data.wts

c:\windows\wt\wtupdates\wtupdater\appinfo.dat

c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts

c:\windows\wt\wtvh.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))

.

.

2012-09-01 01:25 . 2012-09-01 01:25 304 ----a-w- C:\user.js

2012-09-01 01:24 . 2012-09-01 01:24 -------- d-----w- c:\program files\BabylonToolbar

2012-09-01 01:22 . 2012-09-01 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

2012-09-01 01:22 . 2012-09-01 01:22 -------- d-----w- c:\documents and settings\Elaine Lance\Application Data\Babylon

2012-09-01 00:59 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28FEA074-809E-4308-B9F1-AF3D4D5DB097}\mpengine.dll

2012-08-31 21:39 . 2012-08-31 21:39 177496 ----a-w- c:\windows\system32\drivers\86948340.sys

2012-08-31 01:02 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-29 14:59 . 2012-08-29 14:59 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-31 22:01 . 2012-08-31 22:01 38084 ----a-w- C:\TDSSKiller.2.8.8.0_31.08.2012_14.39.33_log.zip

2012-08-25 13:50 . 2012-04-02 04:03 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-25 13:49 . 2011-05-27 21:50 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 13:58 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 20:46 . 2010-05-08 01:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40 . 2005-08-16 10:18 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49 . 2005-08-16 10:18 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec

2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50 . 2007-05-15 22:43 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2005-08-16 10:18 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-05 00:35 . 2008-07-04 19:10 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32 . 2005-08-16 10:18 152576 ----a-w- c:\windows\system32\schannel.dll

2012-08-29 14:59 . 2012-02-21 17:41 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 196608]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-14 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

TP-LINK Wireless Configuration Utility.lnk - c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe [2011-12-21 788992]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]

R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12/21/2011 5:45 PM 1756384]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/21/2011 5:46 PM 57440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S2 gupdate1c9b8aee91e1c52;Google Update Service (gupdate1c9b8aee91e1c52);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 6:02 PM 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 9:03 PM 250568]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 6:02 PM 133104]

S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [12/21/2011 5:46 PM 360529]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:08 PM 114144]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 28523989

*NewlyCreated* - MPKSL4DBAD353

*NewlyCreated* - TRUESIGHT

*Deregistered* - 28523989

*Deregistered* - MpKsl4dbad353

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:50]

.

2012-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 01:02]

.

2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 01:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.babylon.com/?affID=114336&tt=3512_6&babsrc=HP_ss&mntrId=e025dff7000000000000f8d11162c3f7

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/ImageUploader4.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://bigwatersedge.axiscam.net/activex/AMC.cab

FF - ProfilePath - c:\documents and settings\Elaine Lance\Application Data\Mozilla\Firefox\Profiles\k819aebi.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=114336&tt=3512_6&babsrc=HP_ss&mntrId=e025dff7000000000000f8d11162c3f7

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=114336&tt=3512_6&babsrc=KW_ss&mntrId=e025dff7000000000000f8d11162c3f7&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e025dff7000000000000f8d11162c3f7&q=

FF - user.js: extensions.BabylonToolbar.id - e025dff7000000000000f8d11162c3f7

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15584

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1218:25

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - bbcln

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114336&tt=3512_6

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-31 18:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\docume~1\ELAINE~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

Completion time: 2012-08-31 18:55:31

ComboFix-quarantined-files.txt 2012-09-01 01:55

.

Pre-Run: 13,290,708,992 bytes free

Post-Run: 15,101,431,808 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 91E433D2A5A3CE3C4AEA5D303A0DE3A4

Link to post
Share on other sites

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

DDS::

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun: [<no name="">]

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

Start Page = hxxp://search.babylon.com/?

Folder::

c:\program files\BabylonToolbar

c:\documents and settings\All Users\Application Data\Babylon

c:\documents and settings\Elaine Lance\Application Data\Babylon

Firefox::

FF - ProfilePath - c:\documents and settings\Elaine Lance\Application Data\Mozilla\Firefox\Profiles\k819aebi.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=114336&tt=3512_6&babsrc=HP_ss&mntrId=e025dff7000000000000f8d11162c3f7

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=114336&tt=3512_6&babsrc=KW_ss&mntrId=e025dff7000000000000f8d11162c3f7&q=

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e025dff7000000000000f8d11162c3f7&q=

FF - user.js: extensions.BabylonToolbar.id - e025dff7000000000000f8d11162c3f7

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15584

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1218:25

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - bbcln

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114336&tt=3512_6

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC (gone for tonight > be back in the AM)</no>

Link to post
Share on other sites

Sweet dreams!

Below is the ComboFix log.

FYI - I turned my antivirus program back on.

Running from: c:\documents and settings\Elaine Lance\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Elaine Lance\My Documents\Downloads\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Babylon

c:\documents and settings\All Users\Documents\userinit.exe

c:\documents and settings\Elaine Lance\Application Data\Babylon

c:\documents and settings\Elaine Lance\Application Data\Babylon\log_file.txt

c:\program files\BabylonToolbar

c:\program files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarApp.dll

c:\program files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarEng.dll

c:\program files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe

c:\program files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll

c:\program files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll

c:\program files\BabylonToolbar\BabylonToolbar\1.6.9.12\escortShld.dll

c:\program files\BabylonToolbar\BabylonToolbar\1.6.9.12\uninstall.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))

.

.

2012-09-01 01:25 . 2012-09-01 01:25 304 ----a-w- C:\user.js

2012-09-01 01:25 . 2012-09-01 01:25 -------- d-----w- c:\documents and settings\Elaine Lance\Application Data\BabylonToolbar

2012-09-01 00:59 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28FEA074-809E-4308-B9F1-AF3D4D5DB097}\mpengine.dll

2012-08-31 21:39 . 2012-08-31 21:39 177496 ----a-w- c:\windows\system32\drivers\86948340.sys

2012-08-31 01:02 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-29 14:59 . 2012-08-29 14:59 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-31 22:01 . 2012-08-31 22:01 38084 ----a-w- C:\TDSSKiller.2.8.8.0_31.08.2012_14.39.33_log.zip

2012-08-25 13:50 . 2012-04-02 04:03 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-25 13:49 . 2011-05-27 21:50 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 13:58 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 20:46 . 2010-05-08 01:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40 . 2005-08-16 10:18 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49 . 2005-08-16 10:18 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec

2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50 . 2007-05-15 22:43 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2005-08-16 10:18 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-05 00:35 . 2008-07-04 19:10 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32 . 2005-08-16 10:18 152576 ----a-w- c:\windows\system32\schannel.dll

2012-08-29 14:59 . 2012-02-21 17:41 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 196608]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-14 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

TP-LINK Wireless Configuration Utility.lnk - c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe [2011-12-21 788992]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]

R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12/21/2011 5:45 PM 1756384]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/21/2011 5:46 PM 57440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S2 gupdate1c9b8aee91e1c52;Google Update Service (gupdate1c9b8aee91e1c52);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 6:02 PM 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 9:03 PM 250568]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 6:02 PM 133104]

S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [12/21/2011 5:46 PM 360529]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:08 PM 114144]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 28523989

*NewlyCreated* - MPKSL4DBAD353

*NewlyCreated* - TRUESIGHT

*Deregistered* - 28523989

*Deregistered* - MpKsl4dbad353

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:50]

.

2012-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 01:02]

.

2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 01:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.babylon.com/?affID=114336&tt=3512_6&babsrc=HP_ss&mntrId=e025dff7000000000000f8d11162c3f7

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/ImageUploader4.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://bigwatersedge.axiscam.net/activex/AMC.cab

FF - ProfilePath - c:\documents and settings\Elaine Lance\Application Data\Mozilla\Firefox\Profiles\k819aebi.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=114336&tt=3512_6&babsrc=HP_ss&mntrId=e025dff7000000000000f8d11162c3f7

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=114336&tt=3512_6&babsrc=KW_ss&mntrId=e025dff7000000000000f8d11162c3f7&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e025dff7000000000000f8d11162c3f7&q=

FF - user.js: extensions.BabylonToolbar.id - e025dff7000000000000f8d11162c3f7

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15584

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1218:25

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - bbcln

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114336&tt=3512_6

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.6.9.12\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-31 19:42

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-08-31 19:44:42

ComboFix-quarantined-files.txt 2012-09-01 02:44

ComboFix2.txt 2012-09-01 01:55

.

Pre-Run: 15,112,437,760 bytes free

Post-Run: 15,097,237,504 bytes free

.

- - End Of File - - A1AB12051E991BBC5A7B9E275D0ED0D5

Link to post
Share on other sites

ComboFix 12-09-01.01 - Elaine Moore 09/02/2012 16:40:23.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.716 [GMT -7:00]

Running from: c:\documents and settings\Elaine Lance\My Documents\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))

.

.

2012-09-02 01:06 . 2012-09-02 01:06 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31799E4F-0B06-4D3E-B5CC-30B4762F1AE4}\offreg.dll

2012-09-02 01:06 . 2012-09-02 01:06 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31799E4F-0B06-4D3E-B5CC-30B4762F1AE4}\MpKsleefdbcdc.sys

2012-09-02 01:01 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31799E4F-0B06-4D3E-B5CC-30B4762F1AE4}\mpengine.dll

2012-09-01 15:49 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-01 01:25 . 2012-09-01 01:25 304 ----a-w- C:\user.js

2012-09-01 01:25 . 2012-09-01 01:25 -------- d-----w- c:\documents and settings\Elaine Lance\Application Data\BabylonToolbar

2012-08-31 21:39 . 2012-08-31 21:39 177496 ----a-w- c:\windows\system32\drivers\86948340.sys

2012-08-29 14:59 . 2012-08-29 14:59 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-31 22:01 . 2012-08-31 22:01 38084 ----a-w- C:\TDSSKiller.2.8.8.0_31.08.2012_14.39.33_log.zip

2012-08-25 13:50 . 2012-04-02 04:03 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-25 13:49 . 2011-05-27 21:50 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 13:58 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 20:46 . 2010-05-08 01:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40 . 2005-08-16 10:18 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49 . 2005-08-16 10:18 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec

2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50 . 2007-05-15 22:43 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2005-08-16 10:18 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-05 00:35 . 2008-07-04 19:10 222448 ----a-w- c:\windows\system32\muweb.dll

2012-08-29 14:59 . 2012-02-21 17:41 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-09-01_01.52.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-09-01 15:34 . 2012-09-01 15:34 16384 c:\windows\Temp\Perflib_Perfdata_2a0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 196608]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-14 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

TP-LINK Wireless Configuration Utility.lnk - c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe [2011-12-21 788992]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R1 MpKsleefdbcdc;MpKsleefdbcdc;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31799E4F-0B06-4D3E-B5CC-30B4762F1AE4}\MpKsleefdbcdc.sys [9/1/2012 6:06 PM 29904]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]

R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12/21/2011 5:45 PM 1756384]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/21/2011 5:46 PM 57440]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S2 gupdate1c9b8aee91e1c52;Google Update Service (gupdate1c9b8aee91e1c52);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 6:02 PM 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 9:03 PM 250568]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 6:02 PM 133104]

S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [12/21/2011 5:46 PM 360529]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:08 PM 114144]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLEEFDBCDC

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:50]

.

2012-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 01:02]

.

2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 01:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.babylon.com/?affID=114336&tt=3512_6&babsrc=HP_ss&mntrId=e025dff7000000000000f8d11162c3f7

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/ImageUploader4.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://bigwatersedge.axiscam.net/activex/AMC.cab

FF - ProfilePath - c:\documents and settings\Elaine Lance\Application Data\Mozilla\Firefox\Profiles\k819aebi.default\

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-09-02 16:47

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(8240)

c:\windows\system32\WININET.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-09-02 16:50:09

ComboFix-quarantined-files.txt 2012-09-02 23:50

ComboFix2.txt 2012-09-02 23:29

ComboFix3.txt 2012-09-01 02:44

ComboFix4.txt 2012-09-01 01:55

.

Pre-Run: 15,019,622,400 bytes free

Post-Run: 15,019,257,856 bytes free

.

- - End Of File - - B03A26C0C938140A5F6242844FAF5B43

Link to post
Share on other sites

OK, I didn't see the Babylon icon in the system tray, so I skipped step 1.

Did step 2. (The list of currently installed programs took a looooong time to load, BTW.)

Step 3: Uninstalled Babylon installer. That's the only Bablylon-related item that I saw. No Babylon toolbar or anything else.

Step 4: I didn't see a Babylon folder in Program Files.

Step 6: Disabled Babylon toolbar in IE; the add-on doesn't appear in Firefox Add-ons Manager.

The toolbar is still there.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.