Jump to content

Protection Disabled


Recommended Posts

Problem: Cannot Enable Protection for the filesystem and malicious website blocking. The checkboxes do not respond to clicking.

Operating System: Windows XP

Fixes Tried:

1. Complete uninstall, purge registry, purge program files subdirectory, reboot and install. Result: no effect.

2. Same as #1 but disable Antivirus protection after reboot. Result: no effect.

3. Run RogueKiller.exe, prescan, scan and no fix. Got report.

The RogueKiller report follows:

<<<<<<<<<<<<<<<<<<<<<

RogueKiller V8.1.1 [10/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Website: http://tigzy.geeksto...roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Richard Maley [Admin rights]

Mode : Scan -- Date : 10/05/2012 09:35:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-527237240-725345543-839522115-1004\$bca89a63b724501b7d67e58ee91afdd9\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-21-527237240-725345543-839522115-1004\$bca89a63b724501b7d67e58ee91afdd9\U --> FOUND

[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-21-527237240-725345543-839522115-1004\$bca89a63b724501b7d67e58ee91afdd9\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1001namen.com

127.0.0.1 1001namen.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2250BH G2 +++++

--- User ---

[MBR] 4d7d907f3448dbbede06b394e1d67601

[bSP] 523f81b1830e6e8b0bee3816604d249a : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

>>>>>>>>>>>>>>>>>>>>>

Thank you.

Dick Maley

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download
DeFogger to your desktop.
Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

Security Check

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:
    dds_scr.gif
    Download DDS and save it to your desktop
Link1
Link2
Link3
Please disable any anti-malware program that will block scripts from running before running DDS.
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt

    [*]A window will open instructing you save & post the logs

    [*]Save the logs to a convenient place such as your desktop

    [*]Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following
  1. .logs from DDS
  2. let me know of any problems you may have had

Gringo

Link to post
Share on other sites

The output of the SecurityCheck is:

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Results of screen317's Security Check version 0.99.51

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Out of date Spybot installed!

Spybot - Search & Destroy 1.3

Spybot - Search & Destroy

Norton Ghost

Malwarebytes Anti-Malware version 1.65.0.1400

AVS Registry Cleaner version 2.2

BRC OFX Cleaner

Jindent - Source Code Formatter for Java/C/C++ 4.1.1

JavaFX 2.0.3

JavaFX 2.0.3 SDK

Java 7 Update 7

Java SE Runtime Environment 6

Java SE Development Kit 6

Java SE Development Kit 7 Update 3

Adobe Flash Player 11.4.402.278

Adobe Reader X (10.1.4)

Mozilla Firefox (15.0.1)

Mozilla Thunderbird (Data..)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Richard Maley Desktop Defogger.exe

Richard Maley Desktop SecurityCheck.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 26% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Link to post
Share on other sites

Here is the DDS.txt

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2

Run by Richard Maley at 12:14:43 on 2012-10-05

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1480 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Uniblue\MaxiDisk\mdmonitor.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe

C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\Uniblue\PowerSuite\powersuite_monitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\xampp\apache\bin\httpd.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe

C:\glassfish3\glassfish\domains\domain1\bin\domain1ServiceService.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\xampp\apache\bin\httpd.exe

C:\glassfish3\jdk\bin\java.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\xampp\mysql\bin\mysqld.exe

C:\glassfish3\jdk\bin\java.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE

C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\acquia-drupal\xmail\XMail.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

C:\WINDOWS\system32\dllhost.exe

svchost.exe

C:\PROGRA~1\Uniblue\POWERS~1\powersuite.exe

C:\Program Files\Uniblue\PowerSuite\powersuite_service.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Richard Maley\Desktop\Defogger.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.advdelphisys.com/homex/dick.html

uSearch Bar = Search Bar.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = Search Bar.htm

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized

mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"

mRun: [Powersuite Monitor] "c:\program files\uniblue\powersuite\powersuite_monitor.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: c:\program files\vmware\vmware player\vsocklib.dll

Trusted Zone: intuit.com\ttlc

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240747182484

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.223.1 65.106.1.196

TCP: Interfaces\{170B9107-40FF-4FBB-B0EC-9AD7D0A3A90D} : DhcpNameServer = 192.168.223.1 65.106.1.196

TCP: Interfaces\{497FDD31-839E-4885-8BE9-FE089F7F29D7} : DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-8 20744]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 193552]

R1 MpKsld207ec28;MpKsld207ec28;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{717d814c-74e3-4d4a-9cdc-d4c0af90e872}\MpKsld207ec28.sys [2012-10-5 29904]

R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\httpd.exe [2011-9-10 18432]

R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\brother\bradmin professional 3\bratimer.exe [2012-9-13 65536]

R2 domain1Service;domain1 GlassFish Server;c:\glassfish3\glassfish\domains\domain1\bin\domain1ServiceService.exe [2012-8-23 30208]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-5 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-5 676936]

R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [?]

R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE [2011-8-27 512000]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-2-28 5120]

R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2012-6-9 70808]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-6-9 539288]

R2 XMail;XMail Server;c:\program files\acquia-drupal\xmail\XMail.exe [2012-6-15 397824]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-5 22856]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2012-9-15 6609920]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]

R3 Uniblue.PowersuiteSvc;Uniblue Powersuite Service;c:\program files\uniblue\powersuite\powersuite_service.exe [2012-9-7 30048]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca01c72cfb18df;Google Update Service (gupdate1ca01c72cfb18df);c:\program files\google\update\GoogleUpdate.exe [2009-7-10 133104]

S2 lxdr_device;lxdr_device; [x]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250288]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-26 1691480]

S3 BlackfishSQL;BlackfishSQL;c:\program files\embarcadero\rad studio\7.0\bin\BSQLServer.exe [2009-11-18 65536]

S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]

S3 EtmTempSense;EtmTempSense;c:\windows\system32\drivers\EtmTempSense.sys [2012-9-15 12288]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-10 133104]

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 114144]

S3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1562096]

S3 Uniblue.MaxiDiskSvc;Uniblue Maxi Disk Service;c:\program files\uniblue\maxidisk\service.exe [2012-9-7 30096]

S3 vsdatant;vsdatant; [x]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-8-15 47128]

S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\11.2.0\server\bin\extjob.exe XE [?]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-8-15 369688]

.

=============== Created Last 30 ================

.

2012-10-05 14:12:10 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{717d814c-74e3-4d4a-9cdc-d4c0af90e872}\offreg.dll

2012-10-05 14:12:10 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{717d814c-74e3-4d4a-9cdc-d4c0af90e872}\MpKsld207ec28.sys

2012-10-05 14:07:27 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{717d814c-74e3-4d4a-9cdc-d4c0af90e872}\mpengine.dll

2012-10-05 13:29:27 -------- d-----w- c:\documents and settings\richard maley\application data\Malwarebytes

2012-10-05 13:29:13 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-10-05 13:29:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-05 13:29:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-03 13:31:53 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-09-15 12:14:22 675840 ----a-w- c:\windows\system32\NETwLc32.dll

2012-09-15 12:14:22 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys

2012-09-15 12:14:22 2756608 ----a-w- c:\windows\system32\NETwLr32.dll

2012-09-15 12:13:59 -------- d-----w- c:\program files\Synaptics

2012-09-15 12:13:48 1048576 ----a-w- c:\windows\system32\syndata.bin

2012-09-15 12:13:45 311696 ----a-w- c:\windows\system32\drivers\SynTP.sys

2012-09-15 12:13:45 175376 ----a-w- c:\windows\system32\SynTPAPI.dll

2012-09-15 12:13:45 122128 ----a-w- c:\windows\system32\SynTPCo9.dll

2012-09-15 12:13:43 224528 ----a-w- c:\windows\system32\SynCtrl.dll

2012-09-15 12:13:41 183568 ----a-w- c:\windows\system32\SynCOM.dll

2012-09-15 12:09:28 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2012-09-15 12:09:02 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-09-15 12:03:56 12288 ----a-w- c:\windows\system32\drivers\EtmTempSense.sys

2012-09-15 12:03:37 20304 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys

2012-09-12 14:46:19 -------- d-----w- c:\documents and settings\richard maley\local settings\application data\HP

2012-09-12 14:46:15 -------- d-----w- c:\documents and settings\richard maley\application data\HP_LaserJet_Fax_0_6

2012-09-10 13:28:38 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-09 23:13:55 103720 ----a-w- c:\documents and settings\richard maley\GoToAssistDownloadHelper.exe

2012-09-07 19:44:59 662528 ----a-w- c:\program files\mozilla firefox\plugins\webex\1224\atarm.dll

2012-09-05 23:05:49 -------- d-----w- c:\documents and settings\richard maley\local settings\application data\{40D18E21-F7AE-11E1-8270-B8AC6F996F26}

.

==================== Find3M ====================

.

2012-09-21 14:17:36 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-21 14:17:36 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-15 12:09:02 40848 ----a-w- c:\windows\system32\drivers\point32.sys

2012-09-15 12:04:03 329960 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys

2012-09-10 13:28:26 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-09-10 13:28:25 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-10 13:28:25 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-28 17:58:57 28160 ----a-w- c:\windows\system32\md5sum.exe

2012-08-28 17:58:51 35328 ----a-w- c:\windows\system32\tail.exe

2012-08-28 17:32:21 483328 ----a-w- c:\windows\system32\putty.exe

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec

2012-08-08 18:18:55 608 --sha-w- c:\windows\system32\winzvprt5.sys

.

============= FINISH: 12:15:58.79 ===============

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Link to post
Share on other sites

  • Staff

Greetings

That is Ok I will get that info later

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

I ran AdwCleaner and the results follow:

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

# AdwCleaner v2.003 - Logfile created 10/05/2012 at 13:15:39

# Updated 23/09/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Richard Maley - DICKS_LAPTOP

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Richard Maley\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\user.js

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Deleted : C:\Documents and Settings\Richard Maley\Application Data\Mozilla\Firefox\Profiles\o7pn7d4k.default\Conduit

Folder Deleted : C:\Documents and Settings\Richard Maley\Application Data\Mozilla\Firefox\Profiles\o7pn7d4k.default\CT2830584

Folder Deleted : C:\Documents and Settings\Richard Maley\Application Data\Mozilla\Firefox\Profiles\o7pn7d4k.default\extensions\{fafaacea-c957-4d38-884d-4f4045a0bca4}

Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Documents and Settings\Richard Maley\Application Data\Mozilla\Firefox\Profiles\o7pn7d4k.default\prefs.js

C:\Documents and Settings\Richard Maley\Application Data\Mozilla\Firefox\Profiles\o7pn7d4k.default\user.js ... Deleted !

Deleted : user_pref("CT2830584..clientLogIsEnabled", false);

Deleted : user_pref("CT2830584..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2830584..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2830584.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT2830584.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2830584.BrowserCompStateIsOpen_129683313951238817", true);

Deleted : user_pref("CT2830584.CTID", "CT2830584");

Deleted : user_pref("CT2830584.CurrentServerDate", "5-10-2012");

Deleted : user_pref("CT2830584.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2830584.DialogsGetterLastCheckTime", "Fri Oct 05 2012 08:56:06 GMT-0400 (Eastern Daylig[...]

Deleted : user_pref("CT2830584.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]

Deleted : user_pref("CT2830584.FirstServerDate", "7-12-2010");

Deleted : user_pref("CT2830584.FirstTime", true);

Deleted : user_pref("CT2830584.FirstTimeFF3", true);

Deleted : user_pref("CT2830584.FixPageNotFoundErrors", true);

Deleted : user_pref("CT2830584.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2830584.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2830584.HasUserGlobalKeys", true);

Deleted : user_pref("CT2830584.Initialize", true);

Deleted : user_pref("CT2830584.InitializeCommonPrefs", true);

Deleted : user_pref("CT2830584.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2830584.InstallationType", "DirectDownload");

Deleted : user_pref("CT2830584.InstalledDate", "Mon Dec 06 2010 18:09:24 GMT-0500 (Eastern Standard Time)");

Deleted : user_pref("CT2830584.InvalidateCache", false);

Deleted : user_pref("CT2830584.IsGrouping", false);

Deleted : user_pref("CT2830584.IsMulticommunity", false);

Deleted : user_pref("CT2830584.IsOpenThankYouPage", true);

Deleted : user_pref("CT2830584.IsOpenUninstallPage", true);

Deleted : user_pref("CT2830584.LanguagePackLastCheckTime", "Fri Oct 05 2012 11:02:44 GMT-0400 (Eastern Dayligh[...]

Deleted : user_pref("CT2830584.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2830584.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2830584.LastLogin_3.12.2.3", "Wed May 30 2012 06:14:50 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT2830584.LastLogin_3.13.0.6", "Sun Jul 15 2012 09:12:32 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT2830584.LastLogin_3.14.1.0", "Tue Aug 21 2012 14:47:21 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT2830584.LastLogin_3.15.1.0", "Fri Oct 05 2012 10:33:51 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT2830584.LastLogin_3.2.5.2", "Mon Dec 06 2010 18:09:23 GMT-0500 (Eastern Standard Time)"[...]

Deleted : user_pref("CT2830584.LatestVersion", "3.14.1.0");

Deleted : user_pref("CT2830584.Locale", "en");

Deleted : user_pref("CT2830584.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2830584.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2830584.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2830584.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2830584.RadioIsPodcast", false);

Deleted : user_pref("CT2830584.RadioLastCheckTime", "Mon Dec 06 2010 18:09:51 GMT-0500 (Eastern Standard Time)[...]

Deleted : user_pref("CT2830584.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT2830584.RadioLastUpdateServer", "3");

Deleted : user_pref("CT2830584.RadioMediaID", "9850");

Deleted : user_pref("CT2830584.RadioMediaType", "Media Player");

Deleted : user_pref("CT2830584.RadioMenuSelectedID", "EBRadioMenu_CT2830584_RECENT9850");

Deleted : user_pref("CT2830584.RadioStationName", "National%20Public%20Radio%3A%20Hourly%20Newscast");

Deleted : user_pref("CT2830584.RadioStationURL", "hxxp://www.npr.org/dmg/dmg.php?getNewsCast=true&NPRMediaPref[...]

Deleted : user_pref("CT2830584.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2830584.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT283[...]

Deleted : user_pref("CT2830584.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2830584.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2830584.SearchInNewTabLastCheckTime", "Fri Oct 05 2012 11:02:41 GMT-0400 (Eastern Dayli[...]

Deleted : user_pref("CT2830584.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2830584.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Deleted : user_pref("CT2830584.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT2830584.ServiceMapLastCheckTime", "Fri Oct 05 2012 11:02:41 GMT-0400 (Eastern Daylight [...]

Deleted : user_pref("CT2830584.SettingsLastCheckTime", "Fri Oct 05 2012 11:09:19 GMT-0400 (Eastern Daylight Ti[...]

Deleted : user_pref("CT2830584.SettingsLastUpdate", "1348502557");

Deleted : user_pref("CT2830584.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2830584.ThirdPartyComponentsLastCheck", "Mon Dec 06 2010 18:09:23 GMT-0500 (Eastern Sta[...]

Deleted : user_pref("CT2830584.ThirdPartyComponentsLastUpdate", "1246790578");

Deleted : user_pref("CT2830584.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2830584.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2830584");

Deleted : user_pref("CT2830584.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2830584.UserID", "UN31699616425593302");

Deleted : user_pref("CT2830584.ValidationData_Toolbar", 2);

Deleted : user_pref("CT2830584.alertChannelId", "1222651");

Deleted : user_pref("CT2830584.backendstorage.cb_user_id_000", "43423531343331383735313730345F46697265666F78")[...]

Deleted : user_pref("CT2830584.backendstorage.cbcountry_000", "5553");

Deleted : user_pref("CT2830584.backendstorage.cbcountry_001", "5553");

Deleted : user_pref("CT2830584.backendstorage.cbfirsttime", "536174204A756E20303920323031322030373A32333A31312[...]

Deleted : user_pref("CT2830584.backendstorage.shoppingapp.gk.exipres", "4D6F6E2041756720323720323031322031373A[...]

Deleted : user_pref("CT2830584.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");

Deleted : user_pref("CT2830584.backendstorage.url_history0001", "6A6176617363726970743A6A51756572792E66616E637[...]

Deleted : user_pref("CT2830584.components.1000034", false);

Deleted : user_pref("CT2830584.components.1000234", false);

Deleted : user_pref("CT2830584.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2830584.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2830584.initDone", true);

Deleted : user_pref("CT2830584.myStuffEnabled", true);

Deleted : user_pref("CT2830584.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2830584.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2830584.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2830584.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2830584.revertSettingsEnabled", false);

Deleted : user_pref("CT2830584.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2830584.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2830584.testingCtid", "");

Deleted : user_pref("CT2830584.toolbarAppMetaDataLastCheckTime", "Fri Oct 05 2012 11:02:44 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2830584.toolbarContextMenuLastCheckTime", "Mon Dec 06 2010 18:09:24 GMT-0500 (Eastern S[...]

Deleted : user_pref("CT2830584.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2830584/CT2830584[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1222651/1218324/US", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2830584", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2830584",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63426852822937[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2830584/CT2830584[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4e9[...]

Deleted : user_pref("CommunityToolbar.EngineOwner", "");

Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{fafaacea-c957-4d38-884d-4f4045a0bca4}");

Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "radio_tv_2.2");

Deleted : user_pref("CommunityToolbar.IsEngineShown", true);

Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2830584");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{fafaacea-c957-4d38-884d-4f4045a0bca4}");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "radio_tv_2.2");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2830584");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2830584");

Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Mar 22 2011 18:29:48 GMT-04[...]

Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 23 2011 14:42:48 GMT-0400 (Easte[...]

Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.locale", "en");

Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 11:00:39 GMT-0400 (Eastern D[...]

Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");

Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.alert.userId", "e13f6c0c-b1f0-47e9-9673-d6b8476b13dd");

Deleted : user_pref("CommunityToolbar.globalUserId", "ac26cdd7-7e9b-4ff6-90b1-bb33c4a0f402");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.killedEngine", true);

Deleted : user_pref("CommunityToolbar.undefined", "");

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113959&tt=201208_mnt_n_3512_7&babs[...]

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=113959&tt=201208_mnt_n_3512_7");

Deleted : user_pref("extensions.BabylonToolbar.babext", "babExt");

Deleted : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");

Deleted : user_pref("extensions.BabylonToolbar.bbdpng", 27);

Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltlng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltsrch", "false");

Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "newBlk");

Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.firstrun", false);

Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "97BFC6758773AA26157469A87B149ADD");

Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);

Deleted : user_pref("extensions.BabylonToolbar.hrdid", "d0fe798200000000000000ff982ca28a");

Deleted : user_pref("extensions.BabylonToolbar.id", "d0fe798200000000000000ff982ca28a");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15579");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.instlday", "15579");

Deleted : user_pref("extensions.BabylonToolbar.instlref", "sst");

Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");

Deleted : user_pref("extensions.BabylonToolbar.keywordurl", "");

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1214:58:44");

Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");

Deleted : user_pref("extensions.BabylonToolbar.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar.newtab", "false");

Deleted : user_pref("extensions.BabylonToolbar.newtaburl", "");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");

Deleted : user_pref("extensions.BabylonToolbar.sg", "none");

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar.smplgrp", "none");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.srcext", "ss");

Deleted : user_pref("extensions.BabylonToolbar.srch", "");

Deleted : user_pref("extensions.BabylonToolbar.srchprvdr", "");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.tlbrid", "base");

Deleted : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1214:58:44");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1214:58:44");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113959&tt=201208_mnt_n_3512_7");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1214:58:44");

Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=d0fe798200000000000000ff982[...]

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Richard Maley\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.51] : icon_url = "hxxp://www.babylon.com/favicon.ico",

Deleted [l.54] : keyword = "babylon.com",

Deleted [l.57] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=113959&tt=201208_mnt_n_3512_7&babsrc=SP_ss&mntrId=d0fe798200000000000000ff982ca28a",

-\\ Opera v11.52.1100.0

File : C:\Documents and Settings\Richard Maley\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [20787 octets] - [05/10/2012 13:15:39]

########## EOF - C:\AdwCleaner[s1].txt - [20848 octets] ##########

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Link to post
Share on other sites

I ran RogueKiller as you requested. The results follow:

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

RogueKiller V8.1.1 [10/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Richard Maley [Admin rights]

Mode : Remove -- Date : 10/05/2012 13:32:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-527237240-725345543-839522115-1004\$bca89a63b724501b7d67e58ee91afdd9\@ --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-527237240-725345543-839522115-1004\$bca89a63b724501b7d67e58ee91afdd9\U --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-527237240-725345543-839522115-1004\$bca89a63b724501b7d67e58ee91afdd9\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1001namen.com

127.0.0.1 1001namen.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2250BH G2 +++++

--- User ---

[MBR] 4d7d907f3448dbbede06b394e1d67601

[bSP] 523f81b1830e6e8b0bee3816604d249a : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

The ComboFix log is below:

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

ComboFix 12-10-04.02 - Richard Maley 10/05/2012 14:45:43.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1690 [GMT -4:00]

Running from: c:\documents and settings\Richard Maley\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Richard Maley\Application Data\Mozilla\Firefox\Profiles\o7pn7d4k.default\searchplugins\bing-zugo.xml

c:\documents and settings\Richard Maley\GoToAssistDownloadHelper.exe

c:\documents and settings\Richard Maley\WINDOWS

C:\readme.txt

c:\windows\EventSystem.log

c:\windows\iun6002.exe

c:\windows\system32\cc32100.dll

c:\windows\system32\cc32100mt.dll

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))

.

.

2012-10-05 17:57 . 2012-10-05 17:57 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{717D814C-74E3-4D4A-9CDC-D4C0AF90E872}\offreg.dll

2012-10-05 14:07 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{717D814C-74E3-4D4A-9CDC-D4C0AF90E872}\mpengine.dll

2012-10-05 13:29 . 2012-10-05 13:29 -------- d-----w- c:\documents and settings\Richard Maley\Application Data\Malwarebytes

2012-10-05 13:29 . 2012-10-05 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-10-05 13:29 . 2012-10-05 13:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-05 13:29 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-03 13:31 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-15 12:14 . 2012-09-15 12:14 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys

2012-09-15 12:14 . 2012-09-15 12:14 675840 ----a-w- c:\windows\system32\NETwLc32.dll

2012-09-15 12:14 . 2012-09-15 12:14 2756608 ----a-w- c:\windows\system32\NETwLr32.dll

2012-09-15 12:13 . 2012-09-15 12:13 -------- d-----w- c:\program files\Synaptics

2012-09-15 12:13 . 2012-09-15 12:13 1048576 ----a-w- c:\windows\system32\syndata.bin

2012-09-15 12:13 . 2012-09-15 12:13 311696 ----a-w- c:\windows\system32\drivers\SynTP.sys

2012-09-15 12:13 . 2012-09-15 12:13 175376 ----a-w- c:\windows\system32\SynTPAPI.dll

2012-09-15 12:13 . 2012-09-15 12:13 122128 ----a-w- c:\windows\system32\SynTPCo9.dll

2012-09-15 12:13 . 2012-09-15 12:13 224528 ----a-w- c:\windows\system32\SynCtrl.dll

2012-09-15 12:13 . 2012-09-15 12:13 183568 ----a-w- c:\windows\system32\SynCOM.dll

2012-09-15 12:09 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2012-09-15 12:09 . 2012-09-15 12:13 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-09-15 12:03 . 2012-09-15 12:03 12288 ----a-w- c:\windows\system32\drivers\EtmTempSense.sys

2012-09-15 12:03 . 2012-09-15 12:03 20304 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys

2012-09-12 14:46 . 2012-09-12 14:46 -------- d-----w- c:\documents and settings\Richard Maley\Local Settings\Application Data\HP

2012-09-12 14:46 . 2012-09-12 14:46 -------- d-----w- c:\documents and settings\Richard Maley\Application Data\HP_LaserJet_Fax_0_6

2012-09-10 13:28 . 2012-09-10 13:28 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-05 23:05 . 2012-09-05 23:05 -------- d-----w- c:\documents and settings\Richard Maley\Local Settings\Application Data\{40D18E21-F7AE-11E1-8270-B8AC6F996F26}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-21 14:17 . 2012-03-30 00:27 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-21 14:17 . 2011-05-18 17:03 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-15 12:09 . 2009-04-25 13:52 40848 ----a-w- c:\windows\system32\drivers\point32.sys

2012-09-15 12:04 . 2009-04-25 17:20 329960 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys

2012-09-10 13:28 . 2011-02-22 02:02 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-09-10 13:28 . 2012-08-27 17:38 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-10 13:28 . 2011-02-22 02:02 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-31 02:03 . 2012-03-21 00:44 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-28 17:58 . 2012-08-28 17:58 28160 ----a-w- c:\windows\system32\md5sum.exe

2012-08-28 17:58 . 2012-08-28 17:58 35328 ----a-w- c:\windows\system32\tail.exe

2012-08-28 17:32 . 2012-08-28 17:32 483328 ----a-w- c:\windows\system32\putty.exe

2012-08-28 15:14 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-03-01 16:01 . 2012-09-07 19:44 44360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2012-03-01 16:01 . 2012-09-07 19:44 107928 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2011-12-01 15:41 . 2012-09-07 19:44 302904 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2012-09-07 19:46 . 2012-09-07 19:44 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-11 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]

"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]

"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2012-06-09 64152]

"Powersuite Monitor"="c:\program files\Uniblue\PowerSuite\powersuite_monitor.exe" [2012-07-30 323936]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-09-15 2325776]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\Richard Maley\Start Menu\Programs\Startup\

desktop.ini.xxx [2009-4-24 84]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

desktop.ini.xxx [2009-4-24 84]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-4-25 155648]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]

2003-10-13 20:24 1732608 ----a-w- c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-03-23 16:13 149040 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]

2012-01-06 20:30 1446760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-02-28 20:00 166424 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2004-11-24 22:17 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]

2004-12-16 20:10 622592 ----a-w- c:\windows\system32\hphmon06.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]

2004-12-16 20:29 49152 ----a-w- c:\program files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-02-28 20:00 141848 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-16 21:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2012-09-12 21:19 947176 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]

2008-07-22 00:16 169312 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-16 00:02 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0]

2009-08-03 20:48 2250088 ----a-w- c:\program files\Norton Ghost\Agent\VProTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

2007-02-04 16:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-02-28 20:00 137752 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2011-08-09 20:14 20055144 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-07-11 01:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Sentillion\\DesktopComponents\\DesktopVault\\DesktopVault.exe"=

"c:\\Program Files\\Sentillion\\DesktopComponents\\VergenceLocator.exe"=

"c:\\Program Files\\Sentillion\\DesktopComponents\\COMAdapters\\c2w_cm.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Documents and Settings\\Richard Maley\\My Documents\\Morfik FX Demo\\Samples\\Tetris\\Tetris.exe"=

"c:\\Documents and Settings\\Richard Maley\\My Documents\\Morfik 07\\Samples\\Pascal\\Chart\\Chart.exe"=

"c:\\Documents and Settings\\Richard Maley\\My Documents\\Morfik FX Demo\\Samples\\BookCollector\\BookCollector.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Oracle\\Middleware\\jdk160_24\\bin\\java.exe"=

"c:\\Oracle\\Middleware\\jdeveloper\\jdeveloper.exe"=

"c:\\delphi\\projects\\maley\\internet\\HTTPServer201204141500\\bin\\HTTPServer.exe"=

"c:\\delphi\\projects\\maley\\internet\\AMaleyPatch\\bin\\AMaleyPatch.exe"=

"c:\\delphi\\projects\\maley\\internet\\MaidensBowerWebServer\\bin\\MaidensBowerWebServer.exe"=

"c:\\delphi\\projects\\maley\\internet\\PeerReview\\bin\\PeerReview.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\acquia-drupal\\mysql\\bin\\mysqld.exe"=

"c:\\Program Files\\acquia-drupal\\apache\\bin\\httpd.exe"=

"c:\\Program Files\\xampp\\apache\\bin\\httpd.exe"=

"c:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Java\\jdk1.6.0\\jre\\bin\\javaw.exe"=

"c:\\glassfish3\\jdk\\bin\\java.exe"=

"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=

"c:\\eclipse\\eclipse-java-juno-win32\\eclipse\\eclipse.exe"=

"c:\\eclipse\\eclipse-java-indigo-SR2-win32\\eclipse\\eclipse.exe"=

"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=

"c:\\Program Files\\Java\\jdk1.6.0\\bin\\javaw.exe"=

"c:\\Program Files\\Java\\jdk1.6.0\\jre\\bin\\java.exe"=

"c:\\Program Files\\Brother\\BRAdmin Professional 3\\discover.exe"=

"c:\\Program Files\\Brother\\BRAdmin Professional 3\\AuditorServer.exe"=

"c:\\Program Files\\Brother\\BRAdmin Professional 3\\bradminv3.exe"=

.

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/8/2009 12:39 AM 20744]

R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\httpd.exe [9/10/2011 5:43 AM 18432]

R2 domain1Service;domain1 GlassFish Server;c:\glassfish3\glassfish\domains\domain1\bin\domain1ServiceService.exe [8/23/2012 11:11 AM 30208]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [10/25/2010 2:53 PM 145920]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/5/2012 9:29 AM 399432]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/5/2012 9:29 AM 676936]

R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [?]

R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE [8/27/2011 11:00 AM 512000]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2/28/2006 8:00 AM 5120]

R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 8:25 PM 14080]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 8:25 PM 36352]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [6/9/2012 7:31 PM 70808]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [6/9/2012 6:30 PM 539288]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/5/2012 9:29 AM 22856]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [9/15/2012 8:14 AM 6609920]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 8:25 PM 77056]

R3 Uniblue.PowersuiteSvc;Uniblue Powersuite Service;c:\program files\Uniblue\PowerSuite\powersuite_service.exe [9/7/2012 2:26 PM 30048]

S2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [9/13/2012 4:21 AM 65536]

S2 gupdate1ca01c72cfb18df;Google Update Service (gupdate1ca01c72cfb18df);c:\program files\Google\Update\GoogleUpdate.exe [7/10/2009 9:30 PM 133104]

S2 lxdr_device;lxdr_device; [x]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]

S2 XMail;XMail Server;c:\program files\acquia-drupal\xmail\XMail.exe [6/15/2012 9:46 AM 397824]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 8:27 PM 250288]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/26/2009 8:31 AM 1691480]

S3 BlackfishSQL;BlackfishSQL;c:\program files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [11/18/2009 6:05 PM 65536]

S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 1:44 PM 30088]

S3 EtmTempSense;EtmTempSense;c:\windows\system32\drivers\EtmTempSense.sys [9/15/2012 8:03 AM 12288]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/10/2009 9:30 PM 133104]

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 3:58 PM 26248]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 4:09 PM 114144]

S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1562096]

S3 Uniblue.MaxiDiskSvc;Uniblue Maxi Disk Service;c:\program files\Uniblue\MaxiDisk\service.exe [9/7/2012 1:43 PM 30096]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [8/15/2008 3:47 PM 47128]

S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [?]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 3:49 AM 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [8/15/2008 3:47 PM 369688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 14:17]

.

2012-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-10-05 c:\windows\Tasks\At1.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-10-05 c:\windows\Tasks\At2.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-10-04 c:\windows\Tasks\At3.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-10-04 c:\windows\Tasks\At4.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-10-05 c:\windows\Tasks\ConfigExec.job

- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 02:09]

.

2012-10-05 c:\windows\Tasks\DataUpload.job

- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 02:09]

.

2012-10-05 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-11 03:58]

.

2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 01:30]

.

2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 01:30]

.

2012-10-05 c:\windows\Tasks\MaxiDisk.job

- c:\program files\Uniblue\MaxiDisk\mdmonitor.exe [2012-09-07 19:24]

.

2012-05-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2004-05-12 19:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.advdelphisys.com/homex/dick.html

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = Search Bar.htm

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\VMware\VMware Player\vsocklib.dll

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.223.1 65.106.1.196

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-10-05 14:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2012-10-05 14:59:20

ComboFix-quarantined-files.txt 2012-10-05 18:59

.

Pre-Run: 19,686,711,296 bytes free

Post-Run: 20,803,862,528 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 50A3501815AC2FCD6633A9ED1DCFD2FC

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

The computer is running fine.

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

There were no errors.

I still cannot enable filesystem protection.

Combofix report follows

<<<<<<<<<<<<<<<<<<<<<<<

ComboFix 12-10-04.02 - Richard Maley 10/06/2012 8:20.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1581 [GMT -4:00]

Running from: c:\documents and settings\Richard Maley\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Richard Maley\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

F:\autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))

.

.

2012-10-06 10:42 . 2012-10-06 10:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-10-06 03:12 . 2012-10-06 03:12 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0AEBF158-8A2C-407E-8336-8ECDBC276CA5}\offreg.dll

2012-10-06 03:12 . 2012-10-06 03:12 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0AEBF158-8A2C-407E-8336-8ECDBC276CA5}\MpKslf943f855.sys

2012-10-06 03:09 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0AEBF158-8A2C-407E-8336-8ECDBC276CA5}\mpengine.dll

2012-10-06 01:48 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-10-05 13:29 . 2012-10-05 13:29 -------- d-----w- c:\documents and settings\Richard Maley\Application Data\Malwarebytes

2012-10-05 13:29 . 2012-10-05 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-10-05 13:29 . 2012-10-05 13:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-05 13:29 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-15 12:14 . 2012-09-15 12:14 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys

2012-09-15 12:14 . 2012-09-15 12:14 675840 ----a-w- c:\windows\system32\NETwLc32.dll

2012-09-15 12:14 . 2012-09-15 12:14 2756608 ----a-w- c:\windows\system32\NETwLr32.dll

2012-09-15 12:13 . 2012-09-15 12:13 -------- d-----w- c:\program files\Synaptics

2012-09-15 12:13 . 2012-09-15 12:13 1048576 ----a-w- c:\windows\system32\syndata.bin

2012-09-15 12:13 . 2012-09-15 12:13 311696 ----a-w- c:\windows\system32\drivers\SynTP.sys

2012-09-15 12:13 . 2012-09-15 12:13 175376 ----a-w- c:\windows\system32\SynTPAPI.dll

2012-09-15 12:13 . 2012-09-15 12:13 122128 ----a-w- c:\windows\system32\SynTPCo9.dll

2012-09-15 12:13 . 2012-09-15 12:13 224528 ----a-w- c:\windows\system32\SynCtrl.dll

2012-09-15 12:13 . 2012-09-15 12:13 183568 ----a-w- c:\windows\system32\SynCOM.dll

2012-09-15 12:09 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2012-09-15 12:09 . 2012-09-15 12:13 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-09-15 12:03 . 2012-09-15 12:03 12288 ----a-w- c:\windows\system32\drivers\EtmTempSense.sys

2012-09-15 12:03 . 2012-09-15 12:03 20304 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys

2012-09-12 14:46 . 2012-09-12 14:46 -------- d-----w- c:\documents and settings\Richard Maley\Local Settings\Application Data\HP

2012-09-12 14:46 . 2012-09-12 14:46 -------- d-----w- c:\documents and settings\Richard Maley\Application Data\HP_LaserJet_Fax_0_6

2012-09-10 13:28 . 2012-09-10 13:28 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-21 14:17 . 2012-03-30 00:27 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-21 14:17 . 2011-05-18 17:03 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-15 12:09 . 2009-04-25 13:52 40848 ----a-w- c:\windows\system32\drivers\point32.sys

2012-09-15 12:04 . 2009-04-25 17:20 329960 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys

2012-09-10 13:28 . 2011-02-22 02:02 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-09-10 13:28 . 2012-08-27 17:38 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-10 13:28 . 2011-02-22 02:02 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-31 02:03 . 2012-03-21 00:44 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-28 17:58 . 2012-08-28 17:58 28160 ----a-w- c:\windows\system32\md5sum.exe

2012-08-28 17:58 . 2012-08-28 17:58 35328 ----a-w- c:\windows\system32\tail.exe

2012-08-28 17:32 . 2012-08-28 17:32 483328 ----a-w- c:\windows\system32\putty.exe

2012-08-28 15:14 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-03-01 16:01 . 2012-09-07 19:44 44360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2012-03-01 16:01 . 2012-09-07 19:44 107928 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2011-12-01 15:41 . 2012-09-07 19:44 302904 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2012-09-07 19:46 . 2012-09-07 19:44 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-11 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]

"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]

"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2012-06-09 64152]

"Powersuite Monitor"="c:\program files\Uniblue\PowerSuite\powersuite_monitor.exe" [2012-07-30 323936]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-09-15 2325776]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\Richard Maley\Start Menu\Programs\Startup\

desktop.ini.xxx [2009-4-24 84]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

desktop.ini.xxx [2009-4-24 84]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-4-25 155648]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]

2003-10-13 20:24 1732608 ----a-w- c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-03-23 16:13 149040 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]

2012-01-06 20:30 1446760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-02-28 20:00 166424 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2004-11-24 22:17 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]

2004-12-16 20:10 622592 ----a-w- c:\windows\system32\hphmon06.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]

2004-12-16 20:29 49152 ----a-w- c:\program files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-02-28 20:00 141848 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-16 21:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2012-09-12 21:19 947176 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]

2008-07-22 00:16 169312 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-16 00:02 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0]

2009-08-03 20:48 2250088 ----a-w- c:\program files\Norton Ghost\Agent\VProTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

2007-02-04 16:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-02-28 20:00 137752 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2011-08-09 20:14 20055144 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-07-11 01:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Sentillion\\DesktopComponents\\DesktopVault\\DesktopVault.exe"=

"c:\\Program Files\\Sentillion\\DesktopComponents\\VergenceLocator.exe"=

"c:\\Program Files\\Sentillion\\DesktopComponents\\COMAdapters\\c2w_cm.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Documents and Settings\\Richard Maley\\My Documents\\Morfik FX Demo\\Samples\\Tetris\\Tetris.exe"=

"c:\\Documents and Settings\\Richard Maley\\My Documents\\Morfik 07\\Samples\\Pascal\\Chart\\Chart.exe"=

"c:\\Documents and Settings\\Richard Maley\\My Documents\\Morfik FX Demo\\Samples\\BookCollector\\BookCollector.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Oracle\\Middleware\\jdk160_24\\bin\\java.exe"=

"c:\\Oracle\\Middleware\\jdeveloper\\jdeveloper.exe"=

"c:\\delphi\\projects\\maley\\internet\\HTTPServer201204141500\\bin\\HTTPServer.exe"=

"c:\\delphi\\projects\\maley\\internet\\AMaleyPatch\\bin\\AMaleyPatch.exe"=

"c:\\delphi\\projects\\maley\\internet\\MaidensBowerWebServer\\bin\\MaidensBowerWebServer.exe"=

"c:\\delphi\\projects\\maley\\internet\\PeerReview\\bin\\PeerReview.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\acquia-drupal\\mysql\\bin\\mysqld.exe"=

"c:\\Program Files\\acquia-drupal\\apache\\bin\\httpd.exe"=

"c:\\Program Files\\xampp\\apache\\bin\\httpd.exe"=

"c:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Java\\jdk1.6.0\\jre\\bin\\javaw.exe"=

"c:\\glassfish3\\jdk\\bin\\java.exe"=

"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=

"c:\\eclipse\\eclipse-java-juno-win32\\eclipse\\eclipse.exe"=

"c:\\eclipse\\eclipse-java-indigo-SR2-win32\\eclipse\\eclipse.exe"=

"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=

"c:\\Program Files\\Java\\jdk1.6.0\\bin\\javaw.exe"=

"c:\\Program Files\\Java\\jdk1.6.0\\jre\\bin\\java.exe"=

"c:\\Program Files\\Brother\\BRAdmin Professional 3\\discover.exe"=

"c:\\Program Files\\Brother\\BRAdmin Professional 3\\AuditorServer.exe"=

"c:\\Program Files\\Brother\\BRAdmin Professional 3\\bradminv3.exe"=

.

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/8/2009 12:39 AM 20744]

R1 MpKslf943f855;MpKslf943f855;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0AEBF158-8A2C-407E-8336-8ECDBC276CA5}\MpKslf943f855.sys [10/5/2012 11:12 PM 29904]

R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\httpd.exe [9/10/2011 5:43 AM 18432]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [10/25/2010 2:53 PM 145920]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/5/2012 9:29 AM 399432]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/5/2012 9:29 AM 676936]

R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [?]

R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE [8/27/2011 11:00 AM 512000]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2/28/2006 8:00 AM 5120]

R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 8:25 PM 14080]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 8:25 PM 36352]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [6/9/2012 7:31 PM 70808]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [6/9/2012 6:30 PM 539288]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/5/2012 9:29 AM 22856]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/6/2012 6:42 AM 40776]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [9/15/2012 8:14 AM 6609920]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 8:25 PM 77056]

R3 Uniblue.PowersuiteSvc;Uniblue Powersuite Service;c:\program files\Uniblue\PowerSuite\powersuite_service.exe [9/7/2012 2:26 PM 30048]

S2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [9/13/2012 4:21 AM 65536]

S2 domain1Service;domain1 GlassFish Server;c:\glassfish3\glassfish\domains\domain1\bin\domain1ServiceService.exe [8/23/2012 11:11 AM 30208]

S2 gupdate1ca01c72cfb18df;Google Update Service (gupdate1ca01c72cfb18df);c:\program files\Google\Update\GoogleUpdate.exe [7/10/2009 9:30 PM 133104]

S2 lxdr_device;lxdr_device; [x]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]

S2 XMail;XMail Server;c:\program files\acquia-drupal\xmail\XMail.exe [6/15/2012 9:46 AM 397824]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 8:27 PM 250288]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/26/2009 8:31 AM 1691480]

S3 BlackfishSQL;BlackfishSQL;c:\program files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [11/18/2009 6:05 PM 65536]

S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 1:44 PM 30088]

S3 EtmTempSense;EtmTempSense;c:\windows\system32\drivers\EtmTempSense.sys [9/15/2012 8:03 AM 12288]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/10/2009 9:30 PM 133104]

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 3:58 PM 26248]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 4:09 PM 114144]

S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1562096]

S3 Uniblue.MaxiDiskSvc;Uniblue Maxi Disk Service;c:\program files\Uniblue\MaxiDisk\service.exe [9/7/2012 1:43 PM 30096]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [8/15/2008 3:47 PM 47128]

S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [?]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 3:49 AM 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [8/15/2008 3:47 PM 369688]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - MPKSLF943F855

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 14:17]

.

2012-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-10-05 c:\windows\Tasks\At1.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-10-06 c:\windows\Tasks\At2.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-10-04 c:\windows\Tasks\At3.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-10-04 c:\windows\Tasks\At4.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-10-06 c:\windows\Tasks\ConfigExec.job

- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 02:09]

.

2012-10-06 c:\windows\Tasks\DataUpload.job

- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 02:09]

.

2012-10-05 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-11 03:58]

.

2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 01:30]

.

2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 01:30]

.

2012-10-06 c:\windows\Tasks\MaxiDisk.job

- c:\program files\Uniblue\MaxiDisk\mdmonitor.exe [2012-09-07 19:24]

.

2012-10-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]

.

2012-05-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2004-05-12 19:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.advdelphisys.com/homex/dick.html

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = Search Bar.htm

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\VMware\VMware Player\vsocklib.dll

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-10-06 08:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2012-10-06 08:39:41

ComboFix-quarantined-files.txt 2012-10-06 12:39

ComboFix2.txt 2012-10-05 18:59

.

Pre-Run: 20,678,815,744 bytes free

Post-Run: 20,658,511,872 bytes free

.

- - End Of File - - 3400FEFD7474F3F416A6055E7E9317CE

>>>>>>>>>>>>>>>>>>>>>>>

Link to post
Share on other sites

  • Staff

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box


C:\Qoobox\Add-Remove Programs.txt

  • click ok

copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

Here is the report

<<<<<<<<<<<<<<<<<<<<<<<<<<<

1stClass 4000 Professional for Delphi 7

32 Bit HP CIO Components Installer

7-Zip 4.65

Acquia Dev Desktop

Adobe Acrobat 6.0.1 Professional

Adobe AIR

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Creative Suite

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe SVG Viewer 3.0

Advanced WMA Workshop version 2.09.9

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

ArcSoft Panorama Maker 4

ArcSoft PhotoStudio 5.5

Audacity 1.3.13 (Unicode)

AudioLabel

AVS Audio Converter 7

AVS Audio Editor 7.1

AVS Audio Recorder version 4.0

AVS Cover Editor 2.0.1.3

AVS Disc Creator 5

AVS Document Converter 2.1.2

AVS DVD Copy version 4.1.2

AVS Image Converter 2.1.2.169

AVS Media Player 4.1.8.93

AVS Photo Editor

AVS Registry Cleaner version 2.2

AVS Ringtone Maker version 1.6

AVS Screen Capture version 2.0.1

AVS Update Manager 1.0

AVS Video Converter 8

AVS Video Editor 6

AVS Video Recorder 2.4

AVS Video ReMaker 4.0.8.140

AVS4YOU Software Navigator 1.4

Borland Delphi 7

BRAdmin Professional 3

BRC Excel to QIF Converter

BRC OFX Cleaner

Brother BRAdmin Light 1.18.0001

Canon CanoScan LiDE 90 User Registration

Canon MP Navigator EX 1.0

Canon Utilities Solution Menu

CanoScan LiDE 90

Compatibility Pack for the 2007 Office system

Core FTP LE 1.3c

CSV2QFX

DesignPro 5

Dragon NaturallySpeaking 10

Driver Detective

DVD-RAM Driver

Embarcadero Delphi and C++Builder 2010 Database Pack

Embarcadero Delphi and C++Builder 2010 Help System

Embarcadero RAD Studio 2010

EMS SQL Manager 2010 for InterBase/Firebird

EurekaLog 6.0.17 Professional

ExamDiff Pro 5.0 (32-bit)

EXIFutils for Windows

File Uploader

Focus Magic 3.02

Garmin Communicator Plugin

Garmin Lifetime Updater

Garmin POI Loader

Garmin USB Drivers

Garmin WebUpdater

GetDataBack for FAT

GExperts for Delphi 2007

GExperts for Delphi 7

GlassFish Server Open Source Edition 3.1.2

GlassFish Server Open Source Edition 3.1.2.2

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Google Web Toolkit Developer Plugin for IE (x86)

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP FWUpdateEDO3

HP LaserJet Professional CM1410 Series

HP LJ CM1410 MFP Series HP Scan

HP Unified IO

HP Update

HPLaserJetHelp_LearnCenter

HPLJUT

hppCM1410LaserJetService

hppFaxDrvCM1410

hppFaxUtilityCM1410

hppLaserJetService

hppSendFaxCM1410

hppTLBXFXCM1410

hpzTLBXFX

I.R.I.S. OCR

InstallShield Express Borland Limited Edition

Intel® Graphics Media Accelerator Driver

Java 7 Update 7

Java Auto Updater

Java SE Development Kit 6

Java SE Development Kit 7 Update 3

Java SE Runtime Environment 6

JavaFX 2.0.3

JavaFX 2.0.3 SDK

Jindent - Source Code Formatter for Java/C/C++ 4.1.1

Juniper Networks Network Connect 7.0.0

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

Lazarus 1.0RC2

Malwarebytes Anti-Malware version 1.65.0.1400

Marketsplash Shortcuts

Maxtor Manager

Meeting Service

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 SDK - ENU

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Automated Troubleshooting Services Shim

Microsoft Document Explorer 2005

Microsoft Document Explorer 2008

Microsoft Fix it Center

Microsoft Image Composite Editor

Microsoft IntelliPoint 6.2

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Office XP Media Content

Microsoft Security Client

Microsoft Security Essentials

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Management Studio

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 Policies

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files (English)

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft SQL Server Compact 3.5 SP1 Query Tools English

Microsoft SQL Server VSS Writer

Microsoft Visio Professional 2002 [English]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual J# 2.0 Redistributable Package

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Web Platform Installer 2.0

ModelMaker 6.20

Mozilla Firefox 10.0.7 (x86 en-US)

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 15.0.1 (x86 en-US)

MSI to redistribute MS VS2005 CRT libraries

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB954459)

Neat Image v5.8 Pro+

NEC Electronics USB 3.0 Host Controller Driver

Nero 7 Essentials

neroxml

NetBeans IDE 7.1.2

NetBeans IDE 7.2

Nikon Message Center

Norton Ghost

Notepad Demo

Notepad++

OfxGen - 0.8

OGA Notifier 2.0.0048.0

Opera 11.52

Oracle Database 11g Express Edition

Oracle Fusion Middleware 11.1.2.1.0

Photosmart 320,370,7400,8100,8400,8700 Series

Picasa 3

Picture Control Utility

Portrait Professional 10.6

PSPExpress

PSPrinters06

PTLens

Quicken 2011

QuickTime

RAD Studio

Rad Studio Help System

RAF

Rave Reports 7.5.2 BE

Rave Reports 7.7.0 BE

RAW FILE CONVERTER powered by SILKYPIX

Realtek High Definition Audio Driver

RemObjects Pascal Script 3.0.39.777

Safari

ScanSoft OmniPage SE 4

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sentillion Vergence Desktop Components

SkyLine ImageLib Corporate Suite version 2007 Trial

Skype Click to Call

Skype™ 5.10

Spybot - Search & Destroy

Spybot - Search & Destroy 1.3

Sql Server Customer Experience Improvement Program

Stamps.com

Synaptics Pointing Device Driver

Texas Instruments PCIxx21/x515/xx12 drivers.

Thunderbird Email Data Extractor

TIPCI

TOSHIBA Software Modem

TurboTax 2008

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wmdiper

TurboTax 2008 wrapper

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wmdiper

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wmdiper

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wmdiper

TurboTax 2011 wrapper

ubCore

Uniblue MaxiDisk

Uniblue PixelPerfect

Uniblue Powersuite

Uniblue SystemTweaker

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VCLZip Pro 4

ViewNX

ViewSonic Monitor Drivers

ViewSonic Windows XP Signed Files

Visual C++ Runtime for Dragon NaturallySpeaking

VMware Player

WebFldrs XP

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows PowerShell 1.0

Windows XP Service Pack 3

XAMPP 1.7.7

>>>>>>>>>>>>>>>>>>>>>>>>>>>

Link to post
Share on other sites

  • Staff

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Link to post
Share on other sites

I ran ccleaner and then Malwarebytes. The Malwarebytes log follows. I am still unable to enable filesystem protection.

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.06.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Richard Maley :: DICKS_LAPTOP [administrator]

Protection: Disabled

10/6/2012 1:44:39 PM

mbam-log-2012-10-06 (13-44-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 247222

Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Link to post
Share on other sites

HijackThis results

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:37:14 PM, on 10/6/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Uniblue\MaxiDisk\mdmonitor.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe

C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\Uniblue\PowerSuite\powersuite_monitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\xampp\apache\bin\httpd.exe

C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe

C:\glassfish3\glassfish\domains\domain1\bin\domain1ServiceService.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\glassfish3\jdk\bin\java.exe

C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\xampp\apache\bin\httpd.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\xampp\mysql\bin\mysqld.exe

C:\WINDOWS\System32\svchost.exe

c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE

C:\glassfish3\jdk\bin\java.exe

C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\acquia-drupal\xmail\XMail.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Uniblue\POWERS~1\powersuite.exe

C:\Program Files\Uniblue\PowerSuite\powersuite_service.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\notepad.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Installs\mbam\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.advdelphisys.com/homex/dick.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Search Bar.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ToolboxFX] "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"

O4 - HKLM\..\Run: [Powersuite Monitor] "C:\Program Files\Uniblue\PowerSuite\powersuite_monitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: desktop.ini.xxx

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: desktop.ini.xxx

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240747182484

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\httpd.exe

O23 - Service: BlackfishSQL - CodeGear - C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe

O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe

O23 - Service: domain1 GlassFish Server (domain1Service) - Sun Microsystems, Inc. - C:\glassfish3\glassfish\domains\domain1\bin\domain1ServiceService.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe

O23 - Service: Google Update Service (gupdate1ca01c72cfb18df) (gupdate1ca01c72cfb18df) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe

O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE

O23 - Service: OracleXEClrAgent - Oracle Corporation - C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe

O23 - Service: OracleXETNSListener - Oracle Corporation - C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe

O23 - Service: Uniblue Maxi Disk Service (Uniblue.MaxiDiskSvc) - Unknown owner - C:\Program Files\Uniblue\MaxiDisk\service.exe

O23 - Service: Uniblue Powersuite Service (Uniblue.PowersuiteSvc) - Unknown owner - C:\Program Files\Uniblue\PowerSuite\powersuite_service.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: XMail Server (XMail) - Unknown owner - C:\Program Files\acquia-drupal\xmail\XMail.exe

--

End of file - 16365 bytes

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Link to post
Share on other sites

  • Staff

Hello

are you using the free version of MBAM?

Uninstall Malwarebytes

  • Click on the Start vista-7-start.png button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

Link to post
Share on other sites

The title on the application is "Malwarebytes Anti-Malware (PRP)". I downloaded the application from "http://www.malwarebytes.org/mbam-download.php" as you had directed above. I am using version 1.65.0.1400. The about screen displays my ID and Key in the lower left corner indicating I have activated the software. I purchased Malwarebytes on August 20, 2010.

I have done everything asked for in this long thread and the problem remains.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.