Jump to content

Possible malware infection, cannot install Malwarebytes


joefizz

Recommended Posts

Hi

I am having trouble with a computer and think it may be infected.

It originally started with IE not being able to open and stemmed from there.

When trying to install Malwarebytes I get errors along the lines of 'CoCreateInstance failed; code 0x80040154', and a number of runtime errors.

Have tried uninstalling an reinstalling. installaing in safe mode etc.

Managed to get Firefox installed but shortcuts don't appear on desktop or in the Start menu and I need to browse to the program folder to run it.

I have begun the process outlined in the pinned topic and have attached the DDS,txt and Attach.txt files. Any help would be much appreciated.

Attach.txt

DDS.txt

Link to post
Share on other sites

Attach.txt

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

ALPS Touch Pad Driver

Apple Application Support

Apple Software Update

BlackBerry Desktop Software 6.1

Bonjour

Broadcom Management Programs 2

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon G.726 WMP-Decoder

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Conexant D110 MDC V.9x Modem

CorelDRAW Graphics Suite X3

Critical Update for Windows Media Player 11 (KB959772)

DB CIF Cam

Dell CinePlayer

Dell Driver Reset Tool

Dell Media Experience

Dell Support 5.0.0 (630)

Dell System Restore

Digital Line Detect

EN

ESET Online Scanner v3

F-Secure PSB Workstation Security

F-Secure PSC Prerequisites

FontNav

Google Toolbar for Internet Explorer

Google Update Helper

Hardlock Device Drivers

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

hp deskjet 3500

HP Driver Diagnostics

HP Photo and Imaging 2.0 - Deskjet Series

hp print screen utility

HP Product Detection

Intel® Graphics Media Accelerator Driver for Mobile

Intel® PROSet/Wireless Software

Internal Network Card Power Management

Internet Access

iTunes

Java 2 Runtime Environment, SE v1.4.2_03

KODAK Camera Connection Software

KODAK Camera Connection Software Help

Kodak Memory Albums

KODAK Picture Software

KODAK Picture Transfer Software

Learn2 Player (Uninstall Only)

LogMeIn

Malwarebytes Anti-Malware version 1.65.1.1000

mCore

MCU

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.5

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works 7.0

mIWA

mIWCA

mLogView

mMHouse

MobileMe Control Panel

Modem Helper

Mozilla Firefox 17.0.1 (x86 en-GB)

Mozilla Maintenance Service

mPfMgr

mPfWiz

mProSafe

mSSO

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

MSXML 6.0 Parser (KB933579)

mToolkit

mWlsSafe

mXML

mZConfig

NETGEAR Powerline Utility

NetWaiting

Nokia Connectivity Cable Driver

Nokia Flashing Cable Driver

Nokia PC Suite

Nokia Software Updater

overland

PC Connectivity Solution

PC Studio

PC Studio for SGH-Z500V

PlayStation®Network Downloader

PlayStation®Store

PMB

PriceGong 2.6.4

QuickSet

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Safari

SAGEM F@st 800-840

Samsung USB Driver (MCCI 4.24)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219-v2)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135-v2)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sentinel System Driver

Serif PagePlus X4

Sonic Activation Module

Sony Media Manager for PSP 3.0

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Manager

USB & Printer Driver Install

VBA

Viewpoint Media Player

VT Transaction

VT Transaction+

VT Transaction+ (C:\Program Files\VT Transaction\)

VT Transaction+ (C:\Program Files\VT Transaction\) #3

WebCyberCoach 3.2 Dell

WebFldrs XP

Windows Defender

Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)

Windows Driver Package - Nokia Modem (02/15/2007 3.1)

Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)

Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)

Windows Driver Package - Nokia Modem (08/08/2007 3.3)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

.

==== End Of File ===========================

Link to post
Share on other sites

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by mark at 10:49:15 on 2012-12-12

.

============== Running Processes ================

.

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\DRIVERS\dcfssvc.exe

C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\F-Secure\Common\FSHDLL32.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\F-Secure\ORSP Client\fsorsp.exe

C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\F-Secure\Common\FSM32.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bbc.co.uk/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - c:\program files\pricegong\2.6.4\PriceGongIE.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - c:\program files\f-secure\nrs\iescript\baselitmus.dll

TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - c:\program files\f-secure\nrs\iescript\baselitmus.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup

mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [adiras] adiras.exe

mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - <orphaned>

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163883239515

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe

DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: NameServer = 192.168.24.254

TCP: Interfaces\{F65FC6F1-2B02-421D-9F16-64958B70384C} : DHCPNameServer = 192.168.24.254

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: igfxcui - igfxdev.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\r0q1zv1y.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - bbc.co.uk

FF - component: c:\documents and settings\mark\application data\mozilla\firefox\profiles\r0q1zv1y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\documents and settings\mark\application data\mozilla\firefox\profiles\r0q1zv1y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

FF - component: c:\program files\f-secure\nrs\litmus-ff@f-secure.com\components\6litmus-ff.dll

FF - component: c:\program files\f-secure\nrs\litmus-ff@f-secure.com\components\7litmus-ff.dll

FF - component: c:\program files\f-secure\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll

FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - ExtSQL: !HIDDEN! 2008-06-20 19:17; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - ExtSQL: !HIDDEN! 2009-09-02 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R? GCCUSBD;GCC Sable USB

R? LMIRfsClientNP;LMIRfsClientNP

R? mbamchameleon;mbamchameleon

R? MBAMSwissArmy;MBAMSwissArmy

R? SQTECH9052;Disney Micro

R? WinDefend;Windows Defender

S? F-Secure Gatekeeper Handler Starter;FSGKHS

S? F-Secure Gatekeeper;F-Secure Gatekeeper

S? F-Secure HIPS;F-Secure HIPS Driver

S? fsbts;fsbts

S? FSFW;F-Secure Firewall Driver

S? FSORSPClient;F-Secure ORSP Client

S? gupdate1ca58e21414add9;Google Update Service (gupdate1ca58e21414add9)

S? LMIGuardianSvc;LMIGuardianSvc

S? LMIInfo;LogMeIn Kernel Information Provider

S? LMIRfsDriver;LogMeIn Remote File System Driver

S? PMBDeviceInfoProvider;PMBDeviceInfoProvider

S? ptssvc;ptssvc

S? radpms;Driver for RADPMS Device

.

=============== Created Last 30 ================

.

2012-12-11 17:44:12 -------- d-----w- c:\program files\ESET

2012-12-11 17:26:03 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-12-11 17:24:34 711240 ----a-w- c:\windows\isRS-000.tmp

2012-12-11 17:19:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-12-11 17:19:03 -------- d-----w- c:\documents and settings\mark\application data\Malwarebytes

2012-12-11 17:18:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-12-11 17:18:37 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-11 17:18:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-11 16:47:19 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-12-11 16:47:09 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2012-12-11 16:47:08 890040 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

2012-12-11 16:47:00 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe

2012-12-11 16:47:00 19424 ----a-w- c:\program files\mozilla firefox\xpcom.dll

2012-12-11 16:47:00 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe

2012-12-11 16:47:00 15112160 ----a-w- c:\program files\mozilla firefox\xul.dll

.

==================== Find3M ====================

.

2012-12-11 09:02:07 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-12-11 09:02:06 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2012-12-11 09:02:01 31144 ----a-w- c:\windows\system32\LMIport.dll

2012-12-11 09:02:00 92072 ----a-w- c:\windows\system32\LMIinit.dll

2012-12-08 11:48:45 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-08 11:48:44 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-08 10:59:47 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

2002-07-26 16:02:06 153088 ----a-w- c:\program files\UNWISE.EXE

.

============= FINISH: 10:50:31.37 ===============

Link to post
Share on other sites

When copying and pasting the logs, make sure to have ALL lines {and not do any editing or chopping of them}.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.
Step 6
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 7

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

checkup.txt

Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Please wait while WMIC is being installed.d

i

s

p

l

a

y

N

a

m

e

ECHO is off.

F

S

e

c

u

r

e

ECHO is off.

P

S

B

ECHO is off.

W

o

r

k

s

t

a

t

i

o

n

ECHO is off.

S

e

c

u

r

i

t

y

ECHO is off.

9

.

0

ECHO is off.

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Windows Defender

Malwarebytes Anti-Malware version 1.65.1.1000

Java 2 Runtime Environment, SE v1.4.2_03

Java version out of Date!

Mozilla Firefox (17.0.1)

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 10%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Rogue Killer report

RogueKiller V8.4.0 [Dec 14 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : mark [Admin rights]

Mode : Scan -- Date : 12/14/2012 17:08:41

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[47] : NtCreateProcess @ 0x805C75F6 -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B7CC6)

SSDT[48] : NtCreateProcessEx @ 0x805C7540 -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B7CE0)

SSDT[53] : NtCreateThread @ 0x805C73DE -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B6E7C)

SSDT[97] : NtLoadDriver @ 0x80579714 -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B71AC)

SSDT[108] : NtMapViewOfSection @ 0x805A762E -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B6BBC)

SSDT[125] : NtOpenSection @ 0x8059F8B6 -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B75DE)

SSDT[192] : NtRenameKey @ 0x8061A7A8 -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B887C)

SSDT[240] : NtSetSystemInformation @ 0x8060697A -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B742E)

SSDT[253] : NtSuspendProcess @ 0x805CAF28 -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B6A3C)

SSDT[254] : NtSuspendThread @ 0x805CAD9A -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B6EB0)

SSDT[255] : NtSystemDebugControl @ 0x8060ECD0 -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B7032)

SSDT[257] : NtTerminateProcess @ 0x805C86EA -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B6996)

SSDT[258] : NtTerminateThread @ 0x805C88E4 -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B6AF6)

SSDT[277] : NtWriteVirtualMemory @ 0x805A99CE -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B6F76)

S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (\??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys @ 0xB32B9636)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 20f2ec88337d9d0fd592873fc190d370

[bSP] 6751bb20408e7fd050b2ea8fc16ec20d : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 94 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 192780 | Size: 54046 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 110896695 | Size: 3074 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12142012_02d1708.txt >>

RKreport[1]_S_12142012_02d1708.txt

Link to post
Share on other sites

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 2

Download and Save to the DESKTOP Win32kDiag from any of the following locations and save it to your Desktop.

Click on Start button. Select Run, and copy-paste the following command (the bolded text) into the "Open" textbox, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

Step 3

Turn off your F-Secure antivirus so that it does not interfere.

Now try 1 more time to run RSIT and post the 2 logs.

Link to post
Share on other sites

Rkill.txt

Rkill 2.4.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/17/2012 09:41:24 AM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/17/2012 09:42:00 AM

Execution time: 0 hours(s), 0 minute(s), and 35 seconds(s)

Link to post
Share on other sites

Win32kDiag.txt

Running from: C:\Documents and Settings\mark\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\mark\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

Link to post
Share on other sites

Set aside the attempt to run RSIT .... for now.

Make sure that you always Copy all contents of the logs that I ask you to post. I did not see the Windows version in the 1st posts. It is important that I see All contents.

Looks like this is Windows XP with service pack 3.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Joefizz only. If you are a casual viewer, do NOT try this on your system!

If you are not Joefizz and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Logoff and Restart the system fresh.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg accept the EULA & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now ?

RE-Enable your AntiVirus application.

Link to post
Share on other sites

<p>ComboFix.txt</p>

<p> </p>

<p> </p>

<div>ComboFix 12-12-17.02 - mark 19/12/2012  10:46:13.1.1 - x86</div>

<div>Running from: c:\documents and settings\mark\Desktop\Combo-Fix.exe</div>

<div> * Created a new restore point</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>c:\documents and settings\All Users\Application Data\TEMP</div>

<div>c:\documents and settings\lia\Application Data\PriceGong</div>

<div>c:\documents and settings\lia\Application Data\PriceGong\Data\mru.xml</div>

<div>c:\documents and settings\mark\Application Data\PriceGong</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\1.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\4436.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\a.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\b.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\c.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\d.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\e.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\f.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\g.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\h.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\i.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\j.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\k.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\l.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\m.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\mru.xml</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\n.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\o.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\p.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\q.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\r.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\s.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\t.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\u.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\v.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\w.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\wlu.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\x.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\y.txt</div>

<div>c:\documents and settings\mark\Application Data\PriceGong\Data\z.txt</div>

<div>c:\documents and settings\mark\WINDOWS</div>

<div>C:\Install.exe</div>

<div>c:\program files\INSTALL.LOG</div>

<div>c:\program files\UNWISE.EXE</div>

<div>c:\windows\repair.exe</div>

<div>c:\windows\ST6UNST.000</div>

<div>c:\windows\system32\CddbCdda.dll</div>

<div>c:\windows\system32\setb0.tmp</div>

<div>c:\windows\system32\UNWISE.EXE</div>

<div>c:\windows\system32\URTTemp</div>

<div>c:\windows\system32\URTTemp\fusion.dll</div>

<div>c:\windows\system32\URTTemp\mscoree.dll</div>

<div>c:\windows\system32\URTTemp\mscoree.dll.local</div>

<div>c:\windows\system32\URTTemp\mscorsn.dll</div>

<div>c:\windows\system32\URTTemp\mscorwks.dll</div>

<div>c:\windows\system32\URTTemp\msvcr71.dll</div>

<div>c:\windows\system32\URTTemp\regtlib.exe</div>

<div>c:\windows\wininit.ini</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((   Files Created from 2012-11-19 to 2012-12-19  )))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2012-12-14 16:57 . 2012-12-14 16:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\rsit</div>

<div>2012-12-14 16:48 . 2012-12-14 16:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ERUNT</div>

<div>2012-12-11 17:44 . 2012-12-11 17:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ESET</div>

<div>2012-12-11 17:26 . 2012-12-11 17:26<span class="Apple-tab-span" style="white-space:pre"> </span>35144<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbamchameleon.sys</div>

<div>2012-12-11 17:19 . 2012-12-11 17:41<span class="Apple-tab-span" style="white-space:pre"> </span>40776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbamswissarmy.sys</div>

<div>2012-12-11 17:19 . 2012-12-11 17:19<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\mark\Application Data\Malwarebytes</div>

<div>2012-12-11 17:18 . 2012-12-11 17:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\Malwarebytes</div>

<div>2012-12-11 17:18 . 2012-12-12 10:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div>

<div>2012-12-11 17:18 . 2012-09-29 19:54<span class="Apple-tab-span" style="white-space:pre"> </span>22856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2012-12-11 16:47 . 2012-12-11 16:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Maintenance Service</div>

<div>2012-12-11 16:47 . 2012-11-29 08:26<span class="Apple-tab-span" style="white-space:pre"> </span>262112<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\components\browsercomps.dll</div>

<div>2012-12-11 16:47 . 2012-11-29 09:44<span class="Apple-tab-span" style="white-space:pre"> </span>890040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\uninstall\helper.exe</div>

<div>2012-12-11 16:47 . 2012-11-29 08:26<span class="Apple-tab-span" style="white-space:pre"> </span>15112160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\xul.dll</div>

<div>2012-12-11 16:47 . 2012-11-29 08:26<span class="Apple-tab-span" style="white-space:pre"> </span>19424<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\xpcom.dll</div>

<div>2012-12-11 16:47 . 2012-11-29 08:26<span class="Apple-tab-span" style="white-space:pre"> </span>96224<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\webapprt-stub.exe</div>

<div>2012-12-11 16:47 . 2012-11-29 08:26<span class="Apple-tab-span" style="white-space:pre"> </span>157272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\webapp-uninstaller.exe</div>

<div>2012-12-10 09:04 . 2012-12-10 09:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\lia\Local Settings\Application Data\LogMeIn</div>

<div>2012-12-10 09:03 . 2012-12-10 09:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\lia\Application Data\InstallShield</div>

<div>2012-12-10 09:01 . 2012-12-10 09:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\lia\IETldCache</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>2012-12-12 16:49 . 2012-05-25 19:56<span class="Apple-tab-span" style="white-space:pre"> </span>697272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerApp.exe</div>

<div>2012-12-12 16:49 . 2012-05-25 19:56<span class="Apple-tab-span" style="white-space:pre"> </span>73656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div>

<div>2012-12-11 09:02 . 2009-06-19 15:32<span class="Apple-tab-span" style="white-space:pre"> </span>83912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\LMIRfsClientNP.dll</div>

<div>2012-12-11 09:02 . 2009-06-19 15:32<span class="Apple-tab-span" style="white-space:pre"> </span>52648<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll</div>

<div>2012-12-11 09:02 . 2009-06-19 15:32<span class="Apple-tab-span" style="white-space:pre"> </span>31144<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\LMIport.dll</div>

<div>2012-12-11 09:02 . 2009-06-19 15:32<span class="Apple-tab-span" style="white-space:pre"> </span>92072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\LMIinit.dll</div>

<div>2012-12-08 10:59 . 2010-02-20 17:44<span class="Apple-tab-span" style="white-space:pre"> </span>44240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\fsbts.sys</div>

<div>2012-11-13 01:25 . 2004-08-11 17:00<span class="Apple-tab-span" style="white-space:pre"> </span>1866368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div>

<div>2012-11-06 00:41 . 2004-08-11 17:00<span class="Apple-tab-span" style="white-space:pre"> </span>290560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atmfd.dll</div>

<div>2012-11-02 02:02 . 2004-08-11 17:00<span class="Apple-tab-span" style="white-space:pre"> </span>375296<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dpnet.dll</div>

<div>2012-11-01 12:17 . 2004-08-11 17:00<span class="Apple-tab-span" style="white-space:pre"> </span>916992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wininet.dll</div>

<div>2012-11-01 12:17 . 2004-08-11 17:00<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\licmgr10.dll</div>

<div>2012-11-01 12:17 . 2004-08-11 17:00<span class="Apple-tab-span" style="white-space:pre"> </span>1469440<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\inetcpl.cpl</div>

<div>2012-11-01 00:35 . 2004-08-11 17:00<span class="Apple-tab-span" style="white-space:pre"> </span>385024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\html.iec</div>

<div>2012-10-02 18:04 . 2004-08-11 17:00<span class="Apple-tab-span" style="white-space:pre"> </span>58368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\synceng.dll</div>

<div>2012-11-29 08:26 . 2012-12-11 16:47<span class="Apple-tab-span" style="white-space:pre"> </span>262112<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\components\browsercomps.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]</div>

<div>"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]</div>

<div>"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]</div>

<div>"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]</div>

<div>"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]</div>

<div>"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]</div>

<div>"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]</div>

<div>"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]</div>

<div>"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]</div>

<div>"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-15 839680]</div>

<div>"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]</div>

<div>"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]</div>

<div>"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]</div>

<div>"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]</div>

<div>"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]</div>

<div>"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]</div>

<div>"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]</div>

<div>"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-12-11 301680]</div>

<div>"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-12-11 1653360]</div>

<div>"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]</div>

<div>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]</div>

<div>"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]</div>

<div>"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]</div>

<div>"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-09 296056]</div>

<div>.</div>

<div>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]</div>

<div>"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]</div>

<div>"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]</div>

<div>.</div>

<div>c:\documents and settings\mark\Start Menu\Programs\Startup\</div>

<div>BBC iPlayer Desktop.lnk -  [N/A]</div>

<div>.</div>

<div>c:\documents and settings\All Users\Start Menu\Programs\Startup\</div>

<div>Digital Line Detect.lnk -  [N/A]</div>

<div>DSLMON.lnk -  [N/A]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]</div>

<div>2004-09-07 16:08<span class="Apple-tab-span" style="white-space:pre"> </span>110592<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Intel\Wireless\Bin\LgNotify.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]</div>

<div>2012-12-11 09:02<span class="Apple-tab-span" style="white-space:pre"> </span>92072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\LMIinit.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]</div>

<div>@="Service"</div>

<div>.</div>

<div>[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]</div>

<div>path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk</div>

<div>backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup</div>

<div>.</div>

<div>[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]</div>

<div>path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk</div>

<div>backup=c:\windows\pss\Desktop Manager.lnkCommon Startup</div>

<div>.</div>

<div>[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]</div>

<div>path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk</div>

<div>backup=c:\windows\pss\KODAK Picture Transfer Software.lnkCommon Startup</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]</div>

<div> [X]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]</div>

<div>2005-11-01 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>94208<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Dell\Media Experience\DMXLauncher.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]</div>

<div>2011-01-25 15:08<span class="Apple-tab-span" style="white-space:pre"> </span>421160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes\iTunesHelper.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]</div>

<div>2010-11-29 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>421888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\QuickTime\QTTask.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]</div>

<div>2003-11-19 17:48<span class="Apple-tab-span" style="white-space:pre"> </span>32881<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Java\j2re1.4.2_03\bin\jusched.exe</div>

<div>.</div>

<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]</div>

<div>"EnableFirewall"= 0 (0x0)</div>

<div>.</div>

<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</div>

<div>"%windir%\\system32\\sessmgr.exe"=</div>

<div>"%windir%\\Network Diagnostic\\xpnetdiag.exe"=</div>

<div>"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=</div>

<div>"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=</div>

<div>"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=</div>

<div>"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=</div>

<div>"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=</div>

<div>"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=</div>

<div>"c:\\Program Files\\iTunes\\iTunes.exe"=</div>

<div>"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=</div>

<div>.</div>

<div>R2 ptssvc;ptssvc;c:\program files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [x]</div>

<div>R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [x]</div>

<div>R3 GCCUSBD;GCC Sable USB;c:\windows\system32\DRIVERS\gccusd.sys [x]</div>

<div>R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]</div>

<div>R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]</div>

<div>R3 SQTECH9052;Disney Micro;c:\windows\system32\Drivers\Capt9052.sys [x]</div>

<div>S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]</div>

<div>S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [x]</div>

<div>S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [x]</div>

<div>S2 gupdate1ca58e21414add9;Google Update Service (gupdate1ca58e21414add9);c:\program files\Google\Update\GoogleUpdate.exe [x]</div>

<div>S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]</div>

<div>S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]</div>

<div>S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x]</div>

<div>S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [x]</div>

<div>S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [x]</div>

<div>S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]</div>

<div>.</div>

<div>.</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>.</div>

<div>2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job</div>

<div>- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 16:49]</div>

<div>.</div>

<div>2012-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job</div>

<div>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]</div>

<div>.</div>

<div>2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 21:51]</div>

<div>.</div>

<div>2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 21:51]</div>

<div>.</div>

<div>2012-12-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1570090065-3801597651-259129152-1005.job</div>

<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]</div>

<div>.</div>

<div>2012-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1570090065-3801597651-259129152-1005.job</div>

<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]</div>

<div>.</div>

<div>2012-12-17 c:\windows\Tasks\ReclaimerUpdateFiles_mark.job</div>

<div>- c:\documents and settings\mark\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-17 11:07]</div>

<div>.</div>

<div>2012-12-17 c:\windows\Tasks\ReclaimerUpdateXML_mark.job</div>

<div>- c:\documents and settings\mark\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-17 11:07]</div>

<div>.</div>

<div>2012-12-19 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_mark.job</div>

<div>- c:\documents and settings\mark\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-17 11:07]</div>

<div>.</div>

<div>.</div>

<div>------- Supplementary Scan -------</div>

<div>.</div>

<div>uStart Page = hxxp://www.bbc.co.uk/</div>

<div>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8</div>

<div>uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"</div>

<div>uInternet Settings,ProxyOverride = *.local</div>

<div>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s</div>

<div>IE: {{022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com</div>

<div>TCP: DhcpNameServer = 192.168.24.254</div>

<div>FF - ProfilePath - c:\documents and settings\mark\Application Data\Mozilla\Firefox\Profiles\r0q1zv1y.default\</div>

<div>FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=</div>

<div>FF - prefs.js: browser.search.selectedEngine - Google</div>

<div>FF - prefs.js: browser.startup.homepage - bbc.co.uk</div>

<div>FF - ExtSQL: !HIDDEN! 2008-06-20 19:17; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}</div>

<div>FF - ExtSQL: !HIDDEN! 2009-09-02 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension</div>

<div>.</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>.</div>

<div>Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)</div>

<div>Toolbar-Locked - (no file)</div>

<div>WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)</div>

<div>HKLM-Run-adiras - adiras.exe</div>

<div>SafeBoot-mbamchameleon</div>

<div>SafeBoot-Wdf01000.sys</div>

<div>MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe</div>

<div>MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe</div>

<div>MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe</div>

<div>MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe</div>

<div>MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe</div>

<div>MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe</div>

<div>MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe</div>

<div>AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE</div>

<div>AddRemove-USB &  Printer Driver  Install - c:\progra~1\UNWISE.EXE</div>

<div>AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb</div>

<div>AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div>

<div>Rootkit scan 2012-12-19 11:03</div>

<div>Windows 5.1.2600 Service Pack 3 NTFS</div>

<div>.</div>

<div>scanning hidden processes ...  </div>

<div>.</div>

<div>scanning hidden autostart entries ... </div>

<div>.</div>

<div>scanning hidden files ...  </div>

<div>.</div>

<div>scan completed successfully</div>

<div>hidden files: 0</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

<div>.</div>

<div>[HKEY_USERS\S-1-5-21-1570090065-3801597651-259129152-1005\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]</div>

<div>"Percents"=""</div>

<div>"Increment"=".000166"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="FlashBroker"</div>

<div>"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div>

<div>"Enabled"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div>

<div>@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="IFlashBroker5"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div>

<div>@="{00020424-0000-0000-C000-000000000046}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>"Version"="1.0"</div>

<div>.</div>

<div>--------------------- DLLs Loaded Under Running Processes ---------------------</div>

<div>.</div>

<div>- - - - - - - > 'winlogon.exe'(1012)</div>

<div>c:\windows\system32\LMIinit.dll</div>

<div>c:\program files\Intel\Wireless\Bin\LgNotify.dll</div>

<div>c:\windows\system32\LMIRfsClientNP.dll</div>

<div>c:\windows\system32\igfxdev.dll</div>

<div>.</div>

<div>Completion time: 2012-12-19  11:08:24</div>

<div>ComboFix-quarantined-files.txt  2012-12-19 11:08</div>

<div>.</div>

<div>Pre-Run: 12,198,342,656 bytes free</div>

<div>Post-Run: 13,299,875,840 bytes free</div>

<div>.</div>

<div>WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe</div>

<div>[boot loader]</div>

<div>timeout=2</div>

<div>default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS</div>

<div>[operating systems]</div>

<div>c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons</div>

<div>UnsupportedDebug="do not select this" /debug</div>

<div>multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect</div>

<div>.</div>

<div>- - End Of File - - 56A4B601B80ABF61FAC375CD1DA49A67</div>

<div> </div>

Link to post
Share on other sites

Do you see how your last reply's report looked very "goofy" ? with all that extra formatting junk?

Next time, when starting a reply, press the More Reply Options button at bottom-right of forum-topic-screen.

Then look at the tootlbar (just at top of reply box). IF the toolbar is on, then, click 1 time on the Flip-swicth-icon at the top left of that toolbar.

And then, Paste the contents of the log.

See Grinler's article at BC forum {Disregard any descriptive title or name of subject-infection}

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

See the section titled Automated Removal Instructions

Follow his instructions to get into Safe Mode with Networking

and do the rest of the steps listed after that (including the tool from from Emsisoft

Report back with the results.

Link to post
Share on other sites

ComboFix 12-12-17.02 - mark 19/12/2012 10:46:13.1.1 - x86

Running from: c:\documents and settings\mark\Desktop\Combo-Fix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\lia\Application Data\PriceGong

c:\documents and settings\lia\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\mark\Application Data\PriceGong

c:\documents and settings\mark\Application Data\PriceGong\Data\1.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\4436.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\a.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\b.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\c.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\d.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\e.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\f.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\g.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\h.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\i.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\j.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\k.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\l.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\m.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\mark\Application Data\PriceGong\Data\n.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\o.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\p.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\q.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\r.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\s.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\t.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\u.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\v.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\w.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\x.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\y.txt

c:\documents and settings\mark\Application Data\PriceGong\Data\z.txt

c:\documents and settings\mark\WINDOWS

C:\Install.exe

c:\program files\INSTALL.LOG

c:\program files\UNWISE.EXE

c:\windows\repair.exe

c:\windows\ST6UNST.000

c:\windows\system32\CddbCdda.dll

c:\windows\system32\setb0.tmp

c:\windows\system32\UNWISE.EXE

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-11-19 to 2012-12-19 )))))))))))))))))))))))))))))))

.

.

2012-12-14 16:57 . 2012-12-14 16:57 -------- d-----w- C:\rsit

2012-12-14 16:48 . 2012-12-14 16:50 -------- d-----w- c:\program files\ERUNT

2012-12-11 17:44 . 2012-12-11 17:44 -------- d-----w- c:\program files\ESET

2012-12-11 17:26 . 2012-12-11 17:26 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-12-11 17:19 . 2012-12-11 17:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-12-11 17:19 . 2012-12-11 17:19 -------- d-----w- c:\documents and settings\mark\Application Data\Malwarebytes

2012-12-11 17:18 . 2012-12-11 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-12-11 17:18 . 2012-12-12 10:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-11 17:18 . 2012-09-29 19:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-11 16:47 . 2012-12-11 16:47 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-12-11 16:47 . 2012-11-29 08:26 262112 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-12-11 16:47 . 2012-11-29 09:44 890040 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe

2012-12-11 16:47 . 2012-11-29 08:26 15112160 ----a-w- c:\program files\Mozilla Firefox\xul.dll

2012-12-11 16:47 . 2012-11-29 08:26 19424 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll

2012-12-11 16:47 . 2012-11-29 08:26 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe

2012-12-11 16:47 . 2012-11-29 08:26 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe

2012-12-10 09:04 . 2012-12-10 09:04 -------- d-----w- c:\documents and settings\lia\Local Settings\Application Data\LogMeIn

2012-12-10 09:03 . 2012-12-10 09:03 -------- d-----w- c:\documents and settings\lia\Application Data\InstallShield

2012-12-10 09:01 . 2012-12-10 09:01 -------- d-sh--w- c:\documents and settings\lia\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 16:49 . 2012-05-25 19:56 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-12 16:49 . 2012-05-25 19:56 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-11 09:02 . 2009-06-19 15:32 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-12-11 09:02 . 2009-06-19 15:32 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2012-12-11 09:02 . 2009-06-19 15:32 31144 ----a-w- c:\windows\system32\LMIport.dll

2012-12-11 09:02 . 2009-06-19 15:32 92072 ----a-w- c:\windows\system32\LMIinit.dll

2012-12-08 10:59 . 2010-02-20 17:44 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-11-13 01:25 . 2004-08-11 17:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 00:41 . 2004-08-11 17:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-02 02:02 . 2004-08-11 17:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2004-08-11 17:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2004-08-11 17:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2004-08-11 17:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2004-08-11 17:00 385024 ----a-w- c:\windows\system32\html.iec

2012-10-02 18:04 . 2004-08-11 17:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-11-29 08:26 . 2012-12-11 16:47 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]

"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-15 839680]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]

"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-12-11 301680]

"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-12-11 1653360]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-09 296056]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

.

c:\documents and settings\mark\Start Menu\Programs\Startup\

BBC iPlayer Desktop.lnk - [N/A]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - [N/A]

DSLMON.lnk - [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-09-07 16:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2012-12-11 09:02 92072 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk

backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk

backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk

backup=c:\windows\pss\KODAK Picture Transfer Software.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]

[X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-11-01 03:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 15:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2003-11-19 17:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

.

R2 ptssvc;ptssvc;c:\program files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [x]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [x]

R3 GCCUSBD;GCC Sable USB;c:\windows\system32\DRIVERS\gccusd.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 SQTECH9052;Disney Micro;c:\windows\system32\Drivers\Capt9052.sys [x]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]

S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [x]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [x]

S2 gupdate1ca58e21414add9;Google Update Service (gupdate1ca58e21414add9);c:\program files\Google\Update\GoogleUpdate.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [x]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [x]

S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 16:49]

.

2012-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]

.

2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 21:51]

.

2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 21:51]

.

2012-12-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1570090065-3801597651-259129152-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]

.

2012-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1570090065-3801597651-259129152-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]

.

2012-12-17 c:\windows\Tasks\ReclaimerUpdateFiles_mark.job

- c:\documents and settings\mark\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-17 11:07]

.

2012-12-17 c:\windows\Tasks\ReclaimerUpdateXML_mark.job

- c:\documents and settings\mark\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-17 11:07]

.

2012-12-19 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_mark.job

- c:\documents and settings\mark\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-17 11:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bbc.co.uk/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: {{022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com

TCP: DhcpNameServer = 192.168.24.254

FF - ProfilePath - c:\documents and settings\mark\Application Data\Mozilla\Firefox\Profiles\r0q1zv1y.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - bbc.co.uk

FF - ExtSQL: !HIDDEN! 2008-06-20 19:17; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - ExtSQL: !HIDDEN! 2009-09-02 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-adiras - adiras.exe

SafeBoot-mbamchameleon

SafeBoot-Wdf01000.sys

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE

AddRemove-USB & Printer Driver Install - c:\progra~1\UNWISE.EXE

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-19 11:03

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1570090065-3801597651-259129152-1005\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]

"Percents"=""

"Increment"=".000166"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1012)

c:\windows\system32\LMIinit.dll

c:\program files\Intel\Wireless\Bin\LgNotify.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\windows\system32\igfxdev.dll

.

Completion time: 2012-12-19 11:08:24

ComboFix-quarantined-files.txt 2012-12-19 11:08

.

Pre-Run: 12,198,342,656 bytes free

Post-Run: 13,299,875,840 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 56A4B601B80ABF61FAC375CD1DA49A67

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.