Jump to content

Please help infected with Trojan.Gen.2


Recommended Posts

Hi,

Please help according to SEP my PC is infected with Trojan.Gen.2. I keep getting messages that it has been quarantined but not able to get rid of it. Here are my logs:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2

Run by Mark at 16:16:38 on 2012-12-20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.1418 [GMT -8:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ================

.

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\cisvc.exe

C:\windows\system32\cidaemon.exe

C:\windows\system32\cidaemon.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe

C:\windows\system32\nvsvc32.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe

C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe

C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

C:\Program Files\VERIZONDM\bin\sprtsvc.exe

C:\Program Files\StorageCraft\ImageManager\ImageManager.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\VERIZONDM\bin\tgsrvc.exe

C:\windows\System32\vssvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\vsnapvss.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\windows\System32\alg.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\cidaemon.exe

C:\windows\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\WINDOWS\system32\V0230Mon.exe

C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files\Cyberlink\Shared files\brs.exe

C:\windows\system32\rundll32.exe

C:\windows\system32\RunDLL32.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\util\DAEMON Tools Pro\DTAgent.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe

C:\Program Files\Microsoft Office\Office10\msoffice.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\util\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\util\PrintKey2000\Printkey2000.exe

C:\Program Files\Microsoft Office\Office10\EXCEL.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Winamp\winamp.exe

C:\windows\explorer.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k rpcss

C:\windows\System32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k hpdevmgmt

C:\windows\system32\svchost.exe -k HPService

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: avast! EasyPass Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uRun: [DAEMON Tools Pro Agent] "c:\util\daemon tools pro\DTAgent.exe" -autorun

mRun: [V0230Mon.exe] c:\windows\system32\V0230Mon.exe

mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart

mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector10\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector10" updatewithcreateonce "software\cyberlink\powerdirector\10.0"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

StartupFolder: c:\docume~1\mark\startm~1\programs\startup\checkf~1.lnk - c:\program files\jts\WiseUpdt.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\TM Server.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-System: DisableRegedit = dword:0

IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Show avast! EasyPass Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353982215625

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{7E1FF7CE-12D4-48A4-B40B-360FD23B51A6} : DHCPNameServer = 192.168.1.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

AppInit_DLLs= c:\windows\system32\acaptuser32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\p5oo56mt.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=

FF - plugin: c:\documents and settings\mark\application data\mozilla\firefox\profiles\p5oo56mt.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll

FF - plugin: c:\documents and settings\mark\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\mark\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2012-12-06 10:06; wrc@avast.com; c:\program files\avast software\avast\webrep\FF

FF - ExtSQL: !HIDDEN! 2010-07-03 11:51; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - ExtSQL: !HIDDEN! 2011-02-08 20:36; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [2009-4-11 113904]

R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-6-27 96512]

R1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [2010-9-21 192504]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-6 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-6 361032]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]

R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [2009-4-11 79616]

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/24 13:54:55];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-11-17 87536]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/31 16:45:32];c:\program files\cyberlink\powerdvd9\000.fcl [2009-3-30 87536]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-6 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-6 44808]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392]

R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-18 20328]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-5-24 352248]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-2-18 462632]

R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\remotelyanywhere\x86\rainfo.sys [2007-4-17 12992]

R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [2010-4-4 46000]

R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\storagecraft\shadowprotect\ShadowProtectSvc.exe [2009-4-11 1990656]

R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120]

R2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\storagecraft\imagemanager\ImageManager.exe [2007-10-24 69632]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-3-30 2440120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640]

R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-5-29 66944]

R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [2009-4-11 61952]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-12-6 106656]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20121219.033\NAVENG.SYS [2012-12-20 92704]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20121219.033\NAVEX15.SYS [2012-12-20 1601184]

R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [2007-4-17 10168]

R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2010-6-24 6272]

R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2010-6-24 500480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca0bc6b51516ae;Google Update Service (gupdate1ca0bc6b51516ae);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [2009-8-11 1684736]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-7-7 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-7-7 8456]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-6-28 32072]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 RARfsClientNP;RARfsClientNP; [x]

.

=============== File Associations ===============

.

ShellExec: DigitalTheatre.exe: open="c:\program files\arcsoft\totalmedia theatre\uDTStart.exe" "%1"

ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE

ShellExec: sbmntwiz.exe: open="c:\program files\storagecraft\shadowprotect\sbmntwiz.exe"/MOUNT %1

ShellExec: sbmntwiz.exe: Quick.open="c:\program files\storagecraft\shadowprotect\sbmntwiz.exe"/QUICKMOUNT %1

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-12-19 04:38:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-19 04:38:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-19 03:59:17 466008 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

2012-10-02 18:02:26 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-02 18:02:26 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-28 18:32:56 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-09-28 18:32:56 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys

.

============= FINISH: 16:22:54.57 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 4/11/2009 5:28:54 PM

System Uptime: 12/18/2012 10:59:49 PM (42 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | P35C-DS3R

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 1863 GiB total, 114.563 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 466 GiB total, 48.925 GiB free.

G: is FIXED (NTFS) - 298 GiB total, 49.634 GiB free.

H: is CDROM ()

I: is FIXED (NTFS) - 699 GiB total, 14.171 GiB free.

J: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Officejet Pro L7500

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet Pro L7500

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP1: 12/11/2012 9:29:50 AM - System Checkpoint

RP2: 12/12/2012 3:00:32 AM - Software Distribution Service 3.0

RP3: 12/13/2012 3:00:26 AM - Software Distribution Service 3.0

RP4: 12/14/2012 3:00:27 AM - Software Distribution Service 3.0

RP5: 12/15/2012 3:01:24 AM - Software Distribution Service 3.0

RP6: 12/16/2012 3:01:29 AM - Software Distribution Service 3.0

RP7: 12/17/2012 3:00:44 AM - Software Distribution Service 3.0

RP8: 12/18/2012 3:00:36 AM - Software Distribution Service 3.0

RP9: 12/18/2012 7:59:16 PM - SPTD setup V1.83

RP10: 12/19/2012 4:14:01 AM - Software Distribution Service 3.0

RP11: 12/20/2012 3:00:47 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

"Nero SoundTrax Help

32 Bit HP CIO Components Installer

3D Home Architect Design Suite Deluxe 8

7-Zip 9.20

7500_7600_7700_Help1

ACDSee 10 Photo Manager

ACDSee Pro 3

Activation (Blu-ray Disc Authoring Plug-in)

Activation (Blu-ray Video Plug-in)

Activation (Gracenote Plug-in)

Activation (Nero 9 HD)

Activation (Nero BackItUp 4)

Activation (Nero MediaHome 4)

Activation (Nero Move it)

Ad Notifier - For Craigslist.org

Adobe Acrobat 9 Pro Extended - English, Français, Deutsch

Adobe Acrobat 9.5.2 - CPSID_83708

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop 7.0

Adobe Reader 9.2

Adobe SVG Viewer 3.0

Advanced Video FX Engine

Advertising Center

AnswerWorks 4.0 Runtime - English

AnswerWorks 5.0 English Runtime

AnyDVD

AnyDVD Registration

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft TotalMedia Theatre

ArcSoft TotalMedia Theatre 5

Art Effects for PDR10

Audacity 1.2.6

Auslogics Disk Defrag

avast! EasyPass

avast! Free Antivirus

AviSynth 2.5

Bing Bar Platform

Blu-ray Disc Authoring Plug-in

Blu-ray Video Plug-in

Blu-ray/HD DVD Video Plug-in

Bonjour

bpd_scan_Carrier

BPDSoftware

BPDSoftware_Ini

BufferChm

calibre

Calorie GPS

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon iP4200

Canon MG5300 series MP Drivers

Canon MG5300 series On-screen Manual

Canon MG5300 series User Registration

Canon MP Navigator EX 5.0

Canon My Printer

Canon Solution Menu EX

Canon Utilities Easy-PhotoPrint

CCleaner

CD-LabelPrint

Cinema Craft Encoder SP

Cinema Craft Encoder SP3

Cisco Connect

Cisco WebEx Meeting Center for Firefox or Chrome

Classifieds Searcher Free - version 7.30

Collectorz.com Game Collector

Collectorz.com Movie Collector

Compatibility Pack for the 2007 Office system

CPUID CPU-Z 1.56

Creative Audio Console

Creative Live! Cam Center

Creative Live! Cam Manager

Creative Live! Cam Video IM Pro Driver (1.01.03.0928)

Creative Live! Cam Video IM Pro User's Guide (English)

Creative Photo Calendar

Creative Photo Manager

Creative Software AutoUpdate

Creative System Information

CyberLink BD_3D Advisor 2.0

CyberLink PowerDirector 10

CyberLink PowerDVD 10

CyberLink PowerDVD 9

CyberLink WaveEditor

DAEMON Tools Pro

Database Conversion Wizard

dBpoweramp [Audio Info] Codec

dBpoweramp [Calculate Audio CRC] Codec

dBpoweramp [iD Tag Update] Codec

dBpoweramp [Multi Encoder] Codec

dBpoweramp [Tag From Filename] Codec

dBpoweramp Batch Ripper

dBpoweramp Dalet Codec

dBpoweramp DSP Effects

dBpoweramp FLAC Codec

dBpoweramp Monkeys Audio Codec

dBpoweramp Mp2 and BwfMp2 codec

dBpoweramp mp3 (Fraunhofer IIS) Codec

dBpoweramp Music Converter

dBpoweramp Ogg Vorbis Codec

dBpoweramp Real Audio (Helix) Encoder

dBPoweramp tooLame MP2 codec

dBpoweramp Wave64 Codec

dBpoweramp WavPack Codec

Destinations

DeviceDiscovery

DocProc

DolbyFiles

DriverAgent by eSupport.com

DTS Plug-in

DVD Decrypter (Remove Only)

DVD Rebuilder

DVDFab 8.2.1.0 (07/09/2012) Qt

DVDInfoPro 6.5.1.0

EASEUS Partition Master 8.0.1 Home Edition

EasyRecovery Professional

ERUNT 1.1j

ESET Online Scanner v3

Fax

ffdshow v1.1.3882 [2011-06-13]

FLAC 1.2.1b (remove only)

foobar2000 v1.0.3

Gigabyte Raid Configurer

Google Chrome

Google Earth

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.0.0.799

GPBaseService2

Gracenote Plug-in

Greetings Workshop

Haali Media Splitter

Hallmark Card Studio 2008 Deluxe

Hallmark Card Studio 2009

High-Definition Video Playback 10

High Definition Audio Driver Package - KB835221

HiJackThis

honestech VHS to DVD 5.0 Deluxe

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 14.0

HP Imaging Device Functions 14.0

HP OfficeJet L7300/L7500/7600/7700

HP Photosmart Essential 3.5

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HP_Network_UserGuide

HPDiagnosticAlert

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Huffyuv AVI lossless video codec - MultiThread (Remove Only)

IHA_MessageCenter

ImagXpress

ImgBurn

inSSIDer

iPhoneBrowser

iSEEK AnswerWorks English Runtime

iTunes

Java 7 Update 9

Java Auto Updater

KODAK Gallery Upload Software

L7500

Lagarith Lossless Codec (1.3.27)

LAME v3.98.2 for Audacity

LG ODD Auto Firmware Update

LightScribe System Software

LiveUpdate 3.3 (Symantec Corporation)

Logitech Harmony Remote Software 7

MadOnion.com/PCMark2002

Magic ISO Maker v5.4 (build 0251)

Malwarebytes Anti-Malware version 1.65.0.1400

MarketResearch

MediaInfo 0.7.58

Menu Templates - Starter Kit

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft ActiveSync

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Default Manager

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office XP Professional with FrontPage

Microsoft Primary Interoperability Assemblies 2005

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Windows Media Video 9 VCM

Movie Templates - Starter Kit

Mozilla Firefox 17.0.1 (x86 en-GB)

Mozilla Maintenance Service

mp3PRO Plug-in

Mp3tag v2.49

MPM

MSN

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Myibay Auction bid sniper for eBay 1.0.43

Neat Video v2.0 Demo plug-in for Virtual Dub

Nero 10 Menu TemplatePack 1

Nero 10 Menu TemplatePack 2

Nero 10 Menu TemplatePack 3

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack 1

Nero 10 Movie ThemePack 2

Nero 10 Movie ThemePack Basic

Nero 10 Sample ImagePack

Nero 10 Sample Videos

Nero 9

Nero 9 HD

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero BackItUp 4

Nero Burning ROM 10

Nero BurningROM

Nero BurningROM 10 Help (CHM)

Nero BurnRights

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter

Nero Core Components 10

Nero CoverDesigner

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero DriveSpeed

Nero Express

Nero Express 10

Nero Express 10 Help (CHM)

Nero InCD-Reader

Nero InfoTool

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero Installer

Nero MediaHome 4

Nero MediaHome 4 Help

Nero MediaHome 4 Trial

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Move it

Nero Multimedia Suite 10

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero RescueAgent Help

Nero ShowTime

Nero SoundTrax 10

Nero SoundTrax 10 Help (CHM)

Nero StartSmart

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero StartSmart Help

Nero Update

Nero Vision

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor

Nero WaveEditor 10

Nero WaveEditor 10 Help (CHM)

Nero WaveEditor Help

NeroBurningROM

NeroExpress

neroxml

Network

NVIDIA Control Panel 275.33

NVIDIA Graphics Driver 275.33

NVIDIA Install Application

NVIDIA nView 135.85

NVIDIA nView Desktop Manager

NVIDIA Update 1.3.5

NVIDIA Update Components

OCR Software by I.R.I.S. 14.0

Omron Health Management Software

Opti Drive Control 1.51

Panasonic DVC USB Driver

PDF DRM Removal version 1.7.1

PFPortChecker 1.0.32

PowerISO

ProductContext

Quicken 2012

QuickTime

RackTools 3.5

RAR Password Unlocker 4.2.0.0

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Remote Control USB Driver

Rosetta Stone Version 3

SAMSUNG Intelli-studio

Scan

SecurDisc Viewer

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2124261)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2290570)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB970483)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976323)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

ShadowProtect Desktop

ShadowProtect ImageManager

Shop for HP Supplies

SHOUTcast Source DSP Plug-in v2

SightSpeed

Skype Toolbars

Skype™ 4.2

SlingHealth ActiveX

SlingPlayer

SmartSound Quicktracks 5

SmartWebPrinting

SolutionCenter

SoundTrax

Sprite Backup

Status

SUPERAntiSpyware Free Edition

Symantec Endpoint Protection

System Requirements Lab

Toolbox

Trader Workstation

Trader Workstation 4.0

TrayApp

TurboTax 2008

TurboTax 2008 wcaiper

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wrapper

TurboTax 2009

TurboTax 2009 wcaiper

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 wcaiper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 wcaiper

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

TurboTax Home & Business 2007

UnloadSupport

Unrestrict PDF

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

USB2.0 VIDBOX NW03

Verizon Download Manager

Video Server Wrapper Codec (remove only)

VirtualDub Filter Pack 1.0

Vistumbler

Vz In Home Agent

Warcraft III: All Products

WebFldrs XP

WebReg

WebSlingPlayer ActiveX

WIDCOMM Bluetooth Software

Widevine Media Transformer Plugin 5.0.0

Winamp

WinArchiver

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell 1.0

Windows XP Service Pack 3

WinRAR archiver

WinSCP 4.2.7

WinZip

XML Paper Specification Shared Components Pack 1.0

Yahoo! BrowserPlus 2.9.8

Yahoo! Detect

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

12/19/2012 8:10:01 PM, error: Srv [2000] - The server's call to a system service failed unexpectedly.

12/13/2012 4:32:20 AM, error: Service Control Manager [7034] - The StorageCraft Image Manager service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 48 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.4.0 [Dec 20 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Mark [Admin rights]

Mode : Scan -- Date : 12/22/2012 12:08:45

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x80637C26 -> HOOKED (Unknown @ 0x887AC300)

SSDT[13] : NtAlertThread @ 0x80592C38 -> HOOKED (Unknown @ 0x887AC3E0)

SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x8984D780)

SSDT[43] : NtCreateMutant @ 0x80584095 -> HOOKED (Unknown @ 0x887A0268)

SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0x8986C6C8)

SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x887C5640)

SSDT[89] : NtImpersonateAnonymousToken @ 0x8059AD05 -> HOOKED (Unknown @ 0x887A0358)

SSDT[91] : NtImpersonateThread @ 0x805876C2 -> HOOKED (Unknown @ 0x887AC260)

SSDT[108] : NtMapViewOfSection @ 0x8057AC29 -> HOOKED (Unknown @ 0x887AA8D8)

SSDT[114] : NtOpenEvent @ 0x80589D69 -> HOOKED (Unknown @ 0x887B15E8)

SSDT[123] : NtOpenProcessToken @ 0x805784F6 -> HOOKED (Unknown @ 0x887AF268)

SSDT[129] : NtOpenThreadToken @ 0x805746D2 -> HOOKED (Unknown @ 0x887B0430)

SSDT[206] : NtResumeThread @ 0x805853B8 -> HOOKED (Unknown @ 0x898214F8)

SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0x887A5810)

SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x887A58D0)

SSDT[229] : NtSetInformationThread @ 0x80576ABD -> HOOKED (Unknown @ 0x89821738)

SSDT[253] : NtSuspendProcess @ 0x80637B6B -> HOOKED (Unknown @ 0x887B1508)

SSDT[254] : NtSuspendThread @ 0x80637A87 -> HOOKED (Unknown @ 0x8879C320)

SSDT[257] : NtTerminateProcess @ 0x8058E8B9 -> HOOKED (Unknown @ 0x8984EBF8)

SSDT[258] : NtTerminateThread @ 0x8058496E -> HOOKED (Unknown @ 0x8879C400)

SSDT[267] : NtUnmapViewOfSection @ 0x8057A7B1 -> HOOKED (Unknown @ 0x887C46D0)

SSDT[277] : NtWriteVirtualMemory @ 0x805875F7 -> HOOKED (Unknown @ 0x887FFCD8)

¤¤¤ Extern Hives: ¤¤¤

-> F:\windows\system32\config\SOFTWARE

-> F:\Documents and Settings\Administrator\NTUSER.DAT

-> F:\Documents and Settings\Administrator.MYPC\NTUSER.DAT

-> F:\Documents and Settings\Default User\NTUSER.DAT

-> F:\Documents and Settings\LocalService\NTUSER.DAT

-> F:\Documents and Settings\Mark\NTUSER.DAT

-> F:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

��1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS5C3020ALA632 +++++

--- User ---

[MBR] 643c28cbc44b82ab1d3fc24bbfdf4f69

[bSP] 57baa9068b859ee8a3cfb5a321dc6037 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST3500630AS +++++

--- User ---

[MBR] 1406de26d4acd19c9b0ddec378f968d3

[bSP] 93a4ad19c181e7d325737ffc772b14db : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD7500AADS-00L5B1 +++++

--- User ---

[MBR] c83fcee3155eb6114d8c84d54c112317

[bSP] eaf482a9766f3000634a695d502e8c7f : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive3: SATA ST3320620AS SCSI Disk Device +++++

--- User ---

[MBR] 0326145d3c46a04484f1aa0bb439fb72

[bSP] 6367311c297c53c8fa575c4c03192a94 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_12222012_02d1208.txt >>

RKreport[1]_S_12222012_02d1208.txt

Link to post
Share on other sites

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

It doesn't take that long, stop it and ....

Run this one instead >>>

Please read the directions carefully so you don't end up deleting something that is good!!

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    clip.jpg
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

That scan looked OK.............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-12-25.02 - Mark 12/25/2012 15:36:24.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2113 [GMT -8:00]

Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\XSxS

.

.

((((((((((((((((((((((((( Files Created from 2012-11-25 to 2012-12-25 )))))))))))))))))))))))))))))))

.

.

2012-12-25 20:17 . 2012-12-25 20:17 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\CRE

2012-12-25 20:17 . 2012-12-25 20:17 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\uTorrentControl_v2

2012-12-25 20:17 . 2012-12-25 20:17 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Conduit

2012-12-25 20:16 . 2012-12-25 20:17 -------- d-----w- c:\program files\uTorrentControl_v2

2012-12-21 14:05 . 2012-12-21 14:05 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2012-12-21 14:05 . 2012-12-21 14:05 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2012-12-21 14:05 . 2012-12-21 14:05 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2012-12-21 14:05 . 2012-12-21 14:05 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2012-12-21 14:05 . 2012-12-21 14:05 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2012-12-21 14:05 . 2012-12-21 14:05 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2012-12-21 14:05 . 2012-12-21 14:05 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2012-12-21 14:05 . 2012-12-21 14:05 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2012-12-21 14:05 . 2012-12-21 14:05 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2012-12-21 14:05 . 2012-12-21 14:05 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2012-12-21 14:05 . 2012-12-21 14:05 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2012-12-21 14:05 . 2012-12-21 14:05 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2012-12-21 14:04 . 2012-12-21 14:04 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2012-12-21 14:04 . 2012-12-21 14:04 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2012-12-21 14:04 . 2012-12-21 14:04 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2012-12-21 14:04 . 2012-12-21 14:04 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2012-12-21 14:04 . 2012-12-21 14:04 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2012-12-11 16:49 . 2012-12-11 17:39 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\NPE

2012-12-06 22:14 . 2012-12-06 22:14 -------- d-----w- c:\documents and settings\Mark\Application Data\RoboForm

2012-12-06 22:13 . 2012-12-06 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm

2012-12-06 18:05 . 2012-12-21 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-12-06 18:05 . 2012-12-06 18:05 -------- d-----w- c:\program files\AVAST Software

2012-12-05 05:12 . 2012-09-25 07:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-12-05 04:45 . 2012-12-05 04:45 -------- d-----w- c:\program files\iPod

2012-12-05 04:45 . 2012-12-05 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-05 04:45 . 2012-12-05 04:46 -------- d-----w- c:\program files\iTunes

2012-11-27 02:22 . 2012-11-27 02:26 -------- dc-h--w- c:\windows\ie8

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-22 21:24 . 2012-06-28 19:56 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-12-19 04:38 . 2012-05-05 16:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-19 04:38 . 2011-05-20 18:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-19 03:59 . 2009-04-16 19:12 466008 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec

2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-10-02 18:02 . 2012-10-02 18:03 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-02 18:02 . 2011-08-18 22:04 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-30 03:54 . 2011-07-28 14:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 18:32 . 2009-09-13 18:08 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-09-28 18:32 . 2009-09-13 18:08 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-07-27 06:07 . 2012-12-05 07:36 306256 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2012-12-05 07:37 . 2012-12-05 07:36 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]

2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl_v2\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-04-27 6065784]

"DAEMON Tools Pro Agent"="c:\util\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"V0230Mon.exe"="c:\windows\system32\V0230Mon.exe" [2006-07-19 36961]

"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-23 1226024]

"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]

"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]

"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-11-18 75048]

"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2008-09-11 3622184]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]

"NvMediaCenter"="NvMCTray.dll" [2011-05-21 111208]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" [2010-09-17 222504]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-29 151952]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Z1"="c:\util\mbar\mbar\mbar.exe" [2012-12-04 1342312]

.

c:\documents and settings\Mark\Start Menu\Programs\Startup\

Check for TWS Updates.lnk - c:\program files\Jts\WiseUpdt.exe [2011-9-7 194775]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-24 113664]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-29 607584]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

TotalMedia Server.lnk - c:\program files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2011-8-17 519744]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"DisableRegedit"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:7d3c1119dc00

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\ArcSoft\\TotalMedia Theatre 5\\TotalMedia Server\\TM Server.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Calibre2\\calibre.exe"=

"c:\\Program Files\\SAMSUNG\\Intelli-studio\\iStudio.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\dwld\\tinyumbrella-6.01.01.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"50000:UDP"= 50000:UDP:IHA_MessageCenter

.

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [4/11/2009 4:49 PM 113904]

R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [6/27/2009 8:53 AM 96512]

R1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [9/21/2010 8:10 AM 192504]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 9:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 9:15 AM 66632]

R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [4/11/2009 4:49 PM 79616]

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/24 13:54];c:\program files\Cyberlink\PowerDVD10\NavFilter\000.fcl [11/17/2010 8:29 PM 87536]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/31 16:45];c:\program files\Cyberlink\PowerDVD9\000.fcl [3/30/2009 4:53 PM 87536]

R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [11/18/2010 2:58 PM 20328]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [5/24/2011 3:02 PM 352248]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 4:53 PM 13672]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [2/18/2010 2:01 PM 462632]

R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\RemotelyAnywhere\x86\rainfo.sys [4/17/2007 1:00 PM 12992]

R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [4/4/2010 7:20 AM 46000]

R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4/11/2009 4:49 PM 1990656]

R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 4:54 AM 206120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 4:54 AM 185640]

R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [5/29/2009 9:02 AM 66944]

R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [4/11/2009 4:49 PM 61952]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/6/2012 8:03 PM 106656]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/28/2012 11:56 AM 35144]

R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [4/17/2007 1:00 PM 10168]

R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [6/24/2010 11:43 PM 6272]

R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [6/24/2010 11:43 PM 500480]

S2 gupdate1ca0bc6b51516ae;Google Update Service (gupdate1ca0bc6b51516ae);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2009 10:52 AM 133104]

S2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\StorageCraft\ImageManager\ImageManager.exe [10/24/2007 2:26 PM 69632]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [8/11/2009 7:45 AM 1684736]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [7/7/2011 8:11 AM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [7/7/2011 8:11 AM 8456]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/26/2009 8:59 PM 47360]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 9:15 AM 12872]

S4 RARfsClientNP;RARfsClientNP; [x]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mbamswissarmy

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 04:38]

.

2012-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]

.

2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 18:52]

.

2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 18:52]

.

2012-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003Core.job

- c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 18:37]

.

2012-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003UA.job

- c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 18:37]

.

2012-12-25 c:\windows\Tasks\User_Feed_Synchronization-{2CBD512D-8063-47FF-BF6E-5ACAA41EC901}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]

.

2012-12-25 c:\windows\Tasks\User_Feed_Synchronization-{A7972C66-43AF-4964-A40E-32D2946479FE}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468

IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=

FF - ExtSQL: !HIDDEN! 2010-07-03 11:51; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - ExtSQL: !HIDDEN! 2011-02-08 20:36; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Classifieds Searcher - Free_is1 - c:\program files\Classifieds Searcher - Free\unins000.exe

AddRemove-Collectorz.com Movie Collector - c:\progra~1\MOVIEC~1\UNWISE.EXE

AddRemove-Greetings Workshop - c:\program files\Greetings Workshop\SETUP\setup.exe

AddRemove-{901BAC9F-7721-4215-B62A-D342909C0DBA}_is1 - c:\program files\PDF DRM Removal\unins000.exe

AddRemove-Trader Workstation - c:\windows\system32\javaws.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-25 15:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1000)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\RARfsClientNP.dll

.

- - - - - - - > 'lsass.exe'(1060)

c:\windows\system32\RARfsClientNP.dll

.

Completion time: 2012-12-25 15:55:51

ComboFix-quarantined-files.txt 2012-12-25 23:55

.

Pre-Run: 122,068,684,800 bytes free

Post-Run: 146,752,929,792 bytes free

.

- - End Of File - - E59420902B8CC1183898BF2309D7E6EB

Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Link to post
Share on other sites

# AdwCleaner v2.103 - Logfile created 12/26/2012 at 09:31:53

# Updated 25/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - MYPC

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Mark\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files\Conduit

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Found : HKLM\Software\Conduit

Key Found : HKU\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2750 octets] - [26/12/2012 09:29:21]

AdwCleaner[R2].txt - [1623 octets] - [26/12/2012 09:31:53]

########## EOF - \AdwCleaner[R2].txt - [1683 octets] ##########

Link to post
Share on other sites

Some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

~~~~~~~~~~~~~~~~~~~~~~

Then..........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

# AdwCleaner v2.103 - Logfile created 12/26/2012 at 10:20:02

# Updated 25/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - MYPC

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Mark\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKU\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2750 octets] - [26/12/2012 09:29:21]

AdwCleaner[R2].txt - [1750 octets] - [26/12/2012 09:31:53]

AdwCleaner[R3].txt - [1810 octets] - [26/12/2012 10:18:45]

AdwCleaner[s1].txt - [1769 octets] - [26/12/2012 10:20:02]

########## EOF - \AdwCleaner[s1].txt - [1829 octets] ##########

Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Symantec Endpoint Protection

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

SUPERAntiSpyware Free Edition

Malwarebytes Anti-Malware version 1.65.1.1000

CCleaner

Java 7 Update 9

Adobe Flash Player 11.5.502.135

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (Meeting.)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Java 7 Update 9 <---please check for an update > should be Update 10

Adobe Reader 9 Adobe Reader out of Date! <---please check for an update

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.