tinnyhawk Posted July 4, 2010 ID:279404 Share Posted July 4, 2010 After a Defense Center attack while trying to install XP svc pack 3 "Defense Center" appeared on mt desktop. I have tried to remove it for the past 3 days with MBAM etc. Now MBAM closes at the "OK" screen after scanning and listing the # of infections but without allowing the show all or creating a log. Last night I started having problems with "winlogon". This is a great forum and you all seem to provide great assistance. Pasted and attached are the requested files from the instructions. Due tio file size limit I was unable to attach the "ark" scan log. I will try a second post.DDS (Ver_10-03-17.01) - NTFSx86 Run by Jon at 20:03:11.75 on Sat 07/03/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3070.2237 [GMT -4:00]AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exec:\windows\system32\svchost -k dcomlaunchc:\windows\system32\svchost -k rpcssC:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeC:\Program Files\BitDefender\BitDefender 2010\vsserv.exec:\windows\system32\svchost.exe -k netsvcsc:\windows\system32\svchost.exe -k networkservicec:\windows\system32\svchost.exe -k localserviceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\stsystra.exeC:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exeC:\Program Files\Pure Networks\Network Magic\nmapp.exeC:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exeC:\PROGRAM FILES\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exeC:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\BitDefender\BitDefender 2010\bdagent.exeC:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exeC:\WINDOWS\system32\ctfmon.exec:\windows\system32\svchost.exe -k localserviceC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Dell Support\DSAgnt.exeC:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Audible\Bin\AudibleDownloadHelper.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exeC:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\WINDOWS\system32\mrtMngr.EXEC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\Program Files\Retrospect\Retrospect 7.5\retrorun.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exec:\windows\system32\svchost.exe -k imgsvcC:\Program Files\Smith Micro\StuffIt\ArcNameService.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exeC:\WINDOWS\system32\WTablet\Wacom_TabletUser.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeC:\Program Files\BitDefender\BitDefender 2010\seccenter.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\WISPTIS.EXEC:\WINDOWS\System32\alg.exec:\windows\system32\svchost.exe -k httpfilterC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exeC:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Jon\Desktop\dds.scrC:\WINDOWS\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061027uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061027uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: {149256D5-E103-4523-BB43-2CFB066839D6} - No FileBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLLBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0 ce\acrobat\AcroIEFavClient.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dllBHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0 ce\acrobat\AcroIEFavClient.dllTB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dllTB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllTB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0 ce\acrobat\AcroIEFavClient.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [{14FBA5AA-865E-7A28-E1F5-D22E668F95C3}] "c:\windows\system32\config\systemprofile\application data\vuhea\oczao.exe"uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startupmRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -bootmRun: [sigmatelSysTrayApp] stsystra.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [PaperPort PTD] "c:\program files\dell\dell laser mfp 1815\paperport\pptd40nt.exe"mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exemRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplashmRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resumemRun: [MFP1815_S2P] c:\program files\dell\dell laser mfp 1815\psu\Scan2Pc.exemRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startupmRun: [indexSearch] "c:\program files\dell\dell laser mfp 1815\paperport\IndexSearch.exe"mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [EPSON Stylus Pro 7600] c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE /P21 "EPSON Stylus Pro 7600" /O6 "USB003" /M "Stylus Pro 7600"mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exemRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXEmRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCentermRun: [DellNSCST_GRNCH] "c:\program files\dell\dell laser mfp 1815\networkscan\DNSCST.exe" /HIDEUImRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exemRun: [bitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"mRun: [AdobeVersionCue] c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exeStartupFolder: c:\documents and settings\jon\start menu\programs\startup\wwwamq32.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0 ce\distillr\acrotray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks pro\components\qbagent\QBDAgent.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXEIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLDPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CABDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dllNotify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dllAppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllLSA: Notification Packages = scecli scecli scecli scecli================= FIREFOX ===================FF - ProfilePath - c:\docume~1\jon\applic~1\mozilla\firefox\profiles\5123wrpg.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - GoogleFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=customc:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscoveryc:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");============= SERVICES / DRIVERS ===============R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]S2 gupdate1ca4051e748bb34;Google Update Service (gupdate1ca4051e748bb34);c:\program files\google\update\GoogleUpdate.exe [2009-9-28 133104]S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]=============== Created Last 30 ================2010-07-03 23:53:05 0 ----a-w- c:\documents and settings\jon\defogger_reenable2010-07-03 13:07:56 0 d-----w- c:\program files\CCleaner2010-07-02 17:18:14 763832 ----a-w- c:\windows\BDTSupport.dll.old2010-07-02 17:18:13 1652664 ----a-w- c:\windows\PCTBDCore.dll.old2010-07-02 17:14:55 0 d-----w- c:\program files\Spyware Doctor2010-07-02 15:06:56 86528 ----a-w- c:\windows\system32\dllcache\directdb.dll2010-07-01 23:34:48 0 d-----w- c:\windows\pss2010-07-01 18:32:10 36 ----a-w- c:\program files\skynet.dat2010-07-01 18:31:56 0 d-----w- c:\program files\Sysinternals Antivirus2010-07-01 15:57:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-07-01 15:57:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-07-01 15:57:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-01 15:40:03 32424 ---ha-w- c:\windows\system32\mlfcache.dat2010-06-30 16:37:12 382464 ------w- c:\windows\system32\_003438_.tmp.dll2010-06-30 16:37:12 2897920 ------w- c:\windows\system32\_003437_.tmp.dll2010-06-30 16:13:01 0 d-sh--w- c:\documents and settings\jon\PrivacIE2010-06-30 16:10:31 0 d-----w- c:\program files\Defense Center2010-06-30 14:38:36 0 d-----w- c:\windows\system32\XPSViewer2010-06-30 14:37:15 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll2010-06-30 14:37:15 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe2010-06-30 14:37:15 117760 ------w- c:\windows\system32\prntvpt.dll2010-06-30 14:37:14 575488 ------w- c:\windows\system32\xpsshhdr.dll2010-06-30 14:37:14 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll2010-06-30 14:37:14 1676288 ------w- c:\windows\system32\xpssvcs.dll2010-06-30 14:37:14 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll2010-06-30 14:31:24 0 d-----w- c:\program files\MSXML 6.02010-06-30 13:14:59 0 d-sh--w- c:\documents and settings\jon\IETldCache2010-06-29 20:08:53 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll2010-06-29 20:08:53 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll2010-06-29 20:08:53 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2010-06-29 20:08:40 0 d-----w- c:\windows\ie8updates2010-06-29 20:08:27 41984 ------w- c:\windows\system32\dllcache\iecompat.dll2010-06-29 20:05:10 0 dc-h--w- c:\windows\ie82010-06-29 18:30:28 382464 ------w- c:\windows\system32\_003401_.tmp.dll2010-06-29 18:30:28 2897920 ------w- c:\windows\system32\_003400_.tmp.dll2010-06-29 01:26:00 0 d-----w- c:\program files\WebEx2010-06-29 01:25:16 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys2010-06-29 01:25:08 25264 ----a-w- c:\windows\system32\drivers\purendis.sys2010-06-29 00:07:26 411 ----a-w- c:\documents and settings\jon\.js2010-06-19 20:19:53 0 ----a-w- c:\documents and settings\jon\tracert2010-06-16 16:50:30 0 d-----w- c:\program files\Linksys2010-06-15 17:46:37 0 d-----w- c:\windows\system32\scripting2010-06-15 17:46:36 0 d-----w- c:\windows\l2schemas2010-06-15 17:46:34 0 d-----w- c:\windows\system32\en2010-06-15 17:46:34 0 d-----w- c:\windows\system32\bits2010-06-15 17:34:59 71040 ------w- c:\windows\system32\drivers\_003082_.tmp.dll2010-06-15 17:34:59 1850880 ------w- c:\windows\system32\_003107_.tmp.dll2010-06-15 17:34:59 146432 ------w- c:\windows\system32\_003105_.tmp.dll2010-06-15 17:34:59 132096 ------w- c:\windows\system32\_003104_.tmp.dll2010-06-15 17:34:59 101888 ------w- c:\windows\system32\_003106_.tmp.dll2010-06-15 17:31:24 0 d-----w- c:\windows\EHome2010-06-04 15:09:58 0 d-----w- c:\program files\Microsoft2010-06-04 15:09:48 0 d-----w- c:\program files\MSN Toolbar2010-06-04 15:09:13 0 d-----w- c:\program files\MSN Toolbar Installer2010-06-04 15:08:14 411368 ----a-w- c:\windows\system32\deployJava1.dll==================== Find3M ====================2010-05-14 14:40:47 81984 ----a-w- c:\windows\system32\bdod.bin2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe2010-05-04 17:20:33 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\dllcache\win32k.sys2010-05-02 05:56:34 1850880 ------w- c:\windows\system32\_003358_.tmp.dll2010-05-02 05:56:34 1850880 ------w- c:\windows\system32\_003345_.tmp.dll2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll2010-04-20 05:51:20 285696 ------w- c:\windows\system32\dllcache\atmfd.dll2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe2010-04-06 08:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll2010-01-27 17:49:18 88 --sh--r- c:\windows\system32\2D2C236A3D.sys2010-01-27 17:50:09 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys============= FINISH: 20:05:11.37 ===============Attach.zip Link to post Share on other sites More sharing options...
tinnyhawk Posted July 4, 2010 Author ID:279407 Share Posted July 4, 2010 This is in addition to previous post. The "ark" zip file. I have also attached the "Hijackthis log"ark.ziphijackthis_log_7_3_10.zip Link to post Share on other sites More sharing options...
kahdah Posted July 4, 2010 ID:279438 Share Posted July 4, 2010 Hello tinnyhawkWelcome to Malwarebytes.=====================Looking at your system now, one or more of the identified infections is a backdoor Trojan\Rootkit.If this computer is ever used for on-line banking, I suggest you do the following immediately:1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.=======Download TDSSKiller and save it to your Desktop.Right click on the file and choose extract all extract the file to your desktop then run it.If prompted to restart the computer type in Y then it will restart.Or if you are prompted with a hidden service warning do press the Y to delete it.Once completed it will create a log in your C:\ drivePlease post the contents of that log========Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
tinnyhawk Posted July 4, 2010 Author ID:279515 Share Posted July 4, 2010 Hello Kahdah! Thank you for your quick response. Earlier today I found the instructions for "rootkit repair" at: http://forums.malwarebytes.org/index.php?showtopic=9573I followed these instructions and deleted the "PRAGMA.sys" file that was found.I then was able to run MBAM successfully. Here is the log from that scan: (I then ran subsequent scans below)Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4275Windows 5.1.2600 Service Pack 2Internet Explorer 8.0.6001.187027/4/2010 1:05:17 PMmbam-log-2010-07-04 (13-05-17).txtScan type: Quick scanObjects scanned: 144095Time elapsed: 20 minute(s), 0 second(s)Memory Processes Infected: 0And then the latest scan:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4275Windows 5.1.2600 Service Pack 2Internet Explorer 8.0.6001.187027/4/2010 5:23:33 PMmbam-log-2010-07-04 (17-23-33).txtScan type: Quick scanObjects scanned: 145036Time elapsed: 19 minute(s), 38 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)I then ran TDSS Killer: It found 0 infected Registry objects and 0 infected file objects.I am unable to generate a TDSS log or copy the info directly to paste.Do I need to take further action. I use another computer for my online banking but I do have some xxwords and do make purchases from this machine. I will change passwords and send out the alerts.Once again my thanks. I can make a small donation, is ther any other way I can help out?Memory Modules Infected: 0Registry Keys Infected: 12Registry Values Infected: 4Registry Data Items Infected: 0Folders Infected: 6Files Infected: 41Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{149256d5-e103-4523-bb43-2cfb066839d6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{149256d5-e103-4523-bb43-2cfb066839d6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256d5-e103-4523-bb43-2cfb066839d6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pragmathqowfjpwi (Trojan.DNSChanger) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Sysinternals Antivirus (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malwarebytes anti-malware (rootkit-scan) (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\WINDOWS\PRAGMAthqowfjpwi (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Start Menu\Programs\Sysinternals Antivirus (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService\Start Menu\Programs\Sysinternals Antivirus (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.C:\Program Files\Sysinternals Antivirus (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.C:\Program Files\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Start Menu\Programs\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.Files Infected:C:\Documents and Settings\Jon\Local Settings\Temp\RjQL.exe (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Local Settings\Temp\mschrt20ex.dll (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Local Settings\Temp\AUTMGR32.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\~TM36E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\mschrt20ex.dll (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\WINDOWS\PRAGMAthqowfjpwi\pragmabbr.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\WINDOWS\PRAGMAthqowfjpwi\PRAGMAc.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\WINDOWS\PRAGMAthqowfjpwi\PRAGMAcfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\WINDOWS\PRAGMAthqowfjpwi\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\WINDOWS\PRAGMAthqowfjpwi\pragmaserf.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\WINDOWS\PRAGMAthqowfjpwi\PRAGMAsrcr.dat (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.C:\Program Files\Defense Center\about.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Program Files\Defense Center\activate.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Program Files\Defense Center\buy.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Program Files\Defense Center\def.db (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Program Files\Defense Center\defext.dll (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Program Files\Defense Center\defhook.dll (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Program Files\Defense Center\help.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Program Files\Defense Center\scan.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Program Files\Defense Center\settings.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Program Files\Defense Center\splash.mp3 (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Program Files\Defense Center\Uninstall.exe (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Program Files\Defense Center\update.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Program Files\Defense Center\virus.mp3 (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Start Menu\Programs\Defense Center\About.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Start Menu\Programs\Defense Center\Activate.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Start Menu\Programs\Defense Center\Buy.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Start Menu\Programs\Defense Center\Defense Center Support.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Start Menu\Programs\Defense Center\Defense Center.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Start Menu\Programs\Defense Center\Scan.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Start Menu\Programs\Defense Center\Settings.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Start Menu\Programs\Defense Center\Update.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Defense Center.LNK (Rogue.DefenseCenter) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Start Menu\Programs\Startup\wwwamq32.exe (Trojan.Bredolab) -> Delete on reboot.C:\Documents and Settings\LocalService\Desktop\Sysinternals Antivirus.LNK (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.C:\Program Files\skynet.dat (Malware.Trace) -> Quarantined and deleted successfully.C:\Documents and Settings\Jon\Local Settings\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe.exe (Trojan.Agent) -> Delete on reboot.Next scan:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4275Windows 5.1.2600 Service Pack 2Internet Explorer 8.0.6001.187027/4/2010 1:54:51 PMmbam-log-2010-07-04 (13-54-51).txtScan type: Quick scanObjects scanned: 144771Time elapsed: 16 minute(s), 4 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malwarebytes anti-malware (reboot) (Trojan.Agent) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
tinnyhawk Posted July 4, 2010 Author ID:279531 Share Posted July 4, 2010 Hello Kahdah, I also ran the combofix program as per instructions below is the log:ComboFix 10-07-04.01 - Jon 07/04/2010 18:59:01.1.2 - x86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3070.2165 [GMT -4:00]Running from: c:\documents and settings\Jon\Desktop\ComboFix.exeAV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\LOG214.tmpC:\LOG317.tmpc:\windows\system32\_003098_.tmp.dllc:\windows\system32\_003099_.tmp.dllc:\windows\system32\_003100_.tmp.dllc:\windows\system32\_003101_.tmp.dllc:\windows\system32\_003104_.tmp.dllc:\windows\system32\_003105_.tmp.dllc:\windows\system32\_003106_.tmp.dllc:\windows\system32\_003107_.tmp.dllc:\windows\system32\_003108_.tmp.dllc:\windows\system32\_003109_.tmp.dllc:\windows\system32\_003110_.tmp.dllc:\windows\system32\_003111_.tmp.dllc:\windows\system32\_003113_.tmp.dllc:\windows\system32\_003114_.tmp.dllc:\windows\system32\_003117_.tmp.dllc:\windows\system32\_003118_.tmp.dllc:\windows\system32\_003120_.tmp.dllc:\windows\system32\_003121_.tmp.dllc:\windows\system32\_003122_.tmp.dllc:\windows\system32\_003124_.tmp.dllc:\windows\system32\_003125_.tmp.dllc:\windows\system32\_003127_.tmp.dllc:\windows\system32\_003128_.tmp.dllc:\windows\system32\_003129_.tmp.dllc:\windows\system32\_003130_.tmp.dllc:\windows\system32\_003131_.tmp.dllc:\windows\system32\_003132_.tmp.dllc:\windows\system32\_003133_.tmp.dllc:\windows\system32\_003135_.tmp.dllc:\windows\system32\_003136_.tmp.dllc:\windows\system32\_003137_.tmp.dllc:\windows\system32\_003138_.tmp.dllc:\windows\system32\_003140_.tmp.dllc:\windows\system32\_003141_.tmp.dllc:\windows\system32\_003142_.tmp.dllc:\windows\system32\_003143_.tmp.dllc:\windows\system32\_003144_.tmp.dllc:\windows\system32\_003146_.tmp.dllc:\windows\system32\_003147_.tmp.dllc:\windows\system32\_003148_.tmp.dllc:\windows\system32\_003149_.tmp.dllc:\windows\system32\_003150_.tmp.dllc:\windows\system32\_003151_.tmp.dllc:\windows\system32\_003152_.tmp.dllc:\windows\system32\_003154_.tmp.dllc:\windows\system32\_003155_.tmp.dllc:\windows\system32\_003156_.tmp.dllc:\windows\system32\_003157_.tmp.dllc:\windows\system32\_003158_.tmp.dllc:\windows\system32\_003159_.tmp.dllc:\windows\system32\_003161_.tmp.dllc:\windows\system32\_003162_.tmp.dllc:\windows\system32\_003164_.tmp.dllc:\windows\system32\_003165_.tmp.dllc:\windows\system32\_003169_.tmp.dllc:\windows\system32\_003170_.tmp.dllc:\windows\system32\_003172_.tmp.dllc:\windows\system32\_003175_.tmp.dllc:\windows\system32\_003177_.tmp.dllc:\windows\system32\_003178_.tmp.dllc:\windows\system32\_003179_.tmp.dllc:\windows\system32\_003180_.tmp.dllc:\windows\system32\_003183_.tmp.dllc:\windows\system32\_003184_.tmp.dllc:\windows\system32\_003185_.tmp.dllc:\windows\system32\_003186_.tmp.dllc:\windows\system32\_003187_.tmp.dllc:\windows\system32\_003192_.tmp.dllc:\windows\system32\_003194_.tmp.dllc:\windows\system32\_003195_.tmp.dllc:\windows\system32\_003342_.tmp.dllc:\windows\system32\_003343_.tmp.dllc:\windows\system32\_003344_.tmp.dllc:\windows\system32\_003345_.tmp.dllc:\windows\system32\_003350_.tmp.dllc:\windows\system32\_003351_.tmp.dllc:\windows\system32\_003352_.tmp.dllc:\windows\system32\_003353_.tmp.dllc:\windows\system32\_003354_.tmp.dllc:\windows\system32\_003355_.tmp.dllc:\windows\system32\_003356_.tmp.dllc:\windows\system32\_003357_.tmp.dllc:\windows\system32\_003358_.tmp.dllc:\windows\system32\_003360_.tmp.dllc:\windows\system32\_003361_.tmp.dllc:\windows\system32\_003363_.tmp.dllc:\windows\system32\_003364_.tmp.dllc:\windows\system32\_003365_.tmp.dllc:\windows\system32\_003367_.tmp.dllc:\windows\system32\_003370_.tmp.dllc:\windows\system32\_003371_.tmp.dllc:\windows\system32\_003373_.tmp.dllc:\windows\system32\_003374_.tmp.dllc:\windows\system32\_003375_.tmp.dllc:\windows\system32\_003376_.tmp.dllc:\windows\system32\_003377_.tmp.dllc:\windows\system32\_003378_.tmp.dllc:\windows\system32\_003380_.tmp.dllc:\windows\system32\_003381_.tmp.dllc:\windows\system32\_003382_.tmp.dllc:\windows\system32\_003383_.tmp.dllc:\windows\system32\_003384_.tmp.dllc:\windows\system32\_003385_.tmp.dllc:\windows\system32\_003386_.tmp.dllc:\windows\system32\_003389_.tmp.dllc:\windows\system32\_003390_.tmp.dllc:\windows\system32\_003391_.tmp.dllc:\windows\system32\_003392_.tmp.dllc:\windows\system32\_003393_.tmp.dllc:\windows\system32\_003394_.tmp.dllc:\windows\system32\_003395_.tmp.dllc:\windows\system32\_003397_.tmp.dllc:\windows\system32\_003398_.tmp.dllc:\windows\system32\_003399_.tmp.dllc:\windows\system32\_003400_.tmp.dllc:\windows\system32\_003401_.tmp.dllc:\windows\system32\_003402_.tmp.dllc:\windows\system32\_003404_.tmp.dllc:\windows\system32\_003407_.tmp.dllc:\windows\system32\_003408_.tmp.dllc:\windows\system32\_003412_.tmp.dllc:\windows\system32\_003413_.tmp.dllc:\windows\system32\_003415_.tmp.dllc:\windows\system32\_003418_.tmp.dllc:\windows\system32\_003420_.tmp.dllc:\windows\system32\_003421_.tmp.dllc:\windows\system32\_003422_.tmp.dllc:\windows\system32\_003423_.tmp.dllc:\windows\system32\_003426_.tmp.dllc:\windows\system32\_003427_.tmp.dllc:\windows\system32\_003428_.tmp.dllc:\windows\system32\_003429_.tmp.dllc:\windows\system32\_003430_.tmp.dllc:\windows\system32\_003435_.tmp.dllc:\windows\system32\_003437_.tmp.dllc:\windows\system32\_003438_.tmp.dllc:\windows\system32\config\systemprofile\Application Data\Iwduc:\windows\system32\config\systemprofile\Application Data\Iwdu\here.exec:\windows\system32\config\systemprofile\Application Data\Vuheac:\windows\system32\config\systemprofile\Application Data\Vuhea\oczao.exec:\windows\system32\SET276.tmpc:\windows\system32\SET2C7.tmpc:\windows\system32\SET303.tmpc:\windows\system32\SET55A.tmpc:\windows\system32\SET5CB.tmpc:\windows\system32\SET6D4.tmp.((((((((((((((((((((((((( Files Created from 2010-06-04 to 2010-07-04 ))))))))))))))))))))))))))))))).2010-07-04 17:16 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-07-04 17:16 . 2010-07-04 17:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-04 17:16 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-07-04 17:12 . 2010-07-04 17:12 -------- d-sh--w- c:\documents and settings\Jon\IECompatCache2010-07-03 13:08 . 2010-07-03 13:08 -------- d-----w- c:\documents and settings\Jon\Application Data\Yahoo!2010-07-03 13:08 . 2010-07-03 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion2010-07-03 13:07 . 2010-07-03 13:08 -------- d-----w- c:\program files\CCleaner2010-07-02 17:19 . 2010-07-02 17:19 -------- d-----w- c:\documents and settings\Jon\Local Settings\Application Data\Threat Expert2010-07-02 17:14 . 2010-07-03 14:18 -------- d-----w- c:\program files\Spyware Doctor2010-07-02 15:06 . 2009-11-21 16:36 470528 ----a-w- c:\windows\system32\dllcache\aclayers.dll2010-07-01 15:40 . 2010-07-01 15:40 32424 ---ha-w- c:\windows\system32\mlfcache.dat2010-07-01 15:29 . 2010-07-01 15:29 -------- d-----w- c:\documents and settings\Jon\Local Settings\Application Data\Deployment2010-06-30 16:34 . 2004-08-04 09:00 71040 ------w- c:\windows\system32\drivers\_003328_.tmp.dll2010-06-30 16:13 . 2010-06-30 16:13 -------- d-sh--w- c:\documents and settings\Jon\PrivacIE2010-06-30 14:38 . 2010-06-30 14:38 -------- d-----w- c:\windows\system32\XPSViewer2010-06-30 14:38 . 2010-06-30 14:38 -------- d-----w- c:\program files\MSBuild2010-06-30 14:38 . 2010-06-30 14:38 -------- d-----w- c:\program files\Reference Assemblies2010-06-30 14:38 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll2010-06-30 14:37 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll2010-06-30 14:37 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll2010-06-30 14:37 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe2010-06-30 14:37 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe2010-06-30 14:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll2010-06-30 14:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll2010-06-30 14:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll2010-06-30 14:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll2010-06-30 14:31 . 2010-06-30 14:31 -------- d-----w- c:\program files\MSXML 6.02010-06-30 13:15 . 2010-07-04 21:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp2010-06-30 13:15 . 2010-06-30 13:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2010-06-30 13:14 . 2010-06-30 13:14 -------- d-sh--w- c:\documents and settings\Jon\IETldCache2010-06-29 20:08 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2010-06-29 20:08 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll2010-06-29 20:08 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll2010-06-29 20:08 . 2010-06-29 20:09 -------- d-----w- c:\windows\ie8updates2010-06-29 20:08 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll2010-06-29 20:05 . 2010-06-29 20:08 -------- dc-h--w- c:\windows\ie82010-06-29 18:29 . 2004-08-04 09:00 71040 ------w- c:\windows\system32\drivers\_003320_.tmp.dll2010-06-29 01:26 . 2010-06-29 01:26 -------- d-----w- c:\program files\WebEx2010-06-29 01:25 . 2008-12-12 22:05 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys2010-06-29 01:25 . 2008-12-12 22:05 25264 ----a-w- c:\windows\system32\drivers\purendis.sys2010-06-23 16:45 . 2010-06-23 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip2010-06-16 16:50 . 2010-07-02 16:07 -------- d-----w- c:\program files\Linksys2010-06-15 17:46 . 2010-07-02 15:16 -------- d-----w- c:\windows\system32\scripting2010-06-15 17:46 . 2010-07-02 15:16 -------- d-----w- c:\windows\l2schemas2010-06-15 17:46 . 2010-07-02 15:24 -------- d-----w- c:\windows\system32\bits2010-06-15 17:46 . 2010-07-02 15:16 -------- d-----w- c:\windows\system32\en2010-06-15 17:34 . 2004-08-04 09:00 71040 ------w- c:\windows\system32\drivers\_003082_.tmp.dll2010-06-15 17:31 . 2010-07-02 15:01 -------- d-----w- c:\windows\EHome.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-07-04 23:09 . 2008-06-04 21:36 -------- d-----w- c:\documents and settings\Jon\Application Data\WTablet2010-07-04 23:09 . 2008-06-05 14:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet2010-07-03 14:24 . 2010-07-03 14:24 351232 ----a-w- c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\5123wrpg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll2010-07-03 14:24 . 2010-07-03 14:24 139264 ----a-w- c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\5123wrpg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll2010-07-03 13:08 . 2006-10-27 16:23 -------- d-----w- c:\program files\Yahoo!2010-07-03 13:00 . 2008-04-30 20:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2010-07-03 12:55 . 2006-10-27 16:18 -------- d-----w- c:\program files\Trend Micro2010-07-01 20:08 . 2009-02-22 13:27 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Xiaxe2010-07-01 20:06 . 2010-06-29 14:07 20 ----a-w- c:\documents and settings\LocalService\Application Data\ohipmn.dat2010-07-01 15:39 . 2006-12-06 00:56 -------- d-----w- c:\documents and settings\Jon\Application Data\Apple Computer2010-07-01 15:29 . 2006-11-02 23:03 35792 ----a-w- c:\documents and settings\Jon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-06-29 19:47 . 2010-06-29 19:47 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\ohipmn.dat2010-06-29 18:46 . 2004-08-10 17:03 78375 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat2010-06-29 01:25 . 2010-06-29 01:25 8673792 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi2010-06-29 01:24 . 2006-11-01 17:54 -------- d-----w- c:\program files\Common Files\Pure Networks Shared2010-06-29 00:07 . 2010-06-29 00:07 16 ----a-w- c:\documents and settings\NetworkService\Application Data\ohipmn.dat2010-06-23 20:58 . 2007-01-10 00:51 -------- d-----w- c:\documents and settings\Jon\Application Data\QuadToneRIP2010-06-23 20:52 . 2007-01-10 00:46 -------- d-----w- c:\program files\QuadToneRIP2010-06-23 15:04 . 2010-06-23 15:04 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb33.tmp.exe2010-06-14 17:12 . 2008-04-17 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple2010-06-08 16:19 . 2008-05-21 16:22 -------- d-----w- c:\documents and settings\Jon\Application Data\FileZilla2010-06-04 15:10 . 2010-06-04 15:09 -------- d-----w- c:\program files\MSN Toolbar Installer2010-06-04 15:09 . 2010-06-04 15:09 -------- d-----w- c:\program files\Microsoft2010-06-04 15:09 . 2010-06-04 15:09 -------- d-----w- c:\program files\MSN Toolbar2010-06-04 15:09 . 2010-06-04 15:09 61440 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2fc85786-n\decora-sse.dll2010-06-04 15:09 . 2010-06-04 15:09 503808 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22c6d454-n\msvcp71.dll2010-06-04 15:09 . 2010-06-04 15:09 499712 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22c6d454-n\jmc.dll2010-06-04 15:09 . 2010-06-04 15:09 348160 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22c6d454-n\msvcr71.dll2010-06-04 15:09 . 2010-06-04 15:09 12800 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2fc85786-n\decora-d3d.dll2010-06-04 15:08 . 2006-10-27 16:06 -------- d-----w- c:\program files\Common Files\Java2010-06-04 15:07 . 2010-06-04 15:08 411368 ----a-w- c:\windows\system32\deployJava1.dll2010-06-04 15:07 . 2006-10-27 16:06 -------- d-----w- c:\program files\Java2010-05-14 23:19 . 2008-05-12 16:34 -------- d-----w- c:\program files\Logitech2010-05-14 14:47 . 2009-05-15 15:28 -------- d-----w- c:\program files\Common Files\BitDefender2010-05-14 14:47 . 2010-05-14 14:47 -------- d-----w- c:\documents and settings\Jon\Application Data\BitDefender2010-05-14 14:47 . 2009-05-15 16:25 -------- d-----w- c:\program files\BitDefender2010-05-14 14:47 . 2009-05-15 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender2010-05-14 14:40 . 2009-05-15 16:37 81984 ----a-w- c:\windows\system32\bdod.bin2010-05-06 19:20 . 2009-04-29 15:44 -------- d-----w- c:\program files\FileZilla FTP Client2010-05-06 10:41 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll2010-05-04 17:36 . 2010-05-04 17:36 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe2010-05-02 05:56 . 2010-07-02 15:06 1850880 ----a-w- c:\windows\system32\win32k.sys2010-04-20 05:51 . 2004-08-10 16:50 285696 ----a-w- c:\windows\system32\atmfd.dll2010-04-14 21:33 . 2010-04-14 21:33 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe2010-04-09 20:07 . 2010-04-09 20:07 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll2010-04-09 20:07 . 2010-04-09 20:07 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll2010-04-09 20:07 . 2010-04-09 20:07 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll2010-04-09 20:07 . 2010-04-09 20:07 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll2010-04-09 20:07 . 2010-04-09 20:07 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll2010-04-09 20:07 . 2010-04-09 20:07 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll2010-04-09 20:07 . 2010-04-09 20:07 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll2010-04-09 20:07 . 2010-04-09 20:07 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll2010-04-09 20:07 . 2010-04-09 20:07 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe2010-07-03 14:24 . 2006-11-21 18:48 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll2010-07-03 14:24 . 2006-11-21 18:48 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll2010-07-03 14:24 . 2006-11-21 18:48 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll2010-01-27 17:49 . 2006-11-02 23:03 88 --sh--r- c:\windows\system32\2D2C236A3D.sys2010-01-27 17:50 . 2006-11-02 23:03 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-09 202256]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]"PaperPort PTD"="c:\program files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exe" [2006-02-20 36864]"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-13 1261475]"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]"MFP1815_S2P"="c:\program files\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exe" [2006-04-13 258048]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"IndexSearch"="c:\program files\DELL\Dell Laser MFP 1815\PaperPort\IndexSearch.exe" [2006-02-20 40960]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-27 169984]"EPSON Stylus Pro 7600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"DellNSCST_GRNCH"="c:\program files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" [2006-05-08 278528]"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 462336]"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exe [2003-7-17 217180]Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-1 110592]Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-6-13 1754456]Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-27 24576]Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-16 805392]QuickBooks Delivery Agent.lnk - c:\program files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe [2006-11-1 118784]Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@=""[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"AdbUpd"=2 (0x2)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Dell\\Dell Laser MFP 1815\\NetworkScan\\DNSCST.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Retrospect\\Retrospect 7.5\\Retrospect.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Dell\\Dell Laser MFP 1815\\PaperPort\\pplinks.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\Smith Micro\\StuffIt\\CmdLine.exe"="c:\\Program Files\\EpsonNet\\EpsonNet Config V2\\EpsonNet Config.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"67:UDP"= 67:UDP:DHCP Discovery ServiceR3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2/3/2010 1:57 PM 153448]S2 gupdate1ca4051e748bb34;Google Update Service (gupdate1ca4051e748bb34);c:\program files\Google\Update\GoogleUpdate.exe [9/28/2009 11:39 AM 133104]S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 5:06 PM 183880][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx REG_MULTI_SZ scan.Contents of the 'Scheduled Tasks' folder2010-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]2010-07-04 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-30 14:12]2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 15:39]2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 15:39]2010-07-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2504132724-3732583134-2544123158-1007.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]2010-07-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2504132724-3732583134-2544123158-1007.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061027uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlDPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cabFF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\5123wrpg.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - GoogleFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=customc:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscoveryc:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");.- - - - ORPHANS REMOVED - - - -Notify-dimsntfy - (no file)Notify-WgaLogon - (no file)**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-07-04 19:10Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(880)c:\windows\system32\GTGina.dllc:\program files\common files\logitech\bluetooth\LBTWlgn.dllc:\program files\common files\logitech\bluetooth\LBTServ.dll- - - - - - - > 'explorer.exe'(3424)c:\windows\system32\WININET.dllc:\program files\Logitech\SetPoint\lgscroll.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\program files\Common Files\EPSON\EBAPI\eEBSVC.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\program files\LS_Duhem\lsdiorw\lsdiorw.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exec:\program files\Retrospect\Retrospect 7.5\retrorun.exec:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\program files\Dell Support Center\bin\sprtsvc.exec:\program files\Smith Micro\StuffIt\ArcNameService.exec:\windows\system32\Wacom_Tablet.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\windows\system32\WTablet\Wacom_TabletUser.exec:\windows\system32\Wacom_Tablet.exec:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exec:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exec:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\windows\system32\wscntfy.exec:\windows\stsystra.exec:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exec:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exec:\windows\system32\WISPTIS.EXEc:\program files\iPod\bin\iPodService.exec:\windows\system32\mrtMngr.EXEc:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE.**************************************************************************.Completion time: 2010-07-04 19:18:50 - machine was rebootedComboFix-quarantined-files.txt 2010-07-04 23:18Pre-Run: 49,909,891,072 bytes freePost-Run: 59,843,993,600 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetectCurrent=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6- - End Of File - - 27AFAE9AF4D50A0C38ED4710B606866DOnce again many thanks for this forum etc.!!!!!Tinnyhawk :-) Link to post Share on other sites More sharing options...
kahdah Posted July 5, 2010 ID:279675 Share Posted July 5, 2010 Looks much better.As a final check - Please perform the following online scan:* Go here to run an online scannner from ESET.Note: You will need to use Internet explorer for this scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartCheck next options: Remove found threats and Scan unwanted applications.Click ScanWait for the scan to finishUse notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
tinnyhawk Posted July 5, 2010 Author ID:279804 Share Posted July 5, 2010 Once again thank you!!! I performed the ESET scan below is the scan log:ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6211# api_version=3.0.2# EOSSerial=66883a9301ddbf44b8d4893518e2fccb# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2010-07-05 05:05:16# local_time=2010-07-05 01:05:16 (-0500, Eastern Daylight Time)# country="United States"# lang=9# osver=5.1.2600 NT Service Pack 2# compatibility_mode=512 16777215 100 0 0 0 0 0# compatibility_mode=2560 16777215 100 0 0 0 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=136740# found=2# cleaned=2# scan_time=5578C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Application Data\Iwdu\here.exe.vir Win32/Spy.Zbot.YW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Application Data\Vuhea\oczao.exe.vir Win32/Spy.Zbot.YW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CLet me know if I should take any further action. Link to post Share on other sites More sharing options...
kahdah Posted July 5, 2010 ID:279811 Share Posted July 5, 2010 Nope looks good I would like to see one more DDS log to ensure nothing was missed so please run DDS once more and post the DDS.txt log only.Also let me know of any remaining issues. Link to post Share on other sites More sharing options...
tinnyhawk Posted July 6, 2010 Author ID:280184 Share Posted July 6, 2010 Hi Kahdah: Below is the DDS LogDDS (Ver_10-03-17.01) - NTFSx86 Run by Jon at 11:13:42.87 on Tue 07/06/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3070.2217 [GMT -4:00]AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeC:\Program Files\BitDefender\BitDefender 2010\vsserv.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\stsystra.exeC:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exeC:\Program Files\Pure Networks\Network Magic\nmapp.exeC:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exeC:\PROGRAM FILES\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\Program Files\Retrospect\Retrospect 7.5\retrorun.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exeC:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exeC:\Program Files\BitDefender\BitDefender 2010\bdagent.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Dell Support\DSAgnt.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Smith Micro\StuffIt\ArcNameService.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exeC:\WINDOWS\system32\WTablet\Wacom_TabletUser.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\Program Files\Audible\Bin\AudibleDownloadHelper.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exeC:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\WINDOWS\system32\mrtMngr.EXEC:\Program Files\BitDefender\BitDefender 2010\seccenter.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\WISPTIS.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\wscript.exeL:\Downloads\Computer problem solutions\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061027uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLLBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0 ce\acrobat\AcroIEFavClient.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dllBHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0 ce\acrobat\AcroIEFavClient.dllTB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dllTB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllTB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileuRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startupuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -bootmRun: [sigmatelSysTrayApp] stsystra.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [PaperPort PTD] "c:\program files\dell\dell laser mfp 1815\paperport\pptd40nt.exe"mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exemRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplashmRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resumemRun: [MFP1815_S2P] c:\program files\dell\dell laser mfp 1815\psu\Scan2Pc.exemRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startupmRun: [indexSearch] "c:\program files\dell\dell laser mfp 1815\paperport\IndexSearch.exe"mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [EPSON Stylus Pro 7600] c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE /P21 "EPSON Stylus Pro 7600" /O6 "USB003" /M "Stylus Pro 7600"mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exemRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXEmRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCentermRun: [DellNSCST_GRNCH] "c:\program files\dell\dell laser mfp 1815\networkscan\DNSCST.exe" /HIDEUImRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exemRun: [bitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"mRun: [AdobeVersionCue] c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0 ce\distillr\acrotray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks pro\components\qbagent\QBDAgent.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXEIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLDPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CABDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dllNotify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dllAppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllLSA: Notification Packages = scecli scecli================= FIREFOX ===================FF - ProfilePath - c:\docume~1\jon\applic~1\mozilla\firefox\profiles\5123wrpg.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - GoogleFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=customc:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscoveryc:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");============= SERVICES / DRIVERS ===============R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]S2 gupdate1ca4051e748bb34;Google Update Service (gupdate1ca4051e748bb34);c:\program files\google\update\GoogleUpdate.exe [2009-9-28 133104]S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]=============== Created Last 30 ================2010-07-05 19:35:37 16896 ----a-w- c:\windows\system32\SET13DC.tmp2010-07-05 19:35:26 177152 ----a-w- c:\windows\system32\SET13B2.tmp2010-07-05 19:35:13 354304 ----a-w- c:\windows\system32\SET1380.tmp2010-07-05 19:21:43 1033728 ----a-w- c:\windows\SET7F9.tmp2010-07-05 19:20:52 147968 ----a-w- c:\windows\system32\SET73C.tmp2010-07-05 19:19:59 36864 ----a-w- c:\windows\system32\SET5F6.tmp2010-07-05 19:18:59 44032 ----a-w- c:\windows\system32\SET21E.tmp2010-07-05 19:15:04 19569 ----a-w- c:\windows\002914_.tmp2010-07-05 19:11:02 44928 ----a-w- c:\windows\system32\drivers\agpcpq.sys2010-07-05 19:11:02 43008 ----a-w- c:\windows\system32\drivers\amdagp.sys2010-07-05 19:11:02 42752 ----a-w- c:\windows\system32\drivers\alim1541.sys2010-07-05 19:11:02 42368 ----a-w- c:\windows\system32\drivers\agp440.sys2010-07-05 19:11:02 37376 ----a-w- c:\windows\system32\drivers\amdk7.sys2010-07-05 19:11:01 137728 ------w- c:\windows\system32\drivers\hdaudbus.sys2010-07-05 19:11:00 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys2010-07-05 19:11:00 29056 ----a-w- c:\windows\system32\drivers\ip6fw.sys2010-07-05 19:11:00 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys2010-07-05 19:11:00 11043 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys2010-07-05 19:10:59 67584 ----a-w- c:\windows\system32\drivers\sdbus.sys2010-07-05 19:10:59 41088 ----a-w- c:\windows\system32\drivers\sisagp.sys2010-07-05 19:10:59 12416 ----a-w- c:\windows\system32\drivers\tunmp.sys2010-07-05 19:10:59 11136 ----a-w- c:\windows\system32\drivers\sffdisk.sys2010-07-05 19:10:59 10240 ----a-w- c:\windows\system32\drivers\sffp_sd.sys2010-07-05 19:10:58 42240 ----a-w- c:\windows\system32\drivers\viaagp.sys2010-07-05 19:10:58 382464 ----a-w- c:\windows\system32\qmgr.dll2010-07-05 19:10:58 2897920 ----a-w- c:\windows\system32\xpsp2res.dll2010-07-05 19:08:59 27264 ----a-w- c:\windows\system32\drivers\usbehci.sys2010-07-05 19:08:25 16896 ----a-w- c:\windows\system32\dllcache\fltlib.dll2010-07-05 19:08:23 539136 ----a-w- c:\windows\system32\dllcache\msftedit.dll2010-07-05 19:08:15 25088 ----a-w- c:\windows\system32\dllcache\httpapi.dll2010-07-05 19:08:11 263552 ----a-w- c:\windows\system32\drivers\http.sys2010-07-05 19:08:11 263552 ----a-w- c:\windows\system32\dllcache\http.sys2010-07-05 19:08:08 134144 ----a-w- c:\windows\system32\dllcache\mssap.dll2010-07-05 19:08:05 128896 ----a-w- c:\windows\system32\drivers\fltmgr.sys2010-07-05 19:08:05 128896 ----a-w- c:\windows\system32\dllcache\fltmgr.sys2010-07-05 19:07:59 23040 ----a-w- c:\windows\system32\dllcache\fltmc.exe2010-07-05 19:07:53 352256 ----a-w- c:\windows\system32\dllcache\winhttp.dll2010-07-05 19:07:51 764868 ----a-w- c:\windows\system32\dllcache\apph_sp.sdb2010-07-05 19:07:47 272128 ----a-w- c:\windows\system32\dllcache\bthport.sys2010-07-05 19:07:47 272128 ------w- c:\windows\system32\drivers\bthport.sys2010-07-05 19:07:42 75776 ----a-w- c:\windows\system32\dllcache\strmfilt.dll2010-07-05 19:07:03 470528 ----a-w- c:\windows\system32\dllcache\aclayers.dll2010-07-05 19:07:02 57344 ----a-w- c:\windows\system32\dllcache\agentdpv.dll2010-07-05 19:07:02 42496 ----a-w- c:\windows\system32\dllcache\agentdp2.dll2010-07-05 19:07:02 256512 ----a-w- c:\windows\system32\dllcache\agentsvr.exe2010-07-05 19:07:01 217118 ----a-w- c:\windows\system32\dllcache\apphelp.sdb2010-07-05 19:05:58 65536 ----a-w- c:\windows\system32\dllcache\asycfilt.dll2010-07-05 19:04:59 332800 ----a-w- c:\windows\system32\dllcache\netapi32.dll2010-07-05 19:03:59 95744 ----a-w- c:\windows\system32\scardsvr.exe2010-07-05 15:29:47 0 d-----w- c:\program files\ESET2010-07-04 22:28:44 0 d-sha-r- C:\cmdcons2010-07-04 22:26:04 98816 ----a-w- c:\windows\sed.exe2010-07-04 22:26:04 77312 ----a-w- c:\windows\MBR.exe2010-07-04 22:26:04 256512 ----a-w- c:\windows\PEV.exe2010-07-04 22:26:04 161792 ----a-w- c:\windows\SWREG.exe2010-07-04 22:25:55 0 d-----w- C:\ComboFix2010-07-04 17:16:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-07-04 17:16:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-07-04 17:16:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-04 17:12:14 0 d-sh--w- c:\documents and settings\jon\IECompatCache2010-07-03 13:07:56 0 d-----w- c:\program files\CCleaner2010-07-02 17:18:14 763832 ----a-w- c:\windows\BDTSupport.dll.old2010-07-02 17:18:13 1652664 ----a-w- c:\windows\PCTBDCore.dll.old2010-07-02 17:14:55 0 d-----w- c:\program files\Spyware Doctor2010-07-02 15:07:09 382464 ------w- c:\windows\system32\_003357_.tmp.dll2010-07-02 15:07:08 2897920 ------w- c:\windows\system32\_003356_.tmp.dll2010-07-01 23:34:48 0 d-----w- c:\windows\pss2010-07-01 15:40:03 32424 ---ha-w- c:\windows\system32\mlfcache.dat2010-06-30 16:34:04 71040 ------w- c:\windows\system32\drivers\_003328_.tmp.dll2010-06-30 16:13:01 0 d-sh--w- c:\documents and settings\jon\PrivacIE2010-06-30 14:38:36 0 d-----w- c:\windows\system32\XPSViewer2010-06-30 14:37:15 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll2010-06-30 14:37:15 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe2010-06-30 14:37:15 117760 ------w- c:\windows\system32\prntvpt.dll2010-06-30 14:37:14 575488 ------w- c:\windows\system32\xpsshhdr.dll2010-06-30 14:37:14 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll2010-06-30 14:37:14 1676288 ------w- c:\windows\system32\xpssvcs.dll2010-06-30 14:37:14 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll2010-06-30 14:31:24 0 d-----w- c:\program files\MSXML 6.02010-06-30 13:14:59 0 d-sh--w- c:\documents and settings\jon\IETldCache2010-06-29 20:08:53 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll2010-06-29 20:08:53 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll2010-06-29 20:08:53 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2010-06-29 20:08:40 0 d-----w- c:\windows\ie8updates2010-06-29 20:08:27 41984 ------w- c:\windows\system32\dllcache\iecompat.dll2010-06-29 20:05:10 0 dc-h--w- c:\windows\ie82010-06-29 18:29:19 71040 ------w- c:\windows\system32\drivers\_003320_.tmp.dll2010-06-29 01:26:00 0 d-----w- c:\program files\WebEx2010-06-29 01:25:16 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys2010-06-29 01:25:08 25264 ----a-w- c:\windows\system32\drivers\purendis.sys2010-06-29 00:07:26 411 ----a-w- c:\documents and settings\jon\.js2010-06-19 20:19:53 0 ----a-w- c:\documents and settings\jon\tracert2010-06-16 16:50:30 0 d-----w- c:\program files\Linksys2010-06-15 17:46:37 0 d-----w- c:\windows\system32\scripting2010-06-15 17:46:36 0 d-----w- c:\windows\l2schemas2010-06-15 17:46:34 0 d-----w- c:\windows\system32\en2010-06-15 17:46:34 0 d-----w- c:\windows\system32\bits2010-06-15 17:34:59 71040 ------w- c:\windows\system32\drivers\_003082_.tmp.dll2010-06-15 17:31:24 0 d-----w- c:\windows\EHome==================== Find3M ====================2010-06-04 15:07:48 411368 ----a-w- c:\windows\system32\deployJava1.dll2010-05-14 14:40:47 81984 ----a-w- c:\windows\system32\bdod.bin2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe2010-05-04 17:20:33 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\dllcache\win32k.sys2010-05-02 05:56:34 1850880 ------w- c:\windows\system32\_003315_.tmp.dll2010-05-02 05:56:34 1850880 ------w- c:\windows\system32\_003301_.tmp.dll2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll2010-04-20 05:51:20 285696 ------w- c:\windows\system32\dllcache\atmfd.dll2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe2010-01-27 17:49:18 88 --sh--r- c:\windows\system32\2D2C236A3D.sys2010-01-27 17:50:09 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys============= FINISH: 11:16:15.67 ===============Thank You!!!!!!!! Link to post Share on other sites More sharing options...
kahdah Posted July 6, 2010 ID:280249 Share Posted July 6, 2010 You are welcome.Please uninstall Adobe reader.You can install the newest version from here > http://get.adobe.com/reader/=======Cleanup======= Click START then RUN Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.===============Update Java===============Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.Scroll down to where it says "(JRE) then click on itClick the "Download" button to the right.Select your Platform: "Windows".Select your Language: "Multi-language".Read the License Agreement, and then check the box that says: "Accept License Agreement".Click Continue and the page will refresh.Click on the link to download Windows Offline Installation and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version. Delete\uninstall anything else that we have used that is leftover.=====================================After that your all set. The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes. If your computer is slow Is a tutorial on what you can do if your computer is slow.File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc... Link to post Share on other sites More sharing options...
Recommended Posts