Jump to content

Recommended Posts

NOTE - I posted this on the general board, but realized afterward that I should have posted here instead. My apologies for the double post.

If anyone could help it would be much appreciated. Dell Laptop. I've gotten some virus while on the internet and I now cannot open any internet browsers (chrome, IE8, Firefox). (My internet connection is fine...I can get on the internet with other laptop.) At first, I could open IE8 (and get to any website) only in safe mode. HOwever, I've tried all types of things trying to fix this over the last 2 days, and now I cannot get on the internet even in safe mode. (I'm using another computer to post everything.) I've tried scanning with malwarebytes Pro, Avast AV (including boot scan), Spyware Doctor, SuperAntiSpyware, etc.), but nothing has picked it up. Any help in removing this thing would be much appreciated.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Administrator at 20:18:26.07 on Fri 01/21/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.572 [GMT -6:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\CCM\CcmExec.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\userinit.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

D:\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\u8igr4kj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\u8igr4kj.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\np_IEGetPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-8-27 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-8-27 188168]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-12-18 28552]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-1-20 218592]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-1-20 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-1-20 59664]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-8-27 99280]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-8-27 312912]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-1 165456]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-1-20 233136]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-15 95024]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-1 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-1 40384]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2011-1-20 112592]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-5-24 363344]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2011-1-20 366840]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-1 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-1 40384]

R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 2944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-5-24 20952]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 dne20000;dne20000;c:\windows\system32\drivers\dne20000.sys --> c:\windows\system32\drivers\dne20000.sys [?]

S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]

S2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-8-27 119200]

S3 4d52;4d52;c:\windows\system32\4d52.sys [2010-12-18 185824]

S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-1-20 63360]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2011-1-20 1142224]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-1-20 33552]

S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2011-01-22 01:22:14 98816 ----a-w- c:\windows\sed.exe

2011-01-22 01:22:14 89088 ----a-w- c:\windows\MBR.exe

2011-01-22 01:22:14 256512 ----a-w- c:\windows\PEV.exe

2011-01-22 01:22:14 161792 ----a-w- c:\windows\SWREG.exe

2011-01-21 05:46:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-01-21 05:46:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-01-21 05:46:02 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-01-21 05:44:56 767952 ----a-w- c:\windows\BDTSupport.dll

2011-01-21 05:44:54 1652688 ----a-w- c:\windows\PCTBDCore.dll

2011-01-21 05:44:54 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-01-21 05:44:53 165840 ----a-w- c:\windows\PCTBDRes.dll

2011-01-21 05:41:03 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-01-21 05:40:50 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-01-21 05:40:50 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-01-21 05:40:01 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-01-21 05:39:24 -------- d-----w- c:\program files\common files\PC Tools

2011-01-21 05:39:22 -------- d-----w- c:\docume~1\admini~1\applic~1\PC Tools

2011-01-21 04:34:44 2321288 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-01-21 04:34:38 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{7e88ef82-14c4-4a2c-869b-c252b2dc3df2}\mpengine.dll

2011-01-21 04:34:36 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-21 03:32:30 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-01-21 03:32:30 -------- d-----w- c:\windows\system32\wbem\Repository

2011-01-20 23:00:22 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-31 20:44:07 -------- d-----w- C:\Combox

2010-12-30 00:14:06 -------- d-----w- c:\program files\Security Task Manager

2010-12-30 00:01:04 281600 -c--a-w- c:\windows\system32\dllcache\atimtai.sys

2010-12-30 00:01:03 75136 -c--a-w- c:\windows\system32\dllcache\atimpae.sys

2010-12-30 00:01:02 289664 -c--a-w- c:\windows\system32\dllcache\atimpab.sys

2010-12-30 00:01:01 37376 -c--a-w- c:\windows\system32\dllcache\atievxx.exe

2010-12-30 00:00:59 268160 -c--a-w- c:\windows\system32\dllcache\atidvai.dll

2010-12-30 00:00:58 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll

2010-12-30 00:00:57 382592 -c--a-w- c:\windows\system32\dllcache\atidrab.dll

2010-12-30 00:00:56 46464 -c--a-w- c:\windows\system32\dllcache\atibt829.sys

2010-12-30 00:00:39 77568 -c--a-w- c:\windows\system32\dllcache\ati.sys

2010-12-30 00:00:38 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll

2010-12-30 00:00:26 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys

2010-12-30 00:00:14 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys

2010-12-30 00:00:12 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys

2010-12-30 00:00:08 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys

2010-12-30 00:00:05 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys

2010-12-30 00:00:03 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys

2010-12-29 23:59:18 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2010-12-29 23:59:12 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys

2010-12-29 23:59:10 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys

2010-12-29 23:59:08 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys

2010-12-29 23:59:07 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys

2010-12-29 23:59:06 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys

2010-12-29 23:59:05 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys

2010-12-29 23:59:00 61440 -c--a-w- c:\windows\system32\dllcache\acerscad.dll

2010-12-29 23:57:19 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-12-29 23:57:11 2188928 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe

==================== Find3M ====================

2010-12-18 19:26:46 185824 ----a-w- c:\windows\system32\4d52.sys

============= FINISH: 20:19:50.48 ===============

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5563

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/21/2011 9:00:27 AM

mbam-log-2011-01-21 (09-00-27).txt

Scan type: Quick scan

Objects scanned: 155490

Time elapsed: 16 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please go to VirusTotal, and upload the following file for analysis:

c:\windows\system32\4d52.sys

Post the results in your reply.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please go to VirusTotal, and upload the following file for analysis:

c:\windows\system32\4d52.sys

Post the results in your reply.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Thanks for the reply. Below is the result from virustotal for the file above. I will run combofix tonite and post the log tomorrow morning. Thanks again.

MD5: 81991464af9c6eba9d0d4bfe066c9189

Date first seen: 2009-02-23 09:01:26 (UTC)

Date last seen: 2010-12-04 13:51:31 (UTC)

Detection ratio: 2/43

Link to post
Share on other sites

Thanks. I'm still waiting on the results of the file from virustotal.com. (They seem to be really backed up right now....FWIW, I sent the sample to avira's online analyzer, and it came back clean.)

Below is the combofix log.

ComboFix 11-01-21.03 - Administrator 01/22/2011 1:29.11.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.723 [GMT -6:00]

Running from: c:\documents and settings\Administrator\Desktop\Combinationanan.exe

AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))

.

2011-01-21 05:46 . 2010-02-02 15:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-01-21 05:46 . 2010-02-02 15:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-01-21 05:46 . 2010-02-02 15:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-01-21 05:44 . 2010-01-22 15:55 767952 ----a-w- c:\windows\BDTSupport.dll

2011-01-21 05:44 . 2010-01-22 15:56 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-01-21 05:44 . 2010-01-22 15:56 1652688 ----a-w- c:\windows\PCTBDCore.dll

2011-01-21 05:44 . 2010-01-22 15:56 165840 ----a-w- c:\windows\PCTBDRes.dll

2011-01-21 05:41 . 2010-02-05 15:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-01-21 05:40 . 2010-03-29 16:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-01-21 05:40 . 2009-11-23 19:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-01-21 05:40 . 2010-04-08 20:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-01-21 05:39 . 2011-01-21 05:45 -------- d-----w- c:\program files\Common Files\PC Tools

2011-01-21 05:39 . 2011-01-21 05:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools

2011-01-21 04:34 . 2007-03-09 17:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-01-21 04:34 . 2010-11-16 18:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{7E88EF82-14C4-4A2C-869B-C252B2DC3DF2}\mpengine.dll

2011-01-21 04:34 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-21 04:32 . 2011-01-21 04:32 -------- d-----w- c:\program files\Windows Defender

2011-01-21 03:32 . 2011-01-21 03:32 -------- d-----w- c:\windows\system32\wbem\Repository

2011-01-20 23:00 . 2011-01-20 23:00 -------- d-----w- c:\documents and settings\ctanner\Application Data\SUPERAntiSpyware.com

2011-01-20 23:00 . 2011-01-21 03:29 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-01-05 16:45 . 2011-01-05 16:47 -------- d-----w- c:\documents and settings\ctanner\Application Data\ImgBurn

2010-12-31 20:44 . 2010-12-31 20:59 -------- d-----w- C:\Combox

2010-12-30 00:14 . 2010-12-30 00:14 -------- d-----w- c:\program files\Security Task Manager

2010-12-30 00:01 . 2001-08-17 18:48 281600 -c--a-w- c:\windows\system32\dllcache\atimtai.sys

2010-12-30 00:01 . 2001-08-17 18:49 75136 -c--a-w- c:\windows\system32\dllcache\atimpae.sys

2010-12-30 00:01 . 2001-08-17 18:48 289664 -c--a-w- c:\windows\system32\dllcache\atimpab.sys

2010-12-30 00:01 . 2001-08-18 04:36 37376 -c--a-w- c:\windows\system32\dllcache\atievxx.exe

2010-12-30 00:00 . 2001-08-17 20:56 268160 -c--a-w- c:\windows\system32\dllcache\atidvai.dll

2010-12-30 00:00 . 2001-08-17 20:56 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll

2010-12-30 00:00 . 2001-08-17 20:55 382592 -c--a-w- c:\windows\system32\dllcache\atidrab.dll

2010-12-30 00:00 . 2001-08-17 18:49 46464 -c--a-w- c:\windows\system32\dllcache\atibt829.sys

2010-12-30 00:00 . 2001-08-17 19:57 77568 -c--a-w- c:\windows\system32\dllcache\ati.sys

2010-12-30 00:00 . 2001-08-17 20:55 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll

2010-12-30 00:00 . 2001-08-17 18:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys

2010-12-30 00:00 . 2001-08-17 19:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys

2010-12-30 00:00 . 2004-08-04 04:31 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys

2010-12-30 00:00 . 2001-08-17 18:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys

2010-12-30 00:00 . 2001-08-17 19:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys

2010-12-30 00:00 . 2001-08-17 18:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys

2010-12-29 23:59 . 2001-08-17 18:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2010-12-29 23:59 . 2004-08-04 04:32 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys

2010-12-29 23:59 . 2001-08-17 18:19 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys

2010-12-29 23:59 . 2001-08-17 18:19 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys

2010-12-29 23:59 . 2001-08-17 18:19 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys

2010-12-29 23:59 . 2001-08-17 18:11 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys

2010-12-29 23:59 . 2001-08-17 19:53 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys

2010-12-29 23:59 . 2001-08-18 04:36 61440 -c--a-w- c:\windows\system32\dllcache\acerscad.dll

2010-12-29 23:57 . 2001-08-17 20:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-12-29 23:57 . 2008-04-13 20:27 2188928 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-21 00:09 . 2009-05-24 21:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 00:08 . 2009-05-24 21:09 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys

2010-12-18 19:26 . 2010-12-18 19:26 185824 ----a-w- c:\windows\system32\4d52.sys

2010-03-11 05:01 . 2010-03-11 05:01 124272 -c--a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2010-03-11 05:40 . 2010-03-11 05:40 13168 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2010-03-11 05:02 . 2010-03-11 05:02 70512 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2010-03-11 05:01 . 2010-03-11 05:01 91504 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2010-03-11 05:01 . 2010-03-11 05:01 22384 -c--a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2010-03-11 05:00 . 2010-03-11 05:00 255344 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2010-03-11 05:01 . 2010-03-11 05:01 31088 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2010-03-11 05:01 . 2010-03-11 05:01 40304 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 23:39 . 2007-06-21 23:39 34376 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll

2009-10-05 18:49 . 2009-10-05 18:49 652640 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2010-03-11 05:02 . 2010-03-11 05:02 23920 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

((((((((((((((((((((((((((((( SnapShot_2011-01-22_01.30.20 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-08-11 22:00 . 2011-01-22 00:52 81564 c:\windows\system32\perfc009.dat

+ 2004-08-11 22:00 . 2011-01-22 07:30 81564 c:\windows\system32\perfc009.dat

+ 2004-08-11 22:00 . 2011-01-22 07:30 470446 c:\windows\system32\perfh009.dat

- 2004-08-11 22:00 . 2011-01-22 00:52 470446 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]

@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"

[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]

2010-06-28 20:59 153184 -c----w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-21 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]

[bU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]

backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ctanner^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]

backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ctanner^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]

backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ctanner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ctanner^Start Menu^Programs^Startup^VZAccess Manager.lnk]

backup=c:\windows\pss\VZAccess Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2008-06-12 03:43 640376 -c--a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2008-06-12 07:25 37232 -c--a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2009-02-22 19:45 2272592 -c--a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2007-01-25 07:34 159744 -c--a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]

2010-03-11 05:21 300400 -c--a-w- c:\program files\Citrix\ICA Client\concentr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]

2005-01-07 22:30 864256 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-01 06:39 1164584 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]

2007-04-16 12:33 259624 -c--a-w- c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

c:\documents and settings\ctanner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-05-18 16:45 162584 -c--a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-05-18 16:45 138008 -c--a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InnoSetupRegFile.0000000001]

2010-06-10 19:02 673280 -c--a-w- c:\windows\is-UHIIC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2008-10-24 15:14 206112 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2006-09-11 09:40 218032 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2008-10-24 15:14 79136 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2010-08-06 09:08 118784 -c--a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-05-18 16:45 138008 -c--a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 16:17 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 14:03 210472 -c--a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue ProcessQuickLink 2]

2008-04-02 14:50 655640 -c--a-w- c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide

"BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

"Intuit SyncManager"=c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

"SetDefPrt"=c:\program files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"SetDefPrt"=c:\program files\Brother\Brmfl04g\BrStDvPt.exe

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"ControlCenter2.0"=c:\program files\Brother\ControlCenter2\brctrcen.exe /autorun

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [8/27/2010 8:54 AM 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [8/27/2010 8:54 AM 188168]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/20/2011 11:40 PM 218592]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [8/27/2010 8:55 AM 99280]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [1/20/2011 11:41 PM 233136]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/15/2010 4:10 PM 95024]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/20/2011 11:39 PM 366840]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/18/2010 12:04 PM 28552]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [1/20/2011 11:46 PM 51984]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [1/20/2011 11:46 PM 59664]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/27/2010 8:55 AM 312912]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/1/2010 11:09 AM 165456]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [10/5/2009 9:08 AM 65584]

S1 dne20000;dne20000;c:\windows\system32\drivers\dne20000.sys --> c:\windows\system32\drivers\dne20000.sys [?]

S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2/15/2007 6:00 AM 26624]

S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/1/2010 11:09 AM 17744]

S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [8/27/2010 8:54 AM 119200]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/20/2011 11:44 PM 112592]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/24/2009 3:09 PM 363344]

S3 4d52;4d52;c:\windows\system32\4d52.sys [12/18/2010 1:26 PM 185824]

S3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2/7/2007 6:00 AM 2944]

S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/24/2009 3:09 PM 20952]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [1/20/2011 11:40 PM 63360]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [1/20/2011 11:46 PM 33552]

S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 -c--a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

2011-01-22 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-08-05 20:35]

2011-01-22 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-04-07 15:32]

2011-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839226555-3087413164-898873432-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-21 04:52]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839226555-3087413164-898873432-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-21 04:52]

2011-01-22 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]

2011-01-22 c:\windows\Tasks\User_Feed_Synchronization-{9669E991-0014-4CB9-AB0F-920A7BD1333D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

2011-01-22 c:\windows\Tasks\User_Feed_Synchronization-{E0FBDF09-55DC-4335-A802-803774F586E0}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u8igr4kj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-22 01:36

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2839226555-3087413164-898873432-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,90,6d,5a,4c,c2,d4,48,9d,0d,56,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,f4,83,8f,6d,f1,34,41,a7,e6,d0,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1564)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

.

Completion time: 2011-01-22 01:38:31

ComboFix-quarantined-files.txt 2011-01-22 07:38

ComboFix2.txt 2011-01-22 01:32

ComboFix3.txt 2010-12-31 23:46

ComboFix4.txt 2010-12-31 20:30

ComboFix5.txt 2011-01-22 07:28

Pre-Run: 17,399,087,104 bytes free

Post-Run: 17,373,855,744 bytes free

- - End Of File - - D2B7146E4B8A5E7CAD224E84246C2DF9

Link to post
Share on other sites

File name: 4d52.sys

Submission date: 2011-01-22 19:43:59 (UTC)

Current status: finished

Result: 0/ 42 (0.0%)

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.01.18.00 2011.01.17 -

AntiVir 7.11.1.216 2011.01.21 -

Antiy-AVL 2.0.3.7 2011.01.18 -

Avast 4.8.1351.0 2011.01.22 -

Avast5 5.0.677.0 2011.01.22 -

AVG 10.0.0.1190 2011.01.22 -

BitDefender 7.2 2011.01.22 -

CAT-QuickHeal 11.00 2011.01.22 -

ClamAV 0.96.4.0 2011.01.22 -

Commtouch 5.2.11.5 2011.01.22 -

Comodo 7472 2011.01.22 -

DrWeb 5.0.2.03300 2011.01.22 -

Emsisoft 5.1.0.1 2011.01.22 -

eTrust-Vet 36.1.8115 2011.01.21 -

F-Prot 4.6.2.117 2011.01.22 -

F-Secure 9.0.16160.0 2011.01.22 -

Fortinet 4.2.254.0 2011.01.22 -

GData 21 2011.01.22 -

Ikarus T3.1.1.97.0 2011.01.22 -

Jiangmin 13.0.900 2011.01.22 -

K7AntiVirus 9.77.3618 2011.01.22 -

Kaspersky 7.0.0.125 2011.01.22 -

McAfee 5.400.0.1158 2011.01.22 -

McAfee-GW-Edition 2010.1C 2011.01.22 -

Microsoft 1.6502 2011.01.22 -

NOD32 5809 2011.01.22 -

Norman 6.06.12 2011.01.22 -

nProtect 2011-01-18.01 2011.01.18 -

Panda 10.0.2.7 2011.01.22 -

PCTools 7.0.3.5 2011.01.22 -

Prevx 3.0 2011.01.23 -

Rising 23.41.05.03 2011.01.22 -

Sophos 4.61.0 2011.01.22 -

SUPERAntiSpyware 4.40.0.1006 2011.01.22 -

Symantec 20101.3.0.103 2011.01.22 -

TheHacker 6.7.0.1.118 2011.01.21 -

TrendMicro 9.120.0.1004 2011.01.22 -

TrendMicro-HouseCall 9.120.0.1004 2011.01.22 -

VBA32 3.12.14.3 2011.01.21 -

VIPRE 8160 2011.01.23 -

ViRobot 2011.1.22.4269 2011.01.22 -

VirusBuster 13.6.159.2 2011.01.22 -

Additional information

Show all

MD5 : 81991464af9c6eba9d0d4bfe066c9189

SHA1 : 072582e7c506b2021c2b03f09b1f2e49c7d25335

SHA256: f11a2423b2682b4ecd1ff888f5139ac1b15c92a68a4c9d21e82d005437a95c84

NEW DDS LOG

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 1/31/2010 7:24:59 PM

System Uptime: 1/22/2011 5:33:44 PM (1 hours ago)

Motherboard: Dell Inc. | | 0KU184

Processor: Intel® Core2 Duo CPU T7100 @ 1.80GHz | Microprocessor | 1795/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 16.167 GiB free.

D: is Removable

F: is CDROM (CDFS)

G: is CDROM (CDFS)

H: is Removable

I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

==== System Restore Points ===================

RP1: 1/21/2011 7:36:26 PM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat 9 Pro - English, Fran

Link to post
Share on other sites

  • Staff

Hi,

You posted Attach.txt from DDS instead of DDS.txt; please be sure to follow directions exactly as written..

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Thanks. I've done both scans. Still not able to get on internet.

ESET

C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.dll.vir Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.vir Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettingsRes409.dll.vir Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\MVwHNqru.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\MVwHNqru.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

Results of screen317's Security Check version 0.99.8

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

avast! Internet Security

ESET Online Scanner v3

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Adobe Flash Player

Mozilla Firefox (3.0.8) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Windows Defender MsMpEng.exe

Alwil Software Avast5 afwServ.exe

Alwil Software Avast5 AvastSvc.exe

``````````End of Log````````````

Link to post
Share on other sites

Sorry -didn't include the full ESET log in previous post. Here is the full ESET log. Thks.

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internet# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=b47b46b2c8bbd94c985b115a32c2e0fd

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-01-23 05:44:39

# local_time=2011-01-22 11:44:39 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=770 16774141 100 97 0 71540761 0 0

# compatibility_mode=2560 16777175 100 0 0 0 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=180721

# found=5

# cleaned=5

# scan_time=8987

C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.dll.vir Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.vir Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettingsRes409.dll.vir Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\MVwHNqru.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\MVwHNqru.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.