DSLKSL Posted February 26, 2011 ID:393616 Share Posted February 26, 2011 Hello all,I have read you pinned topics but I am still unsure where to post my Hijackthis log. I have a Dell Work laptop with McAffee entrprize on it. I have ran the full paid version of Malwarebytes and McAffee puls couterspy in safe mode nothing reports back now I did have Malware find and delete this a few days ago:Registry Data Items Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Form then everything reports clean. But I keep sending spam to myself and other in my Yahoo mail accout.Here is the Hijackthis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:50:34 AM, on 2/26/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17095)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exec:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exeC:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exeC:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exeC:\Altiris\AClient\AClient.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\mfevtps.exeC:\WINDOWS\system32\sessmgr.exeC:\Siemens\Step7\S7bin\s7asysvx.exeC:\Siemens\Common\S7IEPG\s7oiehsx.exeC:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exeC:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exeC:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exeC:\TwinCAT\EventLogger\TcEventLogger.exeC:\TwinCAT\TCATSysSrv.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Siemens\Common\sws\almsrv\almsrvx.exeC:\WINDOWS\system32\CCM\CcmExec.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.ExeC:\WINDOWS\system32\AESTFltr.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\DellTPad\Apoint.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\IDT\WDM\sttray.exeC:\Altiris\AClient\AClntUsr.EXEC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files\DellTPad\HidFind.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\McAfee\Common Framework\udaterui.exeC:\Program Files\DellTPad\Apntex.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\Brother\ControlCenter2\brctrcen.exeC:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exeC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\Brother\Brmfcmon\BrMfimon.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/default.aspxR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/default.aspxR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/default.aspxR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Husky I.M.S.R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = bolproxy:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.husky;10.*;192.168.*;*.huskyims.com;*.huskydmz.com;huskyftp.husky.ca;shows.husky.ca;<local>O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlgO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietO4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,StartO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exeO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeO4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exeO4 - HKLM\..\Run: [backgroundInfo] C:\BGInfo\bginfo.exe /timer:0 /iC:\BGInfo\ImageBuild.bgiO4 - HKLM\..\Run: [AClntUsr] C:\Altiris\AClient\AClntUsr.EXEO4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [QPMEnroll] C:\WINDOWS\system32\QPMEnroll.exeO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeO4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exeO4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exeO4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorunO4 - HKLM\..\Run: [sBAMTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - .DEFAULT User Startup: OutlookSetup.bat (User 'Default user')O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: Bluetooth.lnk = ?O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exeO4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://boltweb1/default.aspxO16 - DPF: {11D0B8B2-2343-46B4-872E-31AE26279168} (HuskyMobileService23.ChangeMS23) - http://boltonesr3/WebAccess/E-ServiceRemote/ESR21/E-ServiceRemote/EndUser/ASP/HuskyMobileService23.CABO16 - DPF: {14E13B79-0055-434A-8E90-9D0A21B76529} (BESRemoteClient.JobSheet) - http://boltonesr3/WebAccess/E-ServiceRemote/ESR21/E-ServiceRemote/EndUser/ASP/BESRemoteClient.CABO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {48E59293-9880-11CF-9754-00AA00C00908} (Microsoft Internet Transfer Control 6.0 (SP4)) - http://boltonesr3/esrgetput/BESRemoteClient.CABO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T27LC/webex/ieatgpc.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.huskyims.comO17 - HKLM\Software\..\Telephony: DomainName = corp.huskyims.comO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.huskyims.comO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.huskyims.comO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Altiris\AClient\AClient.exeO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeO23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Siemens\Common\sws\almsrv\almsrvx.exeO23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exeO23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exeO23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exeO23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exeO23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exeO23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeO23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeO23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7\S7bin\s7asysvx.exeO23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Siemens\Common\S7IEPG\s7oiehsx.exeO23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exeO23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exeO23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exeO23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exeO23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exeO23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exeO23 - Service: TcEventLogger - Unknown owner - C:\TwinCAT\EventLogger\TcEventLogger.exeO23 - Service: TwinCAT System Service - BECKHOFF Automation - C:\TwinCAT\TCATSysSrv.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXEO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 16185 bytesCan any one help Please. Link to post Share on other sites More sharing options...
Maniac Posted February 26, 2011 ID:393778 Share Posted February 26, 2011 Hello DSLKSL! Welcome to Malwarebytes' Anti-Malware Forums!My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following: The process of cleaning your system may take some time, so please be patient.Follow my instructions step by step if there is a problem somewhere, stop and tell me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!If you don't know or can't understand something please ask. Do not install or uninstall any software or hardware, while work on.Keep me informed about any changes.Post all of your log files, don't attach them.Step 1Launch Malwarebytes' Anti-MalwareGo to Update" tab and select Check for Updates.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.Step 2Download DDS and save it to your desktop from here or here .Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt[*]Save both reports to your desktop. Post them back to your topic.In your next reply, please post the following logs:Malwarebytes' Anti-Malware logDDS log with Attach.txt Link to post Share on other sites More sharing options...
DSLKSL Posted February 27, 2011 Author ID:393857 Share Posted February 27, 2011 Thank you for yout help, here are the files as requested:DDS.zipAttach.zipmbam-log-2011-02-26 (19-41-16).zip Link to post Share on other sites More sharing options...
Maniac Posted February 27, 2011 ID:393972 Share Posted February 27, 2011 Post all of your log files, don't attach them. Link to post Share on other sites More sharing options...
DSLKSL Posted February 27, 2011 Author ID:394119 Share Posted February 27, 2011 Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5882Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.132/26/2011 7:41:16 PMmbam-log-2011-02-26 (19-41-16).txtScan type: Quick scanObjects scanned: 168402Time elapsed: 16 minute(s), 11 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXDDS (Ver_10-12-12.02) - NTFSx86 Run by dolane at 21:48:50.84 on Sat 02/26/2011Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2792 [GMT -5:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\savedump.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exesvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exec:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exeC:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exeC:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exesvchost.exeC:\Altiris\AClient\AClient.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\mfevtps.exeC:\WINDOWS\system32\sessmgr.exeC:\Siemens\Step7\S7bin\s7asysvx.exeC:\Siemens\Common\S7IEPG\s7oiehsx.exeC:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exeC:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exeC:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\TwinCAT\EventLogger\TcEventLogger.exeC:\TwinCAT\TCATSysSrv.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Siemens\Common\sws\almsrv\almsrvx.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\CCM\CcmExec.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exeC:\WINDOWS\system32\msiexec.exeC:\WINDOWS\Explorer.EXEC:\Program Files\COMODO\COMODO System-Cleaner\Updater.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.ExeC:\WINDOWS\system32\AESTFltr.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\DellTPad\Apoint.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\IDT\WDM\sttray.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Altiris\AClient\AClntUsr.EXEC:\Program Files\DellTPad\HidFind.exeC:\Program Files\DellTPad\Apntex.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\McAfee\Common Framework\udaterui.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\Brother\ControlCenter2\brctrcen.exeC:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\dumprep.exe\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXEC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exeC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\Brother\Brmfcmon\BrMfimon.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\Documents and Settings\dolane\Desktop\dds.scr============== Pseudo HJT Report ===============uWindow Title = Microsoft Internet Explorer provided by Husky I.M.S.uStart Page = hxxp://intranet/default.aspxuDefault_Page_URL = hxxp://intranet/default.aspxmDefault_Page_URL = hxxp://intranet/default.aspxuInternet Settings,ProxyServer = bolproxy:8080uInternet Settings,ProxyOverride = *.husky;10.*;192.168.*;*.huskyims.com;*.huskydmz.com;huskyftp.husky.ca;shows.husky.ca;<local>BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlgmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installquietmRun: [NVHotkey] rundll32.exe nvHotkey.dll,StartmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [Apoint] c:\program files\delltpad\Apoint.exemRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exemRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exemRun: [backgroundInfo] c:\bginfo\bginfo.exe /timer:0 /ic:\bginfo\ImageBuild.bgimRun: [AClntUsr] c:\altiris\aclient\AClntUsr.EXEmRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exemRun: [QPMEnroll] c:\windows\system32\QPMEnroll.exemRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKeymRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONEmRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exemRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -bootmRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exemRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exemRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorunmRun: [sBAMTray] "c:\program files\sunbelt software\counterspy\SBAMTray.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exeuPolicies-explorer: NoWindowsUpdate = 1 (0x1)uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)mPolicies-explorer: NoWelcomeScreen = 1 (0x1)mPolicies-explorer: NoPublishingWizard = 1 (0x1)mPolicies-explorer: NoWebServices = 1 (0x1)mPolicies-explorer: NoOnlinePrintsWizard = 1 (0x1)mPolicies-system: LogonType = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLDPF: {11D0B8B2-2343-46B4-872E-31AE26279168} - hxxp://boltonesr3/WebAccess/E-ServiceRemote/ESR21/E-ServiceRemote/EndUser/ASP/HuskyMobileService23.CABDPF: {14E13B79-0055-434A-8E90-9D0A21B76529} - hxxp://boltonesr3/WebAccess/E-ServiceRemote/ESR21/E-ServiceRemote/EndUser/ASP/BESRemoteClient.CABDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dllDPF: {48E59293-9880-11CF-9754-00AA00C00908} - hxxp://boltonesr3/esrgetput/BESRemoteClient.CABDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27LC/webex/ieatgpc.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cabNotify: ckpNotify - ckpNotify.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll============= SERVICES / DRIVERS ===============R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-6 343664]R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2011-1-7 911680]R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2010-12-9 66584]R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [2010-12-9 33232]R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-2-22 21464]R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-1-7 2480048]R2 almservice;Automation License Manager Service;c:\siemens\common\sws\almsrv\almsrvx.exe [2006-5-22 749630]R2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\comodo\comodo system-cleaner\Cleaner_Validator.exe [2010-12-9 305600]R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-5-24 36368]R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-7-31 808296]R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-7-31 21352]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-21 363344]R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-8-31 21256]R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-25 120128]R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-8-31 146448]R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-10-15 66880]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-6 70728]R2 MSSQL$SUNBELT;SQL Server (SUNBELT);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]R2 s7asysvx;S7 Global Services;c:\siemens\step7\s7bin\s7asysvx.exe [2011-2-24 69685]R2 s7oiehsx;SIMATIC IEPG Help Service;c:\siemens\common\s7iepg\s7oiehsx.exe [2007-7-4 213064]R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [2006-7-11 71168]R2 S7TraceServiceX;S7TraceServiceX;c:\program files\common files\siemens\automation\traceengine\bin\S7TraceServiceX.exe [2007-3-22 163840]R2 SBAMSvc;CounterSpy Antispyware;c:\program files\sunbelt software\counterspy\SBAMSvc.exe [2010-8-20 2763080]R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-2-22 69976]R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\counterspy\SBPIMSvc.exe [2010-8-20 181584]R2 scpdrv;scpdrv;c:\siemens\common\sws\plugins\scp\scpdrv.sys [2003-10-14 26944]R2 TcEventLogger;TcEventLogger;c:\twincat\eventlogger\TcEventLogger.exe [2009-4-29 245845]R2 TcIo;TwinCAT IO Server;c:\twincat\driver\TcIo.sys [2009-4-29 1004544]R2 TcNc;TwinCAT NC Server;c:\twincat\driver\TcNc.sys [2009-4-29 2540093]R2 TcPlc;TwinCAT IEC1131 Server;c:\twincat\driver\TcPlc.sys [2009-4-29 365132]R2 TcRouter;TwinCAT Router Server;c:\twincat\driver\TCRouter.sys [2009-4-29 193596]R2 TcRTime;TwinCAT Realtime Server;c:\twincat\driver\TCRtime.sys [2009-4-29 175161]R2 TwinCAT System Service;TwinCAT System Service;c:\twincat\TCATSysSrv.exe [2009-4-29 614460]R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2007-5-24 110032]R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2007-5-24 673456]R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-9-12 108160]R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-1-7 160288]R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-9-15 32808]R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-12 244368]R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2007-5-24 2234800]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-21 20952]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-6 91672]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-6 43288]R3 S7oserix;Siemens PC Serial Cable;c:\windows\system32\drivers\S7oserix.sys [2007-7-4 127544]S0 cerc6;cerc6; [x]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-6 65448]S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2011-1-10 54544]S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2011-1-10 22032]S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2011-1-10 160400]S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2011-1-10 12048]S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2011-1-10 160400]S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2011-1-10 115216]S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2011-1-10 160400]S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2011-1-10 160400]S3 s7oppinx;s7oppinx;c:\windows\system32\drivers\S7oppinx.sys [2007-7-4 90679]S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]=============== Created Last 30 ================2011-02-27 02:33:13 17740 ----a-w- c:\windows\cscmondump.bin2011-02-26 14:49:55 388096 ----a-r- c:\docume~1\dolane\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe2011-02-26 14:49:53 -------- d-----w- c:\program files\Trend Micro2011-02-26 14:13:41 -------- d-----w- c:\program files\COMODO2011-02-26 14:13:33 1700352 ----a-w- c:\windows\system32\gdiplus.dll2011-02-26 14:01:55 -------- d-----w- c:\docume~1\dolane\applic~1\RegistryKeys2011-02-25 14:22:25 -------- d-----w- c:\docume~1\dolane\applic~1\webex2011-02-25 14:18:03 -------- d-----w- c:\docume~1\dolane\locals~1\applic~1\Identities2011-02-25 13:40:59 -------- d-----w- c:\docume~1\dolane\applic~1\Windows Desktop Search2011-02-25 00:03:46 32768 ----a-w- c:\windows\system32\u7by01ax.dll2011-02-24 23:54:53 -------- d-----w- c:\program files\common files\Siemens2011-02-24 23:54:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Siemens2011-02-24 23:48:51 368912 ----a-w- c:\windows\system32\VBAR332.DLL2011-02-24 23:48:51 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL2011-02-24 23:48:50 1046288 ----a-w- c:\windows\system32\MSJET35.DLL2011-02-24 23:48:49 24848 ----a-w- c:\windows\system32\MSJTER35.DLL2011-02-24 23:48:48 570128 ----a-w- c:\program files\common files\microsoft shared\dao\DAO350.DLL2011-02-24 23:48:48 123664 ----a-w- c:\windows\system32\MSJINT35.DLL2011-02-24 23:38:18 -------- d-----w- c:\program files\common files\Binaries2011-02-24 23:38:16 -------- d-----w- c:\program files\SIEMENS2011-02-24 23:32:00 64432 ----a-w- c:\windows\system32\threed.vbx2011-02-24 23:32:00 5632 ----a-w- c:\windows\system32\mfcuia32.dll2011-02-24 23:32:00 4096 ----a-w- c:\windows\system32\mfcuiw32.dll2011-02-24 23:32:00 398416 ----a-w- c:\windows\system32\vbrun300.dll2011-02-24 23:32:00 166408 ----a-w- c:\windows\system32\MSMASK32.OCX2011-02-24 23:31:59 322832 ----a-w- c:\windows\system32\MFC30.DLL2011-02-24 23:31:59 133904 ----a-w- c:\windows\system32\MFCANS32.DLL2011-02-24 23:31:59 133392 ----a-w- c:\windows\system32\MFCO30.DLL2011-02-24 23:31:54 -------- d-----w- c:\windows\Setup2011-02-24 23:31:54 -------- d-----w- C:\Siemens2011-02-24 23:25:59 -------- d-----w- c:\windows\TempRASETUP2011-02-22 16:28:35 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys2011-02-22 16:28:35 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys2011-02-22 16:18:06 -------- d-----w- c:\program files\Sunbelt Software2011-02-22 15:42:48 -------- d-----w- C:\e2011-02-22 15:42:17 -------- d-----w- C:\Data2011-02-22 15:22:32 -------- d-----w- c:\docume~1\dolane\applic~1\Sunbelt2011-02-22 15:19:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt2011-02-22 15:16:17 -------- d-----w- c:\program files\MSXML 6.02011-02-22 15:13:52 -------- d-----w- c:\program files\Microsoft SQL Server2011-02-22 15:12:12 -------- d-----w- c:\docume~1\dolane\locals~1\applic~1\Sunbelt Software2011-02-22 03:49:04 210944 ------w- c:\windows\system32\Msvcrt10.dll2011-02-22 03:48:55 65536 ------w- c:\windows\system32\adistres.dll2011-02-22 03:48:55 20584 ------w- c:\windows\system32\PdfPorts.dll2011-02-22 03:48:41 225280 ------w- c:\program files\internet explorer\plugins\NPDocBox.dll2011-02-22 03:48:36 101200 ------w- c:\windows\system32\pdfshell.dll2011-02-22 03:26:22 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys2011-02-22 03:26:22 6784 ----a-w- c:\windows\system32\drivers\serscan.sys2011-02-22 03:24:59 147456 ----a-w- c:\windows\brunin03.dll2011-02-22 03:24:59 126976 ------w- c:\windows\system32\BrfxD04a.dll2011-02-22 03:24:59 -------- d-----w- c:\program files\Brother2011-02-22 03:22:10 221184 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll2011-02-22 03:22:09 53248 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll2011-02-22 03:22:09 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll2011-02-22 03:22:08 126976 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe2011-02-22 03:22:07 598016 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe2011-02-22 03:22:07 217088 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll2011-02-22 03:22:06 114688 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll2011-02-22 03:21:42 -------- d-----w- c:\program files\common files\ScanSoft Shared2011-02-22 03:21:34 -------- d-----w- c:\program files\ScanSoft2011-02-22 03:20:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Brother2011-02-21 16:29:55 -------- d-----w- c:\docume~1\dolane\applic~1\Malwarebytes2011-02-21 16:29:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-02-21 16:29:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2011-02-21 16:29:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-02-21 16:29:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-02-21 02:44:19 -------- d-----w- c:\program files\BurnSoft2011-02-21 02:43:12 -------- d-----w- C:\Burnsoftbackup2011-02-21 02:41:40 -------- d-----w- c:\program files\PROFIBUS Line diagnosis2011-02-21 02:40:42 -------- d-----w- C:\Baan E-ServiceRemote2.1==================== Find3M ====================2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll2011-01-16 13:12:46 2469728 ----a-w- c:\windows\system32\AutoPartNt.exe2011-01-12 19:23:48 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-01-12 19:23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll2011-01-06 16:00:07 5270099 ----a-w- c:\windows\FramePkg.exe2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe============= FINISH: 21:50:41.95 ===============XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXUNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-12-12.02)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 9/12/2008 12:14:53 PMSystem Uptime: 2/26/2011 9:43:47 PM (0 hours ago)Motherboard: Dell Inc. | | 0K672NProcessor: Intel Pentium III Xeon processor | Microprocessor | 2527/266mhz==== Disk Partitions ============================= Installed Programs ======================Acronis Link to post Share on other sites More sharing options...
Maniac Posted February 27, 2011 ID:394160 Share Posted February 27, 2011 **Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper. Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop** If you are using Firefox, make sure that your download settings are as follows: Open Tools -> Options -> Main tab Set to Always ask me where to Save the files. [*]During the download, rename Combofix to Combo-Fix as follows: [*]It is important you rename Combofix during the download, but not after. [*]Please do not rename Combofix to other names, but only to the one indicated. [*]Close any open browsers. [*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results. Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. ---------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\Combo-Fix.txt for further review. **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall** Link to post Share on other sites More sharing options...
DSLKSL Posted February 28, 2011 Author ID:394192 Share Posted February 28, 2011 I can't shut down McAffee it is asking me for a password. I have shut down everything else and downloade Combo-Fix to my desk top but have not ran it yet. Is there a way around the McAffee password? Link to post Share on other sites More sharing options...
Maniac Posted February 28, 2011 ID:394262 Share Posted February 28, 2011 Check this out:https://community.mcafee.com/docs/DOC-1245 Link to post Share on other sites More sharing options...
DSLKSL Posted February 28, 2011 Author ID:394435 Share Posted February 28, 2011 I have read the post you gave me and tried what it said but no luck on the password. I have aske dmy IT department for the password but they may not give it up. There soultion is to send me a new imaged drive and then I transfer all my personal files. That does'nt work if the persomal files are bad. Link to post Share on other sites More sharing options...
Maniac Posted February 28, 2011 ID:394451 Share Posted February 28, 2011 Let's make a additional scan to be sure that your personal data is not infected. ESET Online ScannerNote: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install.Now click on Advanced Settings and select the following:Remove found threatsScan archivesScan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first![*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.[*]Copy and paste that log as a reply to this topic.Note: Do not forget to re-enable your Anti-Virus application after running the above scan! Link to post Share on other sites More sharing options...
DSLKSL Posted March 1, 2011 Author ID:394646 Share Posted March 1, 2011 Ok, IT gave me the password I ran combo fix like you asked here is the txt file. Once again thank you for your help.ComboFix 11-02-28.02 - dolane 02/28/2011 20:31:14.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2788 [GMT -5:00]Running from: c:\documents and settings\dolane\Desktop\Combo-Fix.exeAV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\datac:\data\3ibaib_o\us_sres.datac:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datc:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datc:\windows\cscmondump.bin----- BITS: Possible infected sites -----hxxp://milwsus01.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_Security((((((((((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 ))))))))))))))))))))))))))))))).2011-02-28 10:32 . 2011-02-28 10:32 -------- d-----w- C:\Removal2011-02-26 14:49 . 2011-02-26 14:49 388096 ----a-r- c:\documents and settings\dolane\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-02-26 14:49 . 2011-02-26 14:49 -------- d-----w- c:\program files\Trend Micro2011-02-26 14:13 . 2011-02-26 14:13 -------- d-----w- c:\program files\COMODO2011-02-26 14:13 . 2011-02-26 14:13 1700352 ----a-w- c:\windows\system32\gdiplus.dll2011-02-26 14:01 . 2011-02-26 14:01 -------- d-----w- c:\documents and settings\dolane\Application Data\RegistryKeys2011-02-25 14:22 . 2011-02-25 21:32 -------- d-----w- c:\documents and settings\dolane\Application Data\webex2011-02-25 14:18 . 2011-02-25 14:18 -------- d-----w- c:\documents and settings\dolane\Local Settings\Application Data\Identities2011-02-25 13:40 . 2011-02-25 13:40 -------- d-----w- c:\documents and settings\dolane\Application Data\Windows Desktop Search2011-02-25 00:03 . 2011-02-25 00:03 32768 ----a-w- c:\windows\system32\u7by01ax.dll2011-02-24 23:54 . 2011-02-24 23:54 -------- d-----w- c:\program files\Common Files\Siemens2011-02-24 23:54 . 2011-02-24 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Siemens2011-02-24 23:48 . 2005-03-02 23:39 368912 ----a-w- c:\windows\system32\VBAR332.DLL2011-02-24 23:48 . 2005-03-02 23:39 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL2011-02-24 23:48 . 2005-03-02 23:39 1046288 ----a-w- c:\windows\system32\MSJET35.DLL2011-02-24 23:48 . 2005-03-02 23:39 24848 ----a-w- c:\windows\system32\MSJTER35.DLL2011-02-24 23:48 . 2005-03-02 23:39 123664 ----a-w- c:\windows\system32\MSJINT35.DLL2011-02-24 23:48 . 2005-03-02 23:39 570128 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL2011-02-24 23:38 . 2011-02-24 23:38 -------- d-----w- c:\program files\Common Files\Binaries2011-02-24 23:38 . 2011-02-24 23:38 -------- d-----w- c:\program files\SIEMENS2011-02-24 23:32 . 1999-05-07 17:24 166408 ----a-w- c:\windows\system32\MSMASK32.OCX2011-02-24 23:32 . 1995-08-24 14:50 5632 ----a-w- c:\windows\system32\mfcuia32.dll2011-02-24 23:32 . 1995-08-24 14:50 4096 ----a-w- c:\windows\system32\mfcuiw32.dll2011-02-24 23:32 . 1994-12-22 13:00 398416 ----a-w- c:\windows\system32\vbrun300.dll2011-02-24 23:32 . 1993-07-16 20:28 64432 ----a-w- c:\windows\system32\threed.vbx2011-02-24 23:31 . 1995-11-20 13:49 322832 ----a-w- c:\windows\system32\MFC30.DLL2011-02-24 23:31 . 1995-08-24 14:50 133904 ----a-w- c:\windows\system32\MFCANS32.DLL2011-02-24 23:31 . 1995-05-19 23:53 133392 ----a-w- c:\windows\system32\MFCO30.DLL2011-02-24 23:31 . 2011-02-25 00:02 -------- d-----w- c:\windows\Setup2011-02-24 23:31 . 2011-02-24 23:37 -------- d-----w- C:\Siemens2011-02-24 23:25 . 2011-02-24 23:37 -------- d-----w- c:\windows\TempRASETUP2011-02-22 16:44 . 2011-02-22 16:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sunbelt2011-02-22 16:28 . 2010-06-14 19:54 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys2011-02-22 16:28 . 2010-06-14 19:54 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys2011-02-22 16:18 . 2011-02-22 16:18 -------- d-----w- c:\program files\Sunbelt Software2011-02-22 15:22 . 2011-02-22 16:18 -------- d-----w- c:\documents and settings\dolane\Application Data\Sunbelt2011-02-22 15:19 . 2011-02-22 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt2011-02-22 15:16 . 2011-02-22 15:16 -------- d-----w- c:\program files\MSXML 6.02011-02-22 15:13 . 2011-02-22 15:16 -------- d-----w- c:\program files\Microsoft SQL Server2011-02-22 15:12 . 2011-02-22 15:12 -------- d-----w- c:\documents and settings\dolane\Local Settings\Application Data\Sunbelt Software2011-02-22 03:49 . 1993-07-23 04:00 210944 ------w- c:\windows\system32\Msvcrt10.dll2011-02-22 03:48 . 2001-03-15 10:18 20584 ------w- c:\windows\system32\PdfPorts.dll2011-02-22 03:48 . 2001-03-15 10:18 65536 ------w- c:\windows\system32\adistres.dll2011-02-22 03:48 . 2001-01-30 18:56 225280 ------w- c:\program files\Internet Explorer\Plugins\NPDocBox.dll2011-02-22 03:48 . 2001-03-15 09:55 101200 ------w- c:\windows\system32\pdfshell.dll2011-02-22 03:46 . 2011-02-22 03:46 -------- d-----w- c:\documents and settings\dolane\Application Data\InterTrust2011-02-22 03:26 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys2011-02-22 03:26 . 2001-08-17 18:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys2011-02-22 03:24 . 2004-04-06 06:00 126976 ------w- c:\windows\system32\BrfxD04a.dll2011-02-22 03:24 . 2003-12-11 14:32 147456 ----a-w- c:\windows\brunin03.dll2011-02-22 03:22 . 2011-02-22 03:22 221184 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll2011-02-22 03:22 . 2011-02-22 03:22 53248 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\msihook.dll2011-02-22 03:22 . 2011-02-22 03:22 32768 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll2011-02-22 03:22 . 2011-02-22 03:22 126976 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe2011-02-22 03:22 . 2011-02-22 03:22 598016 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ikernel.exe2011-02-22 03:22 . 2011-02-22 03:22 217088 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll2011-02-22 03:22 . 2011-02-22 03:22 114688 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll2011-02-22 03:21 . 2011-02-22 03:21 -------- d-----w- c:\program files\Common Files\ScanSoft Shared2011-02-22 03:21 . 2011-02-22 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft2011-02-22 03:21 . 2011-02-22 03:21 -------- d-----w- c:\program files\ScanSoft2011-02-22 03:20 . 2011-02-22 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother2011-02-21 19:17 . 2011-02-21 19:17 -------- d-----w- c:\documents and settings\dolane\Application Data\Apple Computer2011-02-21 18:35 . 2011-02-21 18:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2011-02-21 16:29 . 2011-02-21 16:29 -------- d-----w- c:\documents and settings\dolane\Application Data\Malwarebytes2011-02-21 16:29 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-02-21 16:29 . 2011-02-21 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-02-21 16:29 . 2011-02-21 16:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-02-21 16:29 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-02-21 02:44 . 2011-02-21 02:44 -------- d-----w- c:\program files\BurnSoft2011-02-21 02:43 . 2011-02-21 03:32 -------- d-----w- C:\Burnsoftbackup2011-02-21 02:41 . 2011-02-21 02:41 -------- d-----w- c:\program files\PROFIBUS Line diagnosis2011-02-21 02:40 . 2011-02-21 02:40 -------- d-----w- C:\Baan E-ServiceRemote2.1.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll2011-01-16 13:12 . 2011-01-07 22:21 2469728 ----a-w- c:\windows\system32\AutoPartNt.exe2011-01-12 19:23 . 2009-04-22 16:35 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-01-12 19:23 . 2011-01-12 19:24 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-01-07 22:16 . 2011-01-07 22:16 160288 ----a-w- c:\windows\system32\drivers\afcdp.sys2011-01-07 22:16 . 2011-01-07 22:16 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys2011-01-07 22:16 . 2011-01-07 22:16 581984 ----a-w- c:\windows\system32\drivers\timntr.sys2011-01-07 22:16 . 2011-01-07 22:16 158272 ----a-w- c:\windows\system32\drivers\snapman.sys2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll2011-01-06 17:12 . 2008-09-15 22:44 2401 ----a-w- c:\windows\system32\drivers\AlKernel.sys2011-01-06 16:00 . 2011-01-06 16:00 5270099 ----a-w- c:\windows\FramePkg.exe2010-12-31 13:10 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll2010-12-20 23:08 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll2010-12-20 23:08 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll2010-12-20 23:08 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl2010-12-20 23:08 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll2010-12-20 17:26 . 2008-04-14 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll2010-12-20 12:55 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec2010-12-09 15:15 . 2008-04-14 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll2010-12-09 14:30 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll2010-12-09 13:42 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2010-12-09 13:07 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-12-09 12:15 . 2010-12-09 12:15 33232 ----a-w- c:\windows\system32\drivers\CFRPD.sys2010-12-09 12:14 . 2010-12-09 12:14 66584 ----a-w- c:\windows\system32\drivers\CFRMD.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-05-20 466944]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-28 13537280]"nwiz"="nwiz.exe" [2008-06-28 1630208]"NVHotkey"="nvHotkey.dll" [2008-06-28 90112]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-28 86016]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-04-30 196608]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]"BackgroundInfo"="c:\bginfo\bginfo.exe" [2002-05-29 368685]"AClntUsr"="c:\altiris\AClient\AClntUsr.EXE" [2011-03-01 180224]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-24 2220032]"QPMEnroll"="c:\windows\system32\QPMEnroll.exe" [2008-01-29 143360]"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-25 136512]"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-16 124224]"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2010-08-20 1348944]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2011-2-21 49254]Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 596584]Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-26 546360]Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2011-2-21 819200]c:\documents and settings\Default User\Start Menu\Programs\Startup\OutlookSetup.bat [2006-2-7 407][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"LogonType"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoWelcomeScreen"= 1 (0x1)"NoPublishingWizard"= 1 (0x1)"NoWebServices"= 1 (0x1)"NoOnlinePrintsWizard"= 1 (0x1)[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]2007-05-24 15:13 24665 ----a-w- c:\windows\system32\ckpNotify.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Altiris\\AClient\\AClntUsr.EXE"="c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"="c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"="c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"="c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"="c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [1/7/2011 5:16 PM 911680]R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [12/9/2010 7:14 AM 66584]R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [12/9/2010 7:15 AM 33232]R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2/22/2011 11:28 AM 21464]R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/13/2010 7:56 AM 98392]R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [1/7/2011 5:16 PM 2480048]R2 almservice;Automation License Manager Service;c:\siemens\Common\sws\almsrv\almsrvx.exe [5/22/2006 8:33 AM 749630]R2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [12/9/2010 7:08 AM 305600]R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [5/24/2007 10:13 AM 36368]R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [7/31/2008 8:41 PM 808296]R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [7/31/2008 8:41 PM 21352]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/21/2011 11:29 AM 363344]R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [8/31/2009 8:07 PM 21256]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/6/2011 11:18 AM 70728]R2 MSSQL$SUNBELT;SQL Server (SUNBELT);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]R2 s7asysvx;S7 Global Services;c:\siemens\Step7\S7BIN\s7asysvx.exe [2/24/2011 6:34 PM 69685]R2 s7oiehsx;SIMATIC IEPG Help Service;c:\siemens\Common\S7IEPG\s7oiehsx.exe [7/4/2007 8:58 PM 213064]R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [7/11/2006 12:40 PM 71168]R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [3/22/2007 12:29 PM 163840]R2 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [8/20/2010 9:16 AM 2763080]R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2/22/2011 11:28 AM 69976]R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\CounterSpy\SBPIMSvc.exe [8/20/2010 9:15 AM 181584]R2 scpdrv;scpdrv;c:\siemens\Common\sws\plugins\scp\scpdrv.sys [10/14/2003 1:44 AM 26944]R2 TcEventLogger;TcEventLogger;c:\twincat\EventLogger\TcEventLogger.exe [4/29/2009 3:54 PM 245845]R2 TcIo;TwinCAT IO Server;c:\twincat\Driver\TcIo.sys [4/29/2009 3:54 PM 1004544]R2 TcNc;TwinCAT NC Server;c:\twincat\Driver\TcNc.sys [4/29/2009 3:54 PM 2540093]R2 TcPlc;TwinCAT IEC1131 Server;c:\twincat\Driver\TcPlc.sys [4/29/2009 3:54 PM 365132]R2 TcRouter;TwinCAT Router Server;c:\twincat\Driver\TCRouter.sys [4/29/2009 3:54 PM 193596]R2 TcRTime;TwinCAT Realtime Server;c:\twincat\Driver\TCRtime.sys [4/29/2009 3:54 PM 175161]R2 TwinCAT System Service;TwinCAT System Service;c:\twincat\TCATSysSrv.exe [4/29/2009 3:54 PM 614460]R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [5/24/2007 10:13 AM 110032]R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [5/24/2007 10:13 AM 673456]R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/12/2008 11:35 AM 108160]R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [1/7/2011 5:16 PM 160288]R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [9/15/2008 5:27 PM 32808]R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [9/12/2008 11:39 AM 244368]R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [5/24/2007 10:13 AM 2234800]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/21/2011 11:29 AM 20952]R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [1/10/2011 11:34 AM 54544]R3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [1/10/2011 11:34 AM 160400]R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [1/10/2011 11:34 AM 12048]R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [1/10/2011 11:34 AM 160400]R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [1/10/2011 11:34 AM 115216]R3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [1/10/2011 11:34 AM 160400]R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [1/10/2011 11:34 AM 160400]R3 S7oserix;Siemens PC Serial Cable;c:\windows\system32\drivers\S7oserix.sys [7/4/2007 8:52 PM 127544]S0 cerc6;cerc6; [x]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/6/2011 11:18 AM 65448]S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [1/10/2011 11:34 AM 22032]S3 s7oppinx;s7oppinx;c:\windows\system32\drivers\S7oppinx.sys [7/4/2007 8:51 PM 90679]S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408].Contents of the 'Scheduled Tasks' folder2011-02-26 c:\windows\Tasks\COMODO Updater.job- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]..------- Supplementary Scan -------.uStart Page = hxxp://intranet/default.aspxuInternet Settings,ProxyServer = bolproxy:8080uInternet Settings,ProxyOverride = *.husky;10.*;192.168.*;*.huskyims.com;*.huskydmz.com;huskyftp.husky.ca;shows.husky.ca;<local>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: {4C4C240B-FD07-4008-81F9-CA132A759378} = 66.174.95.44 69.78.96.14DPF: {11D0B8B2-2343-46B4-872E-31AE26279168} - hxxp://boltonesr3/WebAccess/E-ServiceRemote/ESR21/E-ServiceRemote/EndUser/ASP/HuskyMobileService23.CABDPF: {14E13B79-0055-434A-8E90-9D0A21B76529} - hxxp://boltonesr3/WebAccess/E-ServiceRemote/ESR21/E-ServiceRemote/EndUser/ASP/BESRemoteClient.CABDPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab.- - - - ORPHANS REMOVED - - - -HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-02-28 20:42Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(1300)c:\windows\system32\prm_gina.dllc:\windows\system32\WININET.dll- - - - - - - > 'explorer.exe'(5892)c:\windows\system32\WININET.dllc:\windows\system32\btmmhook.dllc:\program files\Windows Desktop Search\deskbar.dllc:\program files\Windows Desktop Search\en-us\dbres.dll.muic:\program files\Windows Desktop Search\dbres.dllc:\program files\Windows Desktop Search\wordwheel.dllc:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.muic:\program files\Windows Desktop Search\msnlExtRes.dllc:\windows\system32\ieframe.dllc:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dllc:\program files\McAfee\Common Framework\McTrayInterfaceLib.dllc:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\btncopy.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exec:\program files\CheckPoint\SecuRemote\bin\SR_Service.exec:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exec:\windows\System32\WLTRYSVC.EXEc:\windows\System32\bcmwltry.exec:\windows\system32\brss01a.exec:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exec:\windows\System32\SCardSvr.exec:\altiris\AClient\AClient.exec:\program files\Common Files\Acronis\Schedule2\schedul2.exec:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exec:\program files\iPass\iPassConnect\iPassPeriodicUpdateService.exec:\program files\Java\jre6\bin\jqs.exec:\program files\McAfee\Common Framework\FrameworkService.exec:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\windows\system32\sessmgr.exec:\windows\system32\locator.exec:\program files\McAfee\Common Framework\naPrdMgr.exec:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exec:\windows\system32\SearchIndexer.exec:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exec:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\windows\system32\CCM\CcmExec.exec:\program files\McAfee\VirusScan Enterprise\Mcshield.exec:\program files\McAfee\VirusScan Enterprise\mfeann.exec:\windows\system32\SearchProtocolHost.exec:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.exec:\windows\system32\msiexec.exec:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exec:\windows\system32\rundll32.exec:\program files\IDT\WDM\sttray.exec:\program files\DellTPad\ApMsgFwd.exec:\program files\DellTPad\HidFind.exec:\program files\DellTPad\Apntex.exec:\program files\McAfee\Common Framework\McTray.exec:\windows\system32\SearchFilterHost.exec:\windows\system32\SearchProtocolHost.exe.**************************************************************************.Completion time: 2011-02-28 20:46:29 - machine was rebootedComboFix-quarantined-files.txt 2011-03-01 01:46Pre-Run: 198,347,014,144 bytes freePost-Run: 198,408,888,320 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect- - End Of File - - 886D1C6D3CFEF2A5C586A10579157F26 Link to post Share on other sites More sharing options...
Maniac Posted March 1, 2011 ID:394802 Share Posted March 1, 2011 Awesome! Thanks! Please visit www.virustotal.com and upload the following file:c:\windows\system32\u7by01ax.dllPost the results in your next reply. Link to post Share on other sites More sharing options...
DSLKSL Posted March 1, 2011 Author ID:394875 Share Posted March 1, 2011 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: u7by01ax.dllSubmission date: 2011-03-01 17:28:02 (UTC)Current status: queued (#18) queued analysing finishedResult: 0/ 43 (0.0%) VT Communitynot reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.03.02.00 2011.03.01 - AntiVir 7.11.4.21 2011.03.01 - Antiy-AVL 2.0.3.7 2011.03.01 - Avast 4.8.1351.0 2011.02.23 - Avast5 5.0.677.0 2011.02.23 - AVG 10.0.0.1190 2011.03.01 - BitDefender 7.2 2011.03.01 - CAT-QuickHeal 11.00 2011.03.01 - ClamAV 0.96.4.0 2011.03.01 - Commtouch 5.2.11.5 2011.03.01 - Comodo 7842 2011.03.01 - DrWeb 5.0.2.03300 2011.03.01 - Emsisoft 5.1.0.2 2011.03.01 - eSafe 7.0.17.0 2011.03.01 - eTrust-Vet 36.1.8190 2011.03.01 - F-Prot 4.6.2.117 2011.02.28 - F-Secure 9.0.16160.0 2011.03.01 - Fortinet 4.2.254.0 2011.03.01 - GData 21 2011.03.01 - Ikarus T3.1.1.97.0 2011.03.01 - Jiangmin 13.0.900 2011.03.01 - K7AntiVirus 9.91.3990 2011.03.01 - Kaspersky 7.0.0.125 2011.03.01 - McAfee 5.400.0.1158 2011.03.01 - McAfee-GW-Edition 2010.1C 2011.03.01 - Microsoft 1.6603 2011.03.01 - NOD32 5917 2011.03.01 - Norman 6.07.03 2011.03.01 - nProtect 2011-02-10.01 2011.02.15 - Panda 10.0.3.5 2011.03.01 - PCTools 7.0.3.5 2011.03.01 - Prevx 3.0 2011.03.01 - Rising 23.47.01.06 2011.03.01 - Sophos 4.61.0 2011.03.01 - SUPERAntiSpyware 4.40.0.1006 2011.03.01 - Symantec 20101.3.0.103 2011.03.01 - TheHacker 6.7.0.1.140 2011.02.28 - TrendMicro 9.200.0.1012 2011.03.01 - TrendMicro-HouseCall 9.200.0.1012 2011.03.01 - VBA32 3.12.14.3 2011.03.01 - VIPRE 8575 2011.03.01 - ViRobot 2011.2.28.4333 2011.03.01 - VirusBuster 13.6.229.0 2011.03.01 - Additional informationShow all MD5 : c402c4b480c003ec70f23fbbe5f6f7e6 SHA1 : 8022fcd8362c753c3fe1a71a94b91b95804128f2 SHA256: 33f15e300cafdc67e5602d35c5ecf9f998801f60d6dd26761795d7d050273764 Link to post Share on other sites More sharing options...
Maniac Posted March 1, 2011 ID:394877 Share Posted March 1, 2011 Please go ahead with ESET Online Scanner. Link to post Share on other sites More sharing options...
LDTate Posted March 10, 2011 ID:398409 Share Posted March 10, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts