Jump to content

HiJackThis

DSLKSL

By DSLKSL
in Resolved Malware Removal Logs

 Share

Recommended Posts

DSLKSL

DSLKSL

Posted
Posted

Hello all,

I have read you pinned topics but I am still unsure where to post my Hijackthis log. I have a Dell Work laptop with McAffee entrprize on it. I have ran the full paid version of Malwarebytes and McAffee puls couterspy in safe mode nothing reports back now I did have Malware find and delete this a few days ago:

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Form then everything reports clean. But I keep sending spam to myself and other in my Yahoo mail accout.

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:50:34 AM, on 2/26/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17095)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Altiris\AClient\AClient.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\sessmgr.exe

C:\Siemens\Step7\S7bin\s7asysvx.exe

C:\Siemens\Common\S7IEPG\s7oiehsx.exe

C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\TwinCAT\EventLogger\TcEventLogger.exe

C:\TwinCAT\TCATSysSrv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Siemens\Common\sws\almsrv\almsrvx.exe

C:\WINDOWS\system32\CCM\CcmExec.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

C:\WINDOWS\system32\AESTFltr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Altiris\AClient\AClntUsr.EXE

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/default.aspx

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/default.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/default.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Husky I.M.S.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = bolproxy:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.husky;10.*;192.168.*;*.huskyims.com;*.huskydmz.com;huskyftp.husky.ca;shows.husky.ca;<local>

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [backgroundInfo] C:\BGInfo\bginfo.exe /timer:0 /iC:\BGInfo\ImageBuild.bgi

O4 - HKLM\..\Run: [AClntUsr] C:\Altiris\AClient\AClntUsr.EXE

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [QPMEnroll] C:\WINDOWS\system32\QPMEnroll.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [sBAMTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - .DEFAULT User Startup: OutlookSetup.bat (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://boltweb1/default.aspx

O16 - DPF: {11D0B8B2-2343-46B4-872E-31AE26279168} (HuskyMobileService23.ChangeMS23) - http://boltonesr3/WebAccess/E-ServiceRemote/ESR21/E-ServiceRemote/EndUser/ASP/HuskyMobileService23.CAB

O16 - DPF: {14E13B79-0055-434A-8E90-9D0A21B76529} (BESRemoteClient.JobSheet) - http://boltonesr3/WebAccess/E-ServiceRemote/ESR21/E-ServiceRemote/EndUser/ASP/BESRemoteClient.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48E59293-9880-11CF-9754-00AA00C00908} (Microsoft Internet Transfer Control 6.0 (SP4)) - http://boltonesr3/esrgetput/BESRemoteClient.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T27LC/webex/ieatgpc.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.huskyims.com

O17 - HKLM\Software\..\Telephony: DomainName = corp.huskyims.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.huskyims.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.huskyims.com

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Altiris\AClient\AClient.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Siemens\Common\sws\almsrv\almsrvx.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe

O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe

O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe

O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7\S7bin\s7asysvx.exe

O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Siemens\Common\S7IEPG\s7oiehsx.exe

O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe

O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe

O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe

O23 - Service: TcEventLogger - Unknown owner - C:\TwinCAT\EventLogger\TcEventLogger.exe

O23 - Service: TwinCAT System Service - BECKHOFF Automation - C:\TwinCAT\TCATSysSrv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 16185 bytes

Can any one help Please.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello DSLKSL! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2

Download DDS and save it to your desktop from here or here .

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

In your next reply, please post the following logs:

  1. Malwarebytes' Anti-Malware log
  2. DDS log with Attach.txt

Link to post
Share on other sites
DSLKSL

DSLKSL

Posted
  • Author
Posted

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5882

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

2/26/2011 7:41:16 PM

mbam-log-2011-02-26 (19-41-16).txt

Scan type: Quick scan

Objects scanned: 168402

Time elapsed: 16 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

DDS (Ver_10-12-12.02) - NTFSx86

Run by dolane at 21:48:50.84 on Sat 02/26/2011

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2792 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

svchost.exe

C:\Altiris\AClient\AClient.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\sessmgr.exe

C:\Siemens\Step7\S7bin\s7asysvx.exe

C:\Siemens\Common\S7IEPG\s7oiehsx.exe

C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\TwinCAT\EventLogger\TcEventLogger.exe

C:\TwinCAT\TCATSysSrv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Siemens\Common\sws\almsrv\almsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\CCM\CcmExec.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\COMODO\COMODO System-Cleaner\Updater.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

C:\WINDOWS\system32\AESTFltr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Altiris\AClient\AClntUsr.EXE

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dumprep.exe

\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Documents and Settings\dolane\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Husky I.M.S.

uStart Page = hxxp://intranet/default.aspx

uDefault_Page_URL = hxxp://intranet/default.aspx

mDefault_Page_URL = hxxp://intranet/default.aspx

uInternet Settings,ProxyServer = bolproxy:8080

uInternet Settings,ProxyOverride = *.husky;10.*;192.168.*;*.huskyims.com;*.huskydmz.com;huskyftp.husky.ca;shows.husky.ca;<local>

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [backgroundInfo] c:\bginfo\bginfo.exe /timer:0 /ic:\bginfo\ImageBuild.bgi

mRun: [AClntUsr] c:\altiris\aclient\AClntUsr.EXE

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [QPMEnroll] c:\windows\system32\QPMEnroll.exe

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe

mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe

mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun

mRun: [sBAMTray] "c:\program files\sunbelt software\counterspy\SBAMTray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe

uPolicies-explorer: NoWindowsUpdate = 1 (0x1)

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

mPolicies-explorer: NoPublishingWizard = 1 (0x1)

mPolicies-explorer: NoWebServices = 1 (0x1)

mPolicies-explorer: NoOnlinePrintsWizard = 1 (0x1)

mPolicies-system: LogonType = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {11D0B8B2-2343-46B4-872E-31AE26279168} - hxxp://boltonesr3/WebAccess/E-ServiceRemote/ESR21/E-ServiceRemote/EndUser/ASP/HuskyMobileService23.CAB

DPF: {14E13B79-0055-434A-8E90-9D0A21B76529} - hxxp://boltonesr3/WebAccess/E-ServiceRemote/ESR21/E-ServiceRemote/EndUser/ASP/BESRemoteClient.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {48E59293-9880-11CF-9754-00AA00C00908} - hxxp://boltonesr3/esrgetput/BESRemoteClient.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27LC/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab

Notify: ckpNotify - ckpNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-6 343664]

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2011-1-7 911680]

R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2010-12-9 66584]

R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [2010-12-9 33232]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-2-22 21464]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-1-7 2480048]

R2 almservice;Automation License Manager Service;c:\siemens\common\sws\almsrv\almsrvx.exe [2006-5-22 749630]

R2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\comodo\comodo system-cleaner\Cleaner_Validator.exe [2010-12-9 305600]

R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-5-24 36368]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-7-31 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-7-31 21352]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-21 363344]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-8-31 21256]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-25 120128]

R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-8-31 146448]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-10-15 66880]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-6 70728]

R2 MSSQL$SUNBELT;SQL Server (SUNBELT);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]

R2 s7asysvx;S7 Global Services;c:\siemens\step7\s7bin\s7asysvx.exe [2011-2-24 69685]

R2 s7oiehsx;SIMATIC IEPG Help Service;c:\siemens\common\s7iepg\s7oiehsx.exe [2007-7-4 213064]

R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [2006-7-11 71168]

R2 S7TraceServiceX;S7TraceServiceX;c:\program files\common files\siemens\automation\traceengine\bin\S7TraceServiceX.exe [2007-3-22 163840]

R2 SBAMSvc;CounterSpy Antispyware;c:\program files\sunbelt software\counterspy\SBAMSvc.exe [2010-8-20 2763080]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-2-22 69976]

R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\counterspy\SBPIMSvc.exe [2010-8-20 181584]

R2 scpdrv;scpdrv;c:\siemens\common\sws\plugins\scp\scpdrv.sys [2003-10-14 26944]

R2 TcEventLogger;TcEventLogger;c:\twincat\eventlogger\TcEventLogger.exe [2009-4-29 245845]

R2 TcIo;TwinCAT IO Server;c:\twincat\driver\TcIo.sys [2009-4-29 1004544]

R2 TcNc;TwinCAT NC Server;c:\twincat\driver\TcNc.sys [2009-4-29 2540093]

R2 TcPlc;TwinCAT IEC1131 Server;c:\twincat\driver\TcPlc.sys [2009-4-29 365132]

R2 TcRouter;TwinCAT Router Server;c:\twincat\driver\TCRouter.sys [2009-4-29 193596]

R2 TcRTime;TwinCAT Realtime Server;c:\twincat\driver\TCRtime.sys [2009-4-29 175161]

R2 TwinCAT System Service;TwinCAT System Service;c:\twincat\TCATSysSrv.exe [2009-4-29 614460]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2007-5-24 110032]

R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2007-5-24 673456]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-9-12 108160]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-1-7 160288]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-9-15 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-12 244368]

R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2007-5-24 2234800]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-21 20952]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-6 91672]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-6 43288]

R3 S7oserix;Siemens PC Serial Cable;c:\windows\system32\drivers\S7oserix.sys [2007-7-4 127544]

S0 cerc6;cerc6; [x]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-6 65448]

S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2011-1-10 54544]

S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2011-1-10 22032]

S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2011-1-10 160400]

S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2011-1-10 12048]

S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2011-1-10 160400]

S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2011-1-10 115216]

S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2011-1-10 160400]

S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2011-1-10 160400]

S3 s7oppinx;s7oppinx;c:\windows\system32\drivers\S7oppinx.sys [2007-7-4 90679]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

=============== Created Last 30 ================

2011-02-27 02:33:13 17740 ----a-w- c:\windows\cscmondump.bin

2011-02-26 14:49:55 388096 ----a-r- c:\docume~1\dolane\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-02-26 14:49:53 -------- d-----w- c:\program files\Trend Micro

2011-02-26 14:13:41 -------- d-----w- c:\program files\COMODO

2011-02-26 14:13:33 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-02-26 14:01:55 -------- d-----w- c:\docume~1\dolane\applic~1\RegistryKeys

2011-02-25 14:22:25 -------- d-----w- c:\docume~1\dolane\applic~1\webex

2011-02-25 14:18:03 -------- d-----w- c:\docume~1\dolane\locals~1\applic~1\Identities

2011-02-25 13:40:59 -------- d-----w- c:\docume~1\dolane\applic~1\Windows Desktop Search

2011-02-25 00:03:46 32768 ----a-w- c:\windows\system32\u7by01ax.dll

2011-02-24 23:54:53 -------- d-----w- c:\program files\common files\Siemens

2011-02-24 23:54:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Siemens

2011-02-24 23:48:51 368912 ----a-w- c:\windows\system32\VBAR332.DLL

2011-02-24 23:48:51 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL

2011-02-24 23:48:50 1046288 ----a-w- c:\windows\system32\MSJET35.DLL

2011-02-24 23:48:49 24848 ----a-w- c:\windows\system32\MSJTER35.DLL

2011-02-24 23:48:48 570128 ----a-w- c:\program files\common files\microsoft shared\dao\DAO350.DLL

2011-02-24 23:48:48 123664 ----a-w- c:\windows\system32\MSJINT35.DLL

2011-02-24 23:38:18 -------- d-----w- c:\program files\common files\Binaries

2011-02-24 23:38:16 -------- d-----w- c:\program files\SIEMENS

2011-02-24 23:32:00 64432 ----a-w- c:\windows\system32\threed.vbx

2011-02-24 23:32:00 5632 ----a-w- c:\windows\system32\mfcuia32.dll

2011-02-24 23:32:00 4096 ----a-w- c:\windows\system32\mfcuiw32.dll

2011-02-24 23:32:00 398416 ----a-w- c:\windows\system32\vbrun300.dll

2011-02-24 23:32:00 166408 ----a-w- c:\windows\system32\MSMASK32.OCX

2011-02-24 23:31:59 322832 ----a-w- c:\windows\system32\MFC30.DLL

2011-02-24 23:31:59 133904 ----a-w- c:\windows\system32\MFCANS32.DLL

2011-02-24 23:31:59 133392 ----a-w- c:\windows\system32\MFCO30.DLL

2011-02-24 23:31:54 -------- d-----w- c:\windows\Setup

2011-02-24 23:31:54 -------- d-----w- C:\Siemens

2011-02-24 23:25:59 -------- d-----w- c:\windows\TempRASETUP

2011-02-22 16:28:35 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2011-02-22 16:28:35 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2011-02-22 16:18:06 -------- d-----w- c:\program files\Sunbelt Software

2011-02-22 15:42:48 -------- d-----w- C:\e

2011-02-22 15:42:17 -------- d-----w- C:\Data

2011-02-22 15:22:32 -------- d-----w- c:\docume~1\dolane\applic~1\Sunbelt

2011-02-22 15:19:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt

2011-02-22 15:16:17 -------- d-----w- c:\program files\MSXML 6.0

2011-02-22 15:13:52 -------- d-----w- c:\program files\Microsoft SQL Server

2011-02-22 15:12:12 -------- d-----w- c:\docume~1\dolane\locals~1\applic~1\Sunbelt Software

2011-02-22 03:49:04 210944 ------w- c:\windows\system32\Msvcrt10.dll

2011-02-22 03:48:55 65536 ------w- c:\windows\system32\adistres.dll

2011-02-22 03:48:55 20584 ------w- c:\windows\system32\PdfPorts.dll

2011-02-22 03:48:41 225280 ------w- c:\program files\internet explorer\plugins\NPDocBox.dll

2011-02-22 03:48:36 101200 ------w- c:\windows\system32\pdfshell.dll

2011-02-22 03:26:22 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2011-02-22 03:26:22 6784 ----a-w- c:\windows\system32\drivers\serscan.sys

2011-02-22 03:24:59 147456 ----a-w- c:\windows\brunin03.dll

2011-02-22 03:24:59 126976 ------w- c:\windows\system32\BrfxD04a.dll

2011-02-22 03:24:59 -------- d-----w- c:\program files\Brother

2011-02-22 03:22:10 221184 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll

2011-02-22 03:22:09 53248 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll

2011-02-22 03:22:09 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

2011-02-22 03:22:08 126976 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe

2011-02-22 03:22:07 598016 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe

2011-02-22 03:22:07 217088 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

2011-02-22 03:22:06 114688 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll

2011-02-22 03:21:42 -------- d-----w- c:\program files\common files\ScanSoft Shared

2011-02-22 03:21:34 -------- d-----w- c:\program files\ScanSoft

2011-02-22 03:20:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Brother

2011-02-21 16:29:55 -------- d-----w- c:\docume~1\dolane\applic~1\Malwarebytes

2011-02-21 16:29:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-21 16:29:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-02-21 16:29:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-21 16:29:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-21 02:44:19 -------- d-----w- c:\program files\BurnSoft

2011-02-21 02:43:12 -------- d-----w- C:\Burnsoftbackup

2011-02-21 02:41:40 -------- d-----w- c:\program files\PROFIBUS Line diagnosis

2011-02-21 02:40:42 -------- d-----w- C:\Baan E-ServiceRemote2.1

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-16 13:12:46 2469728 ----a-w- c:\windows\system32\AutoPartNt.exe

2011-01-12 19:23:48 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-12 19:23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2011-01-06 16:00:07 5270099 ----a-w- c:\windows\FramePkg.exe

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll

2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 21:50:41.95 ===============

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/12/2008 12:14:53 PM

System Uptime: 2/26/2011 9:43:47 PM (0 hours ago)

Motherboard: Dell Inc. | | 0K672N

Processor: Intel Pentium III Xeon processor | Microprocessor | 2527/266mhz

==== Disk Partitions =========================

==== Installed Programs ======================

Acronis

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    ----------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  • Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites
DSLKSL

DSLKSL

Posted
  • Author
Posted

I have read the post you gave me and tried what it said but no luck on the password. I have aske dmy IT department for the password but they may not give it up. There soultion is to send me a new imaged drive and then I transfer all my personal files. That does'nt work if the persomal files are bad.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Let's make a additional scan to be sure that your personal data is not infected.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
      Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites
DSLKSL

DSLKSL

Posted
  • Author
Posted

Ok, IT gave me the password I ran combo fix like you asked here is the txt file. Once again thank you for your help.

ComboFix 11-02-28.02 - dolane 02/28/2011 20:31:14.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2788 [GMT -5:00]

Running from: c:\documents and settings\dolane\Desktop\Combo-Fix.exe

AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\data

c:\data\3ibaib_o\us_sres.data

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\cscmondump.bin

----- BITS: Possible infected sites -----

hxxp://milwsus01

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Security

((((((((((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 )))))))))))))))))))))))))))))))

.

2011-02-28 10:32 . 2011-02-28 10:32 -------- d-----w- C:\Removal

2011-02-26 14:49 . 2011-02-26 14:49 388096 ----a-r- c:\documents and settings\dolane\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-02-26 14:49 . 2011-02-26 14:49 -------- d-----w- c:\program files\Trend Micro

2011-02-26 14:13 . 2011-02-26 14:13 -------- d-----w- c:\program files\COMODO

2011-02-26 14:13 . 2011-02-26 14:13 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-02-26 14:01 . 2011-02-26 14:01 -------- d-----w- c:\documents and settings\dolane\Application Data\RegistryKeys

2011-02-25 14:22 . 2011-02-25 21:32 -------- d-----w- c:\documents and settings\dolane\Application Data\webex

2011-02-25 14:18 . 2011-02-25 14:18 -------- d-----w- c:\documents and settings\dolane\Local Settings\Application Data\Identities

2011-02-25 13:40 . 2011-02-25 13:40 -------- d-----w- c:\documents and settings\dolane\Application Data\Windows Desktop Search

2011-02-25 00:03 . 2011-02-25 00:03 32768 ----a-w- c:\windows\system32\u7by01ax.dll

2011-02-24 23:54 . 2011-02-24 23:54 -------- d-----w- c:\program files\Common Files\Siemens

2011-02-24 23:54 . 2011-02-24 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Siemens

2011-02-24 23:48 . 2005-03-02 23:39 368912 ----a-w- c:\windows\system32\VBAR332.DLL

2011-02-24 23:48 . 2005-03-02 23:39 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL

2011-02-24 23:48 . 2005-03-02 23:39 1046288 ----a-w- c:\windows\system32\MSJET35.DLL

2011-02-24 23:48 . 2005-03-02 23:39 24848 ----a-w- c:\windows\system32\MSJTER35.DLL

2011-02-24 23:48 . 2005-03-02 23:39 123664 ----a-w- c:\windows\system32\MSJINT35.DLL

2011-02-24 23:48 . 2005-03-02 23:39 570128 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL

2011-02-24 23:38 . 2011-02-24 23:38 -------- d-----w- c:\program files\Common Files\Binaries

2011-02-24 23:38 . 2011-02-24 23:38 -------- d-----w- c:\program files\SIEMENS

2011-02-24 23:32 . 1999-05-07 17:24 166408 ----a-w- c:\windows\system32\MSMASK32.OCX

2011-02-24 23:32 . 1995-08-24 14:50 5632 ----a-w- c:\windows\system32\mfcuia32.dll

2011-02-24 23:32 . 1995-08-24 14:50 4096 ----a-w- c:\windows\system32\mfcuiw32.dll

2011-02-24 23:32 . 1994-12-22 13:00 398416 ----a-w- c:\windows\system32\vbrun300.dll

2011-02-24 23:32 . 1993-07-16 20:28 64432 ----a-w- c:\windows\system32\threed.vbx

2011-02-24 23:31 . 1995-11-20 13:49 322832 ----a-w- c:\windows\system32\MFC30.DLL

2011-02-24 23:31 . 1995-08-24 14:50 133904 ----a-w- c:\windows\system32\MFCANS32.DLL

2011-02-24 23:31 . 1995-05-19 23:53 133392 ----a-w- c:\windows\system32\MFCO30.DLL

2011-02-24 23:31 . 2011-02-25 00:02 -------- d-----w- c:\windows\Setup

2011-02-24 23:31 . 2011-02-24 23:37 -------- d-----w- C:\Siemens

2011-02-24 23:25 . 2011-02-24 23:37 -------- d-----w- c:\windows\TempRASETUP

2011-02-22 16:44 . 2011-02-22 16:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sunbelt

2011-02-22 16:28 . 2010-06-14 19:54 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2011-02-22 16:28 . 2010-06-14 19:54 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2011-02-22 16:18 . 2011-02-22 16:18 -------- d-----w- c:\program files\Sunbelt Software

2011-02-22 15:22 . 2011-02-22 16:18 -------- d-----w- c:\documents and settings\dolane\Application Data\Sunbelt

2011-02-22 15:19 . 2011-02-22 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt

2011-02-22 15:16 . 2011-02-22 15:16 -------- d-----w- c:\program files\MSXML 6.0

2011-02-22 15:13 . 2011-02-22 15:16 -------- d-----w- c:\program files\Microsoft SQL Server

2011-02-22 15:12 . 2011-02-22 15:12 -------- d-----w- c:\documents and settings\dolane\Local Settings\Application Data\Sunbelt Software

2011-02-22 03:49 . 1993-07-23 04:00 210944 ------w- c:\windows\system32\Msvcrt10.dll

2011-02-22 03:48 . 2001-03-15 10:18 20584 ------w- c:\windows\system32\PdfPorts.dll

2011-02-22 03:48 . 2001-03-15 10:18 65536 ------w- c:\windows\system32\adistres.dll

2011-02-22 03:48 . 2001-01-30 18:56 225280 ------w- c:\program files\Internet Explorer\Plugins\NPDocBox.dll

2011-02-22 03:48 . 2001-03-15 09:55 101200 ------w- c:\windows\system32\pdfshell.dll

2011-02-22 03:46 . 2011-02-22 03:46 -------- d-----w- c:\documents and settings\dolane\Application Data\InterTrust

2011-02-22 03:26 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2011-02-22 03:26 . 2001-08-17 18:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys

2011-02-22 03:24 . 2004-04-06 06:00 126976 ------w- c:\windows\system32\BrfxD04a.dll

2011-02-22 03:24 . 2003-12-11 14:32 147456 ----a-w- c:\windows\brunin03.dll

2011-02-22 03:22 . 2011-02-22 03:22 221184 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll

2011-02-22 03:22 . 2011-02-22 03:22 53248 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\msihook.dll

2011-02-22 03:22 . 2011-02-22 03:22 32768 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll

2011-02-22 03:22 . 2011-02-22 03:22 126976 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe

2011-02-22 03:22 . 2011-02-22 03:22 598016 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ikernel.exe

2011-02-22 03:22 . 2011-02-22 03:22 217088 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll

2011-02-22 03:22 . 2011-02-22 03:22 114688 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll

2011-02-22 03:21 . 2011-02-22 03:21 -------- d-----w- c:\program files\Common Files\ScanSoft Shared

2011-02-22 03:21 . 2011-02-22 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft

2011-02-22 03:21 . 2011-02-22 03:21 -------- d-----w- c:\program files\ScanSoft

2011-02-22 03:20 . 2011-02-22 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother

2011-02-21 19:17 . 2011-02-21 19:17 -------- d-----w- c:\documents and settings\dolane\Application Data\Apple Computer

2011-02-21 18:35 . 2011-02-21 18:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-02-21 16:29 . 2011-02-21 16:29 -------- d-----w- c:\documents and settings\dolane\Application Data\Malwarebytes

2011-02-21 16:29 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-21 16:29 . 2011-02-21 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-02-21 16:29 . 2011-02-21 16:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-21 16:29 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-21 02:44 . 2011-02-21 02:44 -------- d-----w- c:\program files\BurnSoft

2011-02-21 02:43 . 2011-02-21 03:32 -------- d-----w- C:\Burnsoftbackup

2011-02-21 02:41 . 2011-02-21 02:41 -------- d-----w- c:\program files\PROFIBUS Line diagnosis

2011-02-21 02:40 . 2011-02-21 02:40 -------- d-----w- C:\Baan E-ServiceRemote2.1

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-16 13:12 . 2011-01-07 22:21 2469728 ----a-w- c:\windows\system32\AutoPartNt.exe

2011-01-12 19:23 . 2009-04-22 16:35 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-12 19:23 . 2011-01-12 19:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-07 22:16 . 2011-01-07 22:16 160288 ----a-w- c:\windows\system32\drivers\afcdp.sys

2011-01-07 22:16 . 2011-01-07 22:16 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys

2011-01-07 22:16 . 2011-01-07 22:16 581984 ----a-w- c:\windows\system32\drivers\timntr.sys

2011-01-07 22:16 . 2011-01-07 22:16 158272 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2011-01-06 17:12 . 2008-09-15 22:44 2401 ----a-w- c:\windows\system32\drivers\AlKernel.sys

2011-01-06 16:00 . 2011-01-06 16:00 5270099 ----a-w- c:\windows\FramePkg.exe

2010-12-31 13:10 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:08 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:08 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-12-20 23:08 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 23:08 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-12-20 17:26 . 2008-04-14 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15 . 2008-04-14 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-12-09 12:15 . 2010-12-09 12:15 33232 ----a-w- c:\windows\system32\drivers\CFRPD.sys

2010-12-09 12:14 . 2010-12-09 12:14 66584 ----a-w- c:\windows\system32\drivers\CFRMD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-05-20 466944]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-28 13537280]

"nwiz"="nwiz.exe" [2008-06-28 1630208]

"NVHotkey"="nvHotkey.dll" [2008-06-28 90112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-28 86016]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-04-30 196608]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]

"BackgroundInfo"="c:\bginfo\bginfo.exe" [2002-05-29 368685]

"AClntUsr"="c:\altiris\AClient\AClntUsr.EXE" [2011-03-01 180224]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-24 2220032]

"QPMEnroll"="c:\windows\system32\QPMEnroll.exe" [2008-01-29 143360]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-25 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-16 124224]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]

"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]

"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2010-08-20 1348944]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2011-2-21 49254]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 596584]

Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-26 546360]

Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2011-2-21 819200]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

OutlookSetup.bat [2006-2-7 407]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

"NoPublishingWizard"= 1 (0x1)

"NoWebServices"= 1 (0x1)

"NoOnlinePrintsWizard"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

2007-05-24 15:13 24665 ----a-w- c:\windows\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Altiris\\AClient\\AClntUsr.EXE"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [1/7/2011 5:16 PM 911680]

R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [12/9/2010 7:14 AM 66584]

R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [12/9/2010 7:15 AM 33232]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2/22/2011 11:28 AM 21464]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/13/2010 7:56 AM 98392]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [1/7/2011 5:16 PM 2480048]

R2 almservice;Automation License Manager Service;c:\siemens\Common\sws\almsrv\almsrvx.exe [5/22/2006 8:33 AM 749630]

R2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [12/9/2010 7:08 AM 305600]

R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [5/24/2007 10:13 AM 36368]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [7/31/2008 8:41 PM 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [7/31/2008 8:41 PM 21352]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/21/2011 11:29 AM 363344]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [8/31/2009 8:07 PM 21256]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/6/2011 11:18 AM 70728]

R2 MSSQL$SUNBELT;SQL Server (SUNBELT);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]

R2 s7asysvx;S7 Global Services;c:\siemens\Step7\S7BIN\s7asysvx.exe [2/24/2011 6:34 PM 69685]

R2 s7oiehsx;SIMATIC IEPG Help Service;c:\siemens\Common\S7IEPG\s7oiehsx.exe [7/4/2007 8:58 PM 213064]

R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [7/11/2006 12:40 PM 71168]

R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [3/22/2007 12:29 PM 163840]

R2 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [8/20/2010 9:16 AM 2763080]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2/22/2011 11:28 AM 69976]

R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\CounterSpy\SBPIMSvc.exe [8/20/2010 9:15 AM 181584]

R2 scpdrv;scpdrv;c:\siemens\Common\sws\plugins\scp\scpdrv.sys [10/14/2003 1:44 AM 26944]

R2 TcEventLogger;TcEventLogger;c:\twincat\EventLogger\TcEventLogger.exe [4/29/2009 3:54 PM 245845]

R2 TcIo;TwinCAT IO Server;c:\twincat\Driver\TcIo.sys [4/29/2009 3:54 PM 1004544]

R2 TcNc;TwinCAT NC Server;c:\twincat\Driver\TcNc.sys [4/29/2009 3:54 PM 2540093]

R2 TcPlc;TwinCAT IEC1131 Server;c:\twincat\Driver\TcPlc.sys [4/29/2009 3:54 PM 365132]

R2 TcRouter;TwinCAT Router Server;c:\twincat\Driver\TCRouter.sys [4/29/2009 3:54 PM 193596]

R2 TcRTime;TwinCAT Realtime Server;c:\twincat\Driver\TCRtime.sys [4/29/2009 3:54 PM 175161]

R2 TwinCAT System Service;TwinCAT System Service;c:\twincat\TCATSysSrv.exe [4/29/2009 3:54 PM 614460]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [5/24/2007 10:13 AM 110032]

R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [5/24/2007 10:13 AM 673456]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/12/2008 11:35 AM 108160]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [1/7/2011 5:16 PM 160288]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [9/15/2008 5:27 PM 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [9/12/2008 11:39 AM 244368]

R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [5/24/2007 10:13 AM 2234800]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/21/2011 11:29 AM 20952]

R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [1/10/2011 11:34 AM 54544]

R3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [1/10/2011 11:34 AM 160400]

R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [1/10/2011 11:34 AM 12048]

R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [1/10/2011 11:34 AM 160400]

R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [1/10/2011 11:34 AM 115216]

R3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [1/10/2011 11:34 AM 160400]

R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [1/10/2011 11:34 AM 160400]

R3 S7oserix;Siemens PC Serial Cable;c:\windows\system32\drivers\S7oserix.sys [7/4/2007 8:52 PM 127544]

S0 cerc6;cerc6; [x]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/6/2011 11:18 AM 65448]

S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [1/10/2011 11:34 AM 22032]

S3 s7oppinx;s7oppinx;c:\windows\system32\drivers\S7oppinx.sys [7/4/2007 8:51 PM 90679]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]

.

Contents of the 'Scheduled Tasks' folder

2011-02-26 c:\windows\Tasks\COMODO Updater.job

- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://intranet/default.aspx

uInternet Settings,ProxyServer = bolproxy:8080

uInternet Settings,ProxyOverride = *.husky;10.*;192.168.*;*.huskyims.com;*.huskydmz.com;huskyftp.husky.ca;shows.husky.ca;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: {4C4C240B-FD07-4008-81F9-CA132A759378} = 66.174.95.44 69.78.96.14

DPF: {11D0B8B2-2343-46B4-872E-31AE26279168} - hxxp://boltonesr3/WebAccess/E-ServiceRemote/ESR21/E-ServiceRemote/EndUser/ASP/HuskyMobileService23.CAB

DPF: {14E13B79-0055-434A-8E90-9D0A21B76529} - hxxp://boltonesr3/WebAccess/E-ServiceRemote/ESR21/E-ServiceRemote/EndUser/ASP/BESRemoteClient.CAB

DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-28 20:42

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1300)

c:\windows\system32\prm_gina.dll

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(5892)

c:\windows\system32\WININET.dll

c:\windows\system32\btmmhook.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll

c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe

c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\system32\brss01a.exe

c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe

c:\windows\System32\SCardSvr.exe

c:\altiris\AClient\AClient.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\iPass\iPassConnect\iPassPeriodicUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\sessmgr.exe

c:\windows\system32\locator.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\CCM\CcmExec.exe

c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

c:\windows\system32\SearchProtocolHost.exe

c:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe

c:\windows\system32\msiexec.exe

c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

c:\windows\system32\rundll32.exe

c:\program files\IDT\WDM\sttray.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\windows\system32\SearchFilterHost.exe

c:\windows\system32\SearchProtocolHost.exe

.

**************************************************************************

.

Completion time: 2011-02-28 20:46:29 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-01 01:46

Pre-Run: 198,347,014,144 bytes free

Post-Run: 198,408,888,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 886D1C6D3CFEF2A5C586A10579157F26

Link to post
Share on other sites
DSLKSL

DSLKSL

Posted
  • Author
Posted

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: u7by01ax.dll

Submission date: 2011-03-01 17:28:02 (UTC)

Current status: queued (#18) queued analysing finished

Result: 0/ 43 (0.0%)

VT Community

not reviewed

Safety score: -

Compact Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.03.02.00 2011.03.01 -

AntiVir 7.11.4.21 2011.03.01 -

Antiy-AVL 2.0.3.7 2011.03.01 -

Avast 4.8.1351.0 2011.02.23 -

Avast5 5.0.677.0 2011.02.23 -

AVG 10.0.0.1190 2011.03.01 -

BitDefender 7.2 2011.03.01 -

CAT-QuickHeal 11.00 2011.03.01 -

ClamAV 0.96.4.0 2011.03.01 -

Commtouch 5.2.11.5 2011.03.01 -

Comodo 7842 2011.03.01 -

DrWeb 5.0.2.03300 2011.03.01 -

Emsisoft 5.1.0.2 2011.03.01 -

eSafe 7.0.17.0 2011.03.01 -

eTrust-Vet 36.1.8190 2011.03.01 -

F-Prot 4.6.2.117 2011.02.28 -

F-Secure 9.0.16160.0 2011.03.01 -

Fortinet 4.2.254.0 2011.03.01 -

GData 21 2011.03.01 -

Ikarus T3.1.1.97.0 2011.03.01 -

Jiangmin 13.0.900 2011.03.01 -

K7AntiVirus 9.91.3990 2011.03.01 -

Kaspersky 7.0.0.125 2011.03.01 -

McAfee 5.400.0.1158 2011.03.01 -

McAfee-GW-Edition 2010.1C 2011.03.01 -

Microsoft 1.6603 2011.03.01 -

NOD32 5917 2011.03.01 -

Norman 6.07.03 2011.03.01 -

nProtect 2011-02-10.01 2011.02.15 -

Panda 10.0.3.5 2011.03.01 -

PCTools 7.0.3.5 2011.03.01 -

Prevx 3.0 2011.03.01 -

Rising 23.47.01.06 2011.03.01 -

Sophos 4.61.0 2011.03.01 -

SUPERAntiSpyware 4.40.0.1006 2011.03.01 -

Symantec 20101.3.0.103 2011.03.01 -

TheHacker 6.7.0.1.140 2011.02.28 -

TrendMicro 9.200.0.1012 2011.03.01 -

TrendMicro-HouseCall 9.200.0.1012 2011.03.01 -

VBA32 3.12.14.3 2011.03.01 -

VIPRE 8575 2011.03.01 -

ViRobot 2011.2.28.4333 2011.03.01 -

VirusBuster 13.6.229.0 2011.03.01 -

Additional informationShow all

MD5 : c402c4b480c003ec70f23fbbe5f6f7e6

SHA1 : 8022fcd8362c753c3fe1a71a94b91b95804128f2

SHA256: 33f15e300cafdc67e5602d35c5ecf9f998801f60d6dd26761795d7d050273764

Link to post
Share on other sites
  • 2 weeks later...
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.