Jump to content

Recommended Posts

Cant run Malwarebytes. Cant get online so have to use USB drive and other laptop. Why do things like this occur???

Thanks for all the help.

DDSDDS (Ver_11-03-05.01) - NTFSx86

Run by rrissetto at 16:03:35.09 on Mon 05/09/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2820 [GMT -4:00]

.

AV: F-PROT Antivirus for Windows *Enabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

.

============== Running Processes ===============

.

C:\WINDOWS\System32\Novell\XTAgent.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\audio\r213367\stacsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\USBDLM\USBDLM.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\dpmw32.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Documents and Settings\rrissetto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Documents and Settings\rrissetto\Local Settings\Application Data\ier.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\rrissetto\Desktop\dds\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.weather.com/weather/local/12918?lswe=12918&lwsa=WeatherLocalUndeclared&from=searchbox_localwx

uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Octoshape Streaming Services] "c:\documents and settings\rrissetto\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe

mRun: [NDPS] c:\windows\system32\dpmw32.exe

mRun: [NWTRAY] NWTRAY.EXE

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\rrisse~1\startm~1\programs\startup\launch~1.lnk - c:\docume~1\rrisse~1\applic~1\microsoft\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe

StartupFolder: c:\docume~1\rrisse~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxdev.dll

Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Authentication Packages = msv1_0 nwv1_0

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\rrisse~1\applic~1\mozilla\firefox\profiles\dgd9ehpc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.pressrepublican.com/

FF - plugin: c:\documents and settings\rrissetto\application data\mozilla\plugins\npoctoshape.dll

FF - plugin: c:\documents and settings\rrissetto\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2009-6-18 700632]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-22 64160]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]

R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2010-11-3 83624]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]

R2 USBDLM;USBDLM;c:\program files\usbdlm\USBDLM.exe [2009-6-17 109568]

R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-9-8 61440]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-4-26 112512]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-4-26 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-4-26 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-26 109568]

R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

.

=============== Created Last 30 ================

.

2011-05-09 14:52:05 235988 --sha-w- c:\docume~1\rrisse~1\locals~1\applic~1\ier.exe

2011-04-13 17:26:34 -------- d-----w- c:\windows\ServicePackFiles

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys

2011-02-26 13:27:15 0 ----a-w- c:\windows\Tzuwohazozah.bin

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

.

============= FINISH: 16:04:37.56 ===============

FIle

GMER 1.0.15.15627 - http://www.gmer.net

Rootkit scan 2011-05-09 17:42:16

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD80 rev.11.0

Running: gmer.exe; Driver: C:\DOCUME~1\RRISSE~1\LOCALS~1\Temp\kflyiaog.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

---- Kernel code sections - GMER 1.0.15 ----

? nwfilter.sys The system cannot find the file specified. !

? system32\drivers\xpsec.sys The system cannot find the path specified. !

? system32\drivers\xcpip.sys The system cannot find the path specified. !

? C:\DOCUME~1\RRISSE~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[304] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012D9E37

.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[304] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012D99D4

.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[304] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012D9CE9

.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[304] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012D9AB5

.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[304] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012D9B88

.text C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe[340] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0051E6E5 C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (Icon in the taskbar notification area (F-PROT Antivirus)/FRISK Software International)

.text C:\Documents and Settings\rrissetto\Local Settings\Application Data\ier.exe[536] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02DA9E37

.text C:\Documents and Settings\rrissetto\Local Settings\Application Data\ier.exe[536] ws2_32.dll!send 71AB4C27 5 Bytes JMP 02DA99D4

.text C:\Documents and Settings\rrissetto\Local Settings\Application Data\ier.exe[536] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02DA9CE9

.text C:\Documents and Settings\rrissetto\Local Settings\Application Data\ier.exe[536] ws2_32.dll!recv 71AB676F 5 Bytes JMP 02DA9AB5

.text C:\Documents and Settings\rrissetto\Local Settings\Application Data\ier.exe[536] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02DA9B88

.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[736] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DF9E37

.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[736] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DF99D4

.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[736] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DF9CE9

.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[736] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DF9AB5

.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[736] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DF9B88

.text C:\Program Files\DellTPad\Apoint.exe[740] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EC9E37

.text C:\Program Files\DellTPad\Apoint.exe[740] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EC99D4

.text C:\Program Files\DellTPad\Apoint.exe[740] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00EC9CE9

.text C:\Program Files\DellTPad\Apoint.exe[740] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EC9AB5

.text C:\Program Files\DellTPad\Apoint.exe[740] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00EC9B88

.text C:\Program Files\iTunes\iTunesHelper.exe[764] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01A99E37

.text C:\Program Files\iTunes\iTunesHelper.exe[764] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01A999D4

.text C:\Program Files\iTunes\iTunesHelper.exe[764] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01A99CE9

.text C:\Program Files\iTunes\iTunesHelper.exe[764] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01A99AB5

.text C:\Program Files\iTunes\iTunesHelper.exe[764] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01A99B88

.text C:\WINDOWS\system32\winlogon.exe[912] Secur32.dll!LsaLogonUser 77FE33F1 5 Bytes JMP 01AB2946

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1016] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02029E37

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1016] WS2_32.dll!send 71AB4C27 5 Bytes JMP 020299D4

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1016] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02029CE9

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1016] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02029AB5

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1016] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02029B88

.text C:\WINDOWS\System32\Novell\XTAgent.exe[1156] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01439E37

.text C:\WINDOWS\System32\Novell\XTAgent.exe[1156] WS2_32.dll!send 71AB4C27 5 Bytes JMP 014399D4

.text C:\WINDOWS\System32\Novell\XTAgent.exe[1156] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01439CE9

.text C:\WINDOWS\System32\Novell\XTAgent.exe[1156] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01439AB5

.text C:\WINDOWS\System32\Novell\XTAgent.exe[1156] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01439B88

.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1340] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 07779E37

.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1340] WS2_32.dll!send 71AB4C27 5 Bytes JMP 077799D4

.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1340] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 07779CE9

.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1340] WS2_32.dll!recv 71AB676F 5 Bytes JMP 07779AB5

.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1340] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 07779B88

.text C:\Documents and Settings\rrissetto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[1476] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02359E37

.text C:\Documents and Settings\rrissetto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[1476] WS2_32.dll!send 71AB4C27 5 Bytes JMP 023599D4

.text C:\Documents and Settings\rrissetto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[1476] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02359CE9

.text C:\Documents and Settings\rrissetto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[1476] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02359AB5

.text C:\Documents and Settings\rrissetto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[1476] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02359B88

.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1768] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D19E37

.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1768] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D199D4

.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1768] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D19CE9

.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1768] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D19AB5

.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1768] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D19B88

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1880] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01E19E37

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1880] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01E199D4

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1880] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01E19CE9

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1880] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01E19AB5

.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1880] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01E19B88

.text C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe[2076] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02779E37

.text C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe[2076] WS2_32.dll!send 71AB4C27 5 Bytes JMP 027799D4

.text C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe[2076] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02779CE9

.text C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe[2076] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02779AB5

.text C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe[2076] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02779B88

.text C:\WINDOWS\system32\hkcmd.exe[2304] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E09E37

.text C:\WINDOWS\system32\hkcmd.exe[2304] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E099D4

.text C:\WINDOWS\system32\hkcmd.exe[2304] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E09CE9

.text C:\WINDOWS\system32\hkcmd.exe[2304] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E09AB5

.text C:\WINDOWS\system32\hkcmd.exe[2304] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E09B88

.text C:\WINDOWS\Explorer.EXE[2412] USER32.dll!DisplayExitWindowsWarnings 7E459F91 5 Bytes JMP 02DC2758

.text C:\WINDOWS\Explorer.EXE[2412] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02DE9E37

.text C:\WINDOWS\Explorer.EXE[2412] ws2_32.dll!send 71AB4C27 5 Bytes JMP 02DE99D4

.text C:\WINDOWS\Explorer.EXE[2412] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02DE9CE9

.text C:\WINDOWS\Explorer.EXE[2412] ws2_32.dll!recv 71AB676F 5 Bytes JMP 02DE9AB5

.text C:\WINDOWS\Explorer.EXE[2412] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02DE9B88

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2592] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E79E37

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2592] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E799D4

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2592] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E79CE9

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2592] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E79AB5

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2592] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E79B88

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F09E37

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F099D4

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2700] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F09CE9

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2700] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F09AB5

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2700] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F09B88

.text C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe[3116] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 017C9E37

.text C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe[3116] WS2_32.dll!send 71AB4C27 5 Bytes JMP 017C99D4

.text C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe[3116] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 017C9CE9

.text C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe[3116] WS2_32.dll!recv 71AB676F 5 Bytes JMP 017C9AB5

.text C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe[3116] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 017C9B88

.text C:\WINDOWS\system32\SearchIndexer.exe[3120] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

.text C:\WINDOWS\system32\SearchIndexer.exe[3120] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0C2D9E37

.text C:\WINDOWS\system32\SearchIndexer.exe[3120] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0C2D99D4

.text C:\WINDOWS\system32\SearchIndexer.exe[3120] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0C2D9CE9

.text C:\WINDOWS\system32\SearchIndexer.exe[3120] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0C2D9AB5

.text C:\WINDOWS\system32\SearchIndexer.exe[3120] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0C2D9B88

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3276] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02439E37

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3276] ws2_32.dll!send 71AB4C27 5 Bytes JMP 024399D4

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3276] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02439CE9

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3276] ws2_32.dll!recv 71AB676F 5 Bytes JMP 02439AB5

.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3276] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02439B88

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3636] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01799E37

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3636] WS2_32.dll!send 71AB4C27 5 Bytes JMP 017999D4

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3636] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01799CE9

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3636] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01799AB5

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3636] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01799B88

.text C:\WINDOWS\system32\wbem\unsecapp.exe[3840] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EF9E37

.text C:\WINDOWS\system32\wbem\unsecapp.exe[3840] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EF99D4

.text C:\WINDOWS\system32\wbem\unsecapp.exe[3840] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00EF9CE9

.text C:\WINDOWS\system32\wbem\unsecapp.exe[3840] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EF9AB5

.text C:\WINDOWS\system32\wbem\unsecapp.exe[3840] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00EF9B88

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3888] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DC9E37

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3888] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DC99D4

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3888] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DC9CE9

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3888] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DC9AB5

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3888] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DC9B88

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5044] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E19E37

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5044] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E199D4

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5044] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E19CE9

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5044] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E19AB5

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5044] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E19B88

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs FStopW.sys (FPAV - RealTime Protector/FRISK Software International)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat FStopW.sys (FPAV - RealTime Protector/FRISK Software International)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----

ne one????

Attach.zip

Link to post
Share on other sites

Here are the lates log files. Thanks for all your help. Y do these things occur is there some benefit for someone screwing up my computer. because as i type this my wife's other computer now looks to be infected.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6564

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

combofix log

ComboFix 11-05-11.04 - rrissetto 05/12/2011 21:11:06.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2889 [GMT -4:00]

Running from: c:\documents and settings\rrissetto\Desktop\combofix\ComboFix.exe

AV: F-PROT Antivirus for Windows *Enabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\rrissetto\Local Settings\Application Data\{15A6403B-3ED4-4FAD-BF63-6C2AF20FBF62}

c:\documents and settings\rrissetto\Local Settings\Application Data\{15A6403B-3ED4-4FAD-BF63-6C2AF20FBF62}\chrome.manifest

c:\documents and settings\rrissetto\Local Settings\Application Data\{15A6403B-3ED4-4FAD-BF63-6C2AF20FBF62}\chrome\content\_cfg.js

c:\documents and settings\rrissetto\Local Settings\Application Data\{15A6403B-3ED4-4FAD-BF63-6C2AF20FBF62}\chrome\content\overlay.xul

c:\documents and settings\rrissetto\Local Settings\Application Data\{15A6403B-3ED4-4FAD-BF63-6C2AF20FBF62}\install.rdf

c:\documents and settings\rrissetto\Local Settings\Application Data\ier.exe

C:\Install.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))

.

.

2011-05-13 00:58 . 2011-05-13 00:58 -------- d-----w- c:\documents and settings\rrissetto\Application Data\FRISK Software

2011-05-09 14:52 . 2011-05-09 14:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-04-13 17:26 . 2011-04-13 17:26 -------- d-----w- c:\windows\ServicePackFiles

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2008-04-25 16:16 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:27 . 2008-04-25 16:16 1866880 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2008-04-25 16:16 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2008-04-25 16:16 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-06-17 18:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2008-04-25 16:16 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-05-07 11:55 . 2011-04-03 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"Octoshape Streaming Services"="c:\documents and settings\rrissetto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2010-07-05 1674032]

"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]

"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\rrissetto\Start Menu\Programs\Startup\

LaunchU3.exe.lnk - c:\documents and settings\rrissetto\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2010-1-25 22486]

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]

2005-09-08 20:14 24576 ----a-w- c:\windows\system32\Novell\xtnotify.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpmw32.exe"=

"c:\\Documents and Settings\\rrissetto\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"7523:TCP"= 7523:TCP:Services

"7524:TCP"= 7524:TCP:Services

"1708:TCP"= 1708:TCP:Services

.

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [6/18/2009 8:11 AM 700632]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/22/2009 3:06 PM 64160]

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]

R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [11/3/2010 5:40 PM 83624]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]

R2 USBDLM;USBDLM;c:\program files\USBDLM\USBDLM.exe [6/17/2009 2:22 PM 109568]

R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [9/8/2005 4:14 PM 61440]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/26/2009 5:46 PM 112512]

R3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 6:28 AM 42832]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [4/26/2009 5:46 PM 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/26/2009 5:46 PM 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [4/26/2009 5:46 PM 109568]

R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 20:06]

.

2011-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-05-13 c:\windows\Tasks\PandaUSBVaccine.job

- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-08-13 16:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.weather.com/weather/local/12918?lswe=12918&lwsa=WeatherLocalUndeclared&from=searchbox_localwx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\rrissetto\Application Data\Mozilla\Firefox\Profiles\dgd9ehpc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.pressrepublican.com/

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-ChangeTPMAuth - c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-12 21:21

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\NETWIN32.DLL

.

- - - - - - - > 'Explorer.exe'(4660)

c:\windows\system32\WININET.dll

c:\windows\system32\igfxdo.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\drivers\audio\r213367\stacsv.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Panda USB Vaccine\USBVaccine.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\windows\system32\NWTRAY.EXE

c:\program files\DellTPad\Apntex.exe

c:\program files\DellTPad\HidFind.exe

c:\documents and settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2011-05-12 21:23:40 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-13 01:23

.

Pre-Run: 52,239,171,584 bytes free

Post-Run: 52,542,943,232 bytes free

.

- - End Of File - - 9423AC8D327FAB0C23353D73A1E6EB38

mbam log

5/12/2011 9:33:26 PM

mbam-log-2011-05-12 (21-33-26).txt

Scan type: Quick scan

Objects scanned: 200125

Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\rrissetto\Local Settings\Application Data\ier.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

dds log

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by rrissetto at 21:48:01.39 on Thu 05/12/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2669 [GMT -4:00]

.

AV: F-PROT Antivirus for Windows *Enabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

.

============== Running Processes ===============

.

C:\WINDOWS\System32\Novell\XTAgent.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\audio\r213367\stacsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\dpmw32.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Documents and Settings\rrissetto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\USBDLM\USBDLM.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\rrissetto\Desktop\dds\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.weather.com/weather/local/12918?lswe=12918&lwsa=WeatherLocalUndeclared&from=searchbox_localwx

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [Octoshape Streaming Services] "c:\documents and settings\rrissetto\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe

mRun: [NDPS] c:\windows\system32\dpmw32.exe

mRun: [NWTRAY] NWTRAY.EXE

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\rrisse~1\startm~1\programs\startup\launch~1.lnk - c:\docume~1\rrisse~1\applic~1\microsoft\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe

StartupFolder: c:\docume~1\rrisse~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxdev.dll

Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\rrisse~1\applic~1\mozilla\firefox\profiles\dgd9ehpc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.pressrepublican.com/

FF - plugin: c:\documents and settings\rrissetto\application data\mozilla\plugins\npoctoshape.dll

FF - plugin: c:\documents and settings\rrissetto\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2009-6-18 700632]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-22 64160]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]

R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2010-11-3 83624]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]

R2 USBDLM;USBDLM;c:\program files\usbdlm\USBDLM.exe [2009-6-17 109568]

R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-9-8 61440]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-4-26 112512]

R3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-4-26 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-4-26 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-26 109568]

R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

.

=============== Created Last 30 ================

.

2011-05-13 01:08:04 -------- d-----w- C:\ComboFix

2011-05-13 00:58:43 -------- d-----w- c:\docume~1\rrisse~1\applic~1\FRISK Software

2011-05-13 00:47:55 -------- d-sha-r- C:\cmdcons

2011-05-13 00:44:26 89088 ----a-w- c:\windows\MBR.exe

2011-05-13 00:44:25 98816 ----a-w- c:\windows\sed.exe

2011-05-13 00:44:25 256512 ----a-w- c:\windows\PEV.exe

2011-05-13 00:44:25 161792 ----a-w- c:\windows\SWREG.exe

2011-04-13 17:26:34 -------- d-----w- c:\windows\ServicePackFiles

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys

2011-02-26 13:27:15 0 ----a-w- c:\windows\Tzuwohazozah.bin

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 21:48:58.71 ===============

Attach2.zip

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the extended delay.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Driver::
xcpip
xpsec

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

DS (Ver_11-03-05.01) - NTFSx86

Run by rrissetto at 20:34:10.43 on Thu 05/19/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2784 [GMT -4:00]

.

AV: F-PROT Antivirus for Windows *Enabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

.

============== Running Processes ===============

.

C:\WINDOWS\System32\Novell\XTAgent.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\audio\r213367\stacsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\WINDOWS\system32\dpmw32.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Documents and Settings\rrissetto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

svchost.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\USBDLM\USBDLM.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\rrissetto\Desktop\dds\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.weather.com/weather/local/12918?lswe=12918&lwsa=WeatherLocalUndeclared&from=searchbox_localwx

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [Octoshape Streaming Services] "c:\documents and settings\rrissetto\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe

mRun: [NDPS] c:\windows\system32\dpmw32.exe

mRun: [NWTRAY] NWTRAY.EXE

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\rrisse~1\startm~1\programs\startup\launch~1.lnk - c:\docume~1\rrisse~1\applic~1\microsoft\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe

StartupFolder: c:\docume~1\rrisse~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxdev.dll

Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\rrisse~1\applic~1\mozilla\firefox\profiles\dgd9ehpc.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.pressrepublican.com/

FF - plugin: c:\documents and settings\rrissetto\application data\mozilla\plugins\npoctoshape.dll

FF - plugin: c:\documents and settings\rrissetto\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2009-6-18 700632]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-22 64160]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]

R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2010-11-3 83624]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]

R2 USBDLM;USBDLM;c:\program files\usbdlm\USBDLM.exe [2009-6-17 109568]

R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-9-8 61440]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-4-26 112512]

R3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-4-26 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-4-26 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-26 109568]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

.

=============== Created Last 30 ================

.

2011-05-20 00:15:27 -------- d-----w- C:\ComboFix

2011-05-16 12:24:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-13 00:58:43 -------- d-----w- c:\docume~1\rrisse~1\applic~1\FRISK Software

2011-05-13 00:47:55 -------- d-sha-r- C:\cmdcons

2011-05-13 00:44:26 89088 ----a-w- c:\windows\MBR.exe

2011-05-13 00:44:25 98816 ----a-w- c:\windows\sed.exe

2011-05-13 00:44:25 256512 ----a-w- c:\windows\PEV.exe

2011-05-13 00:44:25 161792 ----a-w- c:\windows\SWREG.exe

.

==================== Find3M ====================

.

2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-14 06:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys

2011-02-26 13:27:15 0 ----a-w- c:\windows\Tzuwohazozah.bin

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 20:34:36.71 ===============

COMBO FIX

ComboFix 11-05-18.04 - rrissetto 05/19/2011 20:17:58.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2722 [GMT -4:00]

Running from: c:\documents and settings\rrissetto\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\rrissetto\Desktop\CFScript.txt

AV: F-PROT Antivirus for Windows *Enabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

* Created a new restore point

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

.

----- BITS: Possible infected sites -----

.

hxxp://au.download.windowsupdate.comj+|Cv+@J:NGD_DQ{zcxLJS@vA(KJ&CB'{AC76BA86-7AD7-1033-7B44-A92000000001}

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_xcpip

-------\Service_xpsec

.

.

((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))

.

.

2011-05-16 14:35 . 2011-05-16 14:35 -------- d-----w- c:\program files\Common Files\Java

2011-05-16 12:24 . 2011-05-16 12:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-13 00:58 . 2011-05-13 00:58 -------- d-----w- c:\documents and settings\rrissetto\Application Data\FRISK Software

2011-05-09 14:52 . 2011-05-09 14:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-14 09:07 . 2010-06-06 17:29 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-14 06:40 . 2009-04-26 19:03 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-03-07 05:33 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2008-04-25 16:16 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:27 . 2008-04-25 16:16 1866880 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec

2011-05-07 11:55 . 2011-04-03 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-05-13_01.19.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-22 19:01 . 2009-03-19 20:32 23400 c:\windows\system32\drivers\GEARAspiWDM.sys

+ 2011-05-13 01:55 . 2011-05-13 01:55 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

- 2011-04-13 17:16 . 2011-04-13 17:16 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2009-06-22 18:35 . 2011-05-13 01:56 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2009-06-22 18:35 . 2011-04-13 17:25 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2009-06-22 18:35 . 2011-05-13 01:56 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2009-06-22 18:35 . 2011-04-13 17:25 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2009-06-22 18:35 . 2011-05-13 01:56 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2009-06-22 18:35 . 2011-04-13 17:25 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2009-06-22 18:35 . 2011-04-13 17:25 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2009-06-22 18:35 . 2011-05-13 01:56 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2009-06-22 18:35 . 2011-04-13 17:25 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2009-06-22 18:35 . 2011-05-13 01:56 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2009-06-22 18:35 . 2011-05-13 01:56 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2009-06-22 18:35 . 2011-04-13 17:25 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2009-06-22 18:35 . 2011-05-13 01:56 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2009-06-22 18:35 . 2011-04-13 17:25 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2011-05-16 12:24 . 2011-05-16 12:24 239776 c:\windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe

+ 2011-05-16 14:34 . 2011-04-14 09:08 157472 c:\windows\system32\javaws.exe

+ 2011-05-16 14:34 . 2011-04-14 09:08 145184 c:\windows\system32\javaw.exe

- 2010-06-06 17:29 . 2010-04-12 21:29 145184 c:\windows\system32\javaw.exe

+ 2011-05-16 14:34 . 2011-04-14 09:08 145184 c:\windows\system32\java.exe

- 2010-06-06 17:29 . 2010-04-12 21:29 145184 c:\windows\system32\java.exe

+ 2011-05-16 14:35 . 2011-05-16 14:35 180224 c:\windows\Installer\167ed7.msi

+ 2009-06-22 18:35 . 2011-05-13 01:56 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2009-06-22 18:35 . 2011-04-13 17:25 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2009-06-22 18:35 . 2011-04-13 17:25 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2009-06-22 18:35 . 2011-05-13 01:56 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2009-06-22 18:35 . 2011-04-13 17:25 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2009-06-22 18:35 . 2011-05-13 01:56 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2009-06-22 18:35 . 2011-04-13 17:25 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2009-06-22 18:35 . 2011-05-13 01:56 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2009-06-22 18:35 . 2011-04-13 17:25 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2009-06-22 18:35 . 2011-05-13 01:56 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2009-06-22 18:35 . 2011-05-13 01:56 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2009-06-22 18:35 . 2011-04-13 17:25 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2009-10-28 03:40 . 2011-05-16 12:24 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2011-04-27 15:14 . 2011-04-27 15:14 5520384 c:\windows\Installer\10952d.msp

+ 2011-04-29 17:04 . 2011-04-29 17:04 5053440 c:\windows\Installer\109519.msp

+ 2011-04-29 16:30 . 2011-04-29 16:30 1197056 c:\windows\Installer\109504.msp

+ 2009-06-18 19:40 . 2011-05-13 01:56 42829768 c:\windows\system32\MRT.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"Octoshape Streaming Services"="c:\documents and settings\rrissetto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2010-07-05 1674032]

"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]

"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\rrissetto\Start Menu\Programs\Startup\

LaunchU3.exe.lnk - c:\documents and settings\rrissetto\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2010-1-25 22486]

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]

2005-09-08 20:14 24576 ----a-w- c:\windows\system32\Novell\xtnotify.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpmw32.exe"=

"c:\\Documents and Settings\\rrissetto\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"7523:TCP"= 7523:TCP:Services

"7524:TCP"= 7524:TCP:Services

"1708:TCP"= 1708:TCP:Services

.

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [6/18/2009 8:11 AM 700632]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/22/2009 3:06 PM 64160]

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]

R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [11/3/2010 5:40 PM 83624]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]

R2 USBDLM;USBDLM;c:\program files\USBDLM\USBDLM.exe [6/17/2009 2:22 PM 109568]

R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [9/8/2005 4:14 PM 61440]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/26/2009 5:46 PM 112512]

R3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 6:28 AM 42832]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [4/26/2009 5:46 PM 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/26/2009 5:46 PM 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [4/26/2009 5:46 PM 109568]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - xcpip

*Deregistered* - xpsec

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 20:06]

.

2011-05-20 c:\windows\Tasks\PandaUSBVaccine.job

- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-08-13 16:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.weather.com/weather/local/12918?lswe=12918&lwsa=WeatherLocalUndeclared&from=searchbox_localwx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\rrissetto\Application Data\Mozilla\Firefox\Profiles\dgd9ehpc.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.pressrepublican.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-19 20:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\NETWIN32.DLL

.

- - - - - - - > 'Explorer.exe'(5820)

c:\windows\system32\WININET.dll

c:\windows\system32\igfxdo.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\drivers\audio\r213367\stacsv.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Panda USB Vaccine\USBVaccine.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\DellTPad\HidFind.exe

c:\windows\system32\NWTRAY.EXE

c:\documents and settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2011-05-19 20:29:56 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-20 00:29

ComboFix2.txt 2011-05-13 01:23

.

Pre-Run: 52,440,326,144 bytes free

Post-Run: 52,447,305,728 bytes free

.

- - End Of File - - 3E9C4A11B25BBEA84E1625C642BF70E2

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.11

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

F-PROT Antivirus for Windows

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Malwarebytes' Anti-Malware

Java 6 Update 25

Adobe Flash Player 10.3.181.14

Adobe Reader 9.2

Japanese Fonts Support For Adobe Reader 9

Out of date Adobe Reader installed!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe

FRISK Software F-PROT Antivirus for Windows FPAVServer.exe

FRISK Software F-PROT Antivirus for Windows FProtTray.exe

ESET ESET Online Scanner OnlineCmdLineScanner.exe

``````````End of Log````````````

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6522

# api_version=3.0.2

# EOSSerial=f80e57c4b9f9434a800037522c350b8b

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-05-21 12:48:58

# local_time=2011-05-20 08:48:58 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=3328 16777175 100 0 59686160 59686160 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=58606

# found=4

# cleaned=4

# scan_time=4098

C:\Documents and Settings\rrissetto\Application Data\Sun\Java\Deployment\cache\6.0\46\47a2e8ae-61731a00 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\rrissetto\Application Data\Sun\Java\Deployment\cache\6.0\9\10dd2ac9-36841038 a variant of Win32/Kryptik.NAD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\rrissetto\Local Settings\Application Data\ier.exe.vir a variant of Win32/Kryptik.NMH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1\A0001188.exe a variant of Win32/Kryptik.NMH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Things seem better but system still seems slow on loadup of windowns and whenever trying to open programs. I also have another laptop thats infected the same way. Shoudl i just follow whatever i ddi for this one??? Thanks again for your help

Link to post
Share on other sites

  • Staff

Hi,

Please start a new topic for your other computer.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Please download ATF Cleaner by Atribune from here, and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the whole lot, check Select All.

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Reader 9.2

Restart your computer.

Get the latest version of Adobe Reader.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

Link to post
Share on other sites

Hi,

Please start a new topic for your other computer.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Please download ATF Cleaner by Atribune from here, and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the whole lot, check Select All.

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Reader 9.2

Restart your computer.

Get the latest version of Adobe Reader.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

Here is the link. I have noticed that I keep seem to getting routed to Google search page whenever i try a link i keep going to the google page. Not sure what the deal is with that.

http://www.pcpitstop.com/betapit/sec.asp?conid=24381958

Link to post
Share on other sites

Could you explain this in more detail please?

Well i can do a regular search in my toolbar on the IE page. I end up with the results from Google Search and then if I click on that result i end up going to the google.com search page and have to type it in again.

Link to post
Share on other sites

Latest log from Combofix:

ComboFix 11-06-06.07 - rrissetto 06/07/2011 21:47:20.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2806 [GMT -4:00]

Running from: c:\documents and settings\rrissetto\Desktop\ComboFix.exe

AV: F-PROT Antivirus for Windows *Disabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

.

.

((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 )))))))))))))))))))))))))))))))

.

.

2011-05-26 00:58 . 2011-05-26 00:58 -------- d-----w- c:\program files\MeadCo Neptune

2011-05-26 00:48 . 2011-05-26 00:48 -------- d-----w- c:\documents and settings\rrissetto\Local Settings\Application Data\Temp

2011-05-26 00:45 . 2011-05-26 00:45 -------- d-----w- c:\program files\Common Files\Adobe

2011-05-22 00:40 . 2011-05-22 00:40 -------- d-----w- C:\temp

2011-05-21 01:59 . 2011-05-21 01:59 -------- d-----w- c:\documents and settings\rrissetto\Local Settings\Application Data\WMTools Downloaded Files

2011-05-20 23:32 . 2011-05-20 23:32 -------- d-----w- c:\program files\ESET

2011-05-16 14:35 . 2011-05-16 14:35 -------- d-----w- c:\program files\Common Files\Java

2011-05-16 12:24 . 2011-05-16 12:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-13 00:58 . 2011-05-13 00:58 -------- d-----w- c:\documents and settings\rrissetto\Application Data\FRISK Software

2011-05-09 14:52 . 2011-05-09 14:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-14 09:07 . 2010-06-06 17:29 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-14 06:40 . 2009-04-26 19:03 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-07 11:55 . 2011-04-03 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

.

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

.

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

.

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

.

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

.

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

.

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

.

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

.

[-] 2008-04-14 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

.

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

.

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

.

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

.

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

.

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

.

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

.

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

.

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

.

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

.

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

.

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

.

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

.

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

.

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

.

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

.

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

.

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

.

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

.

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

.

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

.

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

.

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

.

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

.

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

.

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

.

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

.

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

.

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

.

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

.

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

.

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

.

[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

.

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

.

[-] 2008-04-14 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-04-14 10:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys

[-] 2008-04-14 10:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

.

[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\AGP440.SYS

.

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

.

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

.

[-] 2008-04-14 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

.

[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

.

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

.

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

.

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

.

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

.

[-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

.

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

.

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

.

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll

.

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

.

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

.

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Octoshape Streaming Services"="c:\documents and settings\rrissetto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2010-07-05 1674032]

"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]

"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\rrissetto\Start Menu\Programs\Startup\

LaunchU3.exe.lnk - c:\documents and settings\rrissetto\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2010-1-25 22486]

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]

2005-09-08 20:14 24576 ----a-w- c:\windows\system32\Novell\xtnotify.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-02-26 21:08 166912 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-02-26 21:08 134656 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpmw32.exe"=

"c:\\Documents and Settings\\rrissetto\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"7523:TCP"= 7523:TCP:Services

"7524:TCP"= 7524:TCP:Services

"1708:TCP"= 1708:TCP:Services

.

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [6/18/2009 8:11 AM 700632]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/22/2009 3:06 PM 64160]

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]

R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [11/3/2010 5:40 PM 83624]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]

R2 USBDLM;USBDLM;c:\program files\USBDLM\USBDLM.exe [6/17/2009 2:22 PM 109568]

R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [9/8/2005 4:14 PM 61440]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/26/2009 5:46 PM 112512]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [4/26/2009 5:46 PM 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/26/2009 5:46 PM 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [4/26/2009 5:46 PM 109568]

R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 6:28 AM 42832]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 20:06]

.

2011-06-07 c:\windows\Tasks\PandaUSBVaccine.job

- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-08-13 16:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.weather.com/weather/local/12918?lswe=12918&lwsa=WeatherLocalUndeclared&from=searchbox_localwx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\rrissetto\Application Data\Mozilla\Firefox\Profiles\dgd9ehpc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.pressrepublican.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-07 21:50

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\NETWIN32.DLL

c:\windows\system32\Novell\NCredMgr.dll

c:\windows\system32\NLS\ENGLISH\MAPBASER.DLL

c:\windows\system32\NetProvCredMan.dll

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'Explorer.exe'(5000)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-06-07 21:52:05

ComboFix-quarantined-files.txt 2011-06-08 01:51

ComboFix2.txt 2011-05-20 00:30

.

Pre-Run: 53,020,495,872 bytes free

Post-Run: 53,027,631,104 bytes free

.

- - End Of File - - 6C89FA2A6E1672E82CAF7367CC2A3C4E

Link to post
Share on other sites

so i am stilll being sent to another page from the google search pages. I just see some infomormation on the bottom of the webpage usually redirecting to something called adsense.com then I end up back to googles search page. This happens also after a safe mode boot

Link to post
Share on other sites

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by rrissetto at 21:17:29.93 on Mon 06/20/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2732 [GMT -4:00]

.

AV: F-PROT Antivirus for Windows *Disabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

.

============== Running Processes ===============

.

C:\WINDOWS\System32\Novell\XTAgent.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\audio\r213367\stacsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

C:\WINDOWS\system32\dpmw32.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Documents and Settings\rrissetto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

svchost.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\USBDLM\USBDLM.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\rrissetto\Desktop\dds\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.weather.com/weather/local/12918?lswe=12918&lwsa=WeatherLocalUndeclared&from=searchbox_localwx

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [Octoshape Streaming Services] "c:\documents and settings\rrissetto\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe

mRun: [NDPS] c:\windows\system32\dpmw32.exe

mRun: [NWTRAY] NWTRAY.EXE

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\rrisse~1\startm~1\programs\startup\launch~1.lnk - c:\docume~1\rrisse~1\applic~1\microsoft\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe

StartupFolder: c:\docume~1\rrisse~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxdev.dll

Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\rrisse~1\applic~1\mozilla\firefox\profiles\dgd9ehpc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.pressrepublican.com/

FF - plugin: c:\documents and settings\rrissetto\application data\mozilla\plugins\npoctoshape.dll

FF - plugin: c:\documents and settings\rrissetto\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\progra~1\meadco~1\npmeadax.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2009-6-18 700632]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-22 64160]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]

R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2010-11-3 83624]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1036104]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-7 366640]

R2 USBDLM;USBDLM;c:\program files\usbdlm\USBDLM.exe [2009-6-17 109568]

R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-9-8 61440]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-4-26 112512]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-4-26 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-4-26 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-26 109568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-7 22712]

R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

.

=============== Created Last 30 ================

.

2011-06-15 22:56:20 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-08 01:45:34 98816 ----a-w- c:\windows\sed.exe

2011-06-08 01:45:34 518144 ----a-w- c:\windows\SWREG.exe

2011-06-08 01:45:34 256512 ----a-w- c:\windows\PEV.exe

2011-06-08 01:45:34 208896 ----a-w- c:\windows\MBR.exe

2011-05-26 01:35:19 -------- d-----w- c:\windows\pss

2011-05-26 00:58:02 -------- d-----w- c:\program files\MeadCo Neptune

2011-05-26 00:48:04 -------- d-----w- c:\docume~1\rrisse~1\locals~1\applic~1\Temp

.

==================== Find3M ====================

.

2011-05-16 12:24:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-14 06:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

.

============= FINISH: 21:17:38.53 ===============

ComboFix 11-06-19.0r1 - rrissetto 06/20/2011 21:08:13.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2706 [GMT -4:00]

Running from: c:\documents and settings\rrissetto\Desktop\ComboFix1.exe

AV: F-PROT Antivirus for Windows *Disabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

.

.

((((((((((((((((((((((((( Files Created from 2011-05-21 to 2011-06-21 )))))))))))))))))))))))))))))))

.

.

2011-06-15 22:56 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-05-26 00:58 . 2011-05-26 00:58 -------- d-----w- c:\program files\MeadCo Neptune

2011-05-26 00:48 . 2011-05-26 00:48 -------- d-----w- c:\documents and settings\rrissetto\Local Settings\Application Data\Temp

2011-05-26 00:45 . 2011-05-26 00:45 -------- d-----w- c:\program files\Common Files\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2010-01-08 02:00 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2010-01-08 02:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-16 12:24 . 2011-05-16 12:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-02 15:31 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2008-04-25 16:16 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2008-04-25 16:16 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-14 09:07 . 2010-06-06 17:29 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-14 06:40 . 2009-04-26 19:03 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-07 11:55 . 2011-04-03 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

.

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

.

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

.

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

.

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

.

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

.

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

.

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

.

[-] 2008-04-14 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

.

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

.

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

.

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

.

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

.

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

.

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

.

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

.

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

.

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

.

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

.

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

.

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

.

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

.

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

.

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

.

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

.

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

.

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

.

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

.

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

.

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

.

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

.

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

.

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

.

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

.

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

.

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

.

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

.

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

.

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

.

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

.

[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

.

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

.

[-] 2008-04-14 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-04-14 10:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys

[-] 2008-04-14 10:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

.

[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\AGP440.SYS

.

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

.

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

.

[-] 2008-04-14 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

.

[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

.

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

.

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

.

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

.

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

.

[-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

.

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

.

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

.

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll

.

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

.

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

.

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

.

((((((((((((((((((((((((((((( SnapShot_2011-06-18_01.37.51 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-20 23:46 . 2011-06-20 23:46 16384 c:\windows\Temp\Perflib_Perfdata_8a4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Octoshape Streaming Services"="c:\documents and settings\rrissetto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2010-07-05 1674032]

"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]

"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-06-13 528832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\rrissetto\Start Menu\Programs\Startup\

LaunchU3.exe.lnk - c:\documents and settings\rrissetto\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2010-1-25 22486]

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]

2005-09-08 20:14 24576 ----a-w- c:\windows\system32\Novell\xtnotify.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-02-26 21:08 166912 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-02-26 21:08 134656 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpmw32.exe"=

"c:\\Documents and Settings\\rrissetto\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"7523:TCP"= 7523:TCP:Services

"7524:TCP"= 7524:TCP:Services

"1708:TCP"= 1708:TCP:Services

.

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [6/18/2009 8:11 AM 700632]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/22/2009 3:06 PM 64160]

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]

R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [11/3/2010 5:40 PM 83624]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1036104]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/7/2010 10:00 PM 366640]

R2 USBDLM;USBDLM;c:\program files\USBDLM\USBDLM.exe [6/17/2009 2:22 PM 109568]

R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [9/8/2005 4:14 PM 61440]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/26/2009 5:46 PM 112512]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [4/26/2009 5:46 PM 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/26/2009 5:46 PM 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [4/26/2009 5:46 PM 109568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/7/2010 10:00 PM 22712]

R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 6:28 AM 42832]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:06]

.

2011-06-20 c:\windows\Tasks\PandaUSBVaccine.job

- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-08-13 16:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.weather.com/weather/local/12918?lswe=12918&lwsa=WeatherLocalUndeclared&from=searchbox_localwx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\rrissetto\Application Data\Mozilla\Firefox\Profiles\dgd9ehpc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.pressrepublican.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-20 21:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\NETWIN32.DLL

c:\windows\system32\cscui.dll

.

- - - - - - - > 'Explorer.exe'(2020)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-06-20 21:13:10

ComboFix-quarantined-files.txt 2011-06-21 01:12

ComboFix2.txt 2011-06-18 01:39

ComboFix3.txt 2011-06-08 01:52

ComboFix4.txt 2011-05-20 00:30

.

Pre-Run: 52,221,165,568 bytes free

Post-Run: 52,459,372,544 bytes free

.

- - End Of File - - 6BA2A0015CB17FCF10CDCE95459A91DB

Attach3.zip

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.