morpheusjr16 Posted October 24, 2011 ID:488507 Share Posted October 24, 2011 Hi,I hope you could help me. My PC has slowed down recently. I just run iObit's Process Manager and found 2 unknown files. They're smss.exe located at \SystemRoot\System32\ and csrss.exe located at \??\C:\WINDOWS\system32\. Am I infected? Also, when I search in Google, the captcha screen is always shown because of suspicious activity. I hope you could help me.I've run Malwarebytes and found no infections. The log is Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8008Windows 5.1.2600 Service Pack 2Internet Explorer 8.0.6001.1870210/24/2011 10:30:21 PMmbam-log-2011-10-24 (22-30-21).txtScan type: Quick scanObjects scanned: 194213Time elapsed: 12 minute(s), 35 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Here is the DDS.TXT.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26Run by Ritchelle at 22:36:06 on 2011-10-24Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2010.619 [GMT 8:00].AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exeC:\Program Files\IObit\Advanced SystemCare 4\ASCService.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\WINDOWS\system32\svchost.exe -k bthsvcsC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\vsnpstd3.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\WINDOWS\system32\wuauclt.exeC:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exeC:\Program Files\DNA\btdna.exeC:\Program Files\BitTorrent\bittorrent.exeC:\Program Files\Skype\Phone\Skype.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Java\jre6\bin\java.exeC:\Program Files\Microsoft Office\Office12\WINWORD.EXEC:\Program Files\IObit\Advanced SystemCare 4\ASC.exeC:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exeC:\Program Files\IObit\Advanced SystemCare 4\Toolbox.exeC:\Program Files\IObit\Advanced SystemCare 4\Sus11_ProcessManager.exeC:\WINDOWS\system32\NOTEPAD.EXE.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.comuSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.htmludefault_page_url = hxxp://www.microsoft.comuWindow Title = Microsoft Internet ExplorermWindow Title = Microsoft Internet ExploreruInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comuURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Avira SearchFree Toolbar plus WebGuardBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllTB: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quietuRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"uRun: [bitTorrent] "c:\program files\bittorrent\bittorrent.exe"uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimizeduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [snpstd3] c:\windows\vsnpstd3.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minmRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentmRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWdRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{08b785c1-3893-4154-b53b-f5d341d0aaaa}\Icon3E5562ED7.icoIE: &SearchIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllLSP: c:\program files\avira\antivir desktop\avsda.dllDPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://69.179.81.86/Remote/msrdp.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabTCP: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66TCP: Interfaces\{6326D031-D5EF-4645-A3D2-9216AE18C255} : DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: igfxcui - igfxdev.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe".================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\ritchelle\application data\mozilla\firefox\profiles\ql6y7frz.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.comFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=FF - prefs.js: network.proxy.ftp - proxy.smartbro.netFF - prefs.js: network.proxy.ftp_port - 8080FF - prefs.js: network.proxy.gopher - proxy.smartbro.netFF - prefs.js: network.proxy.gopher_port - 8080FF - prefs.js: network.proxy.http - proxy.smartbro.netFF - prefs.js: network.proxy.http_port - 8080FF - prefs.js: network.proxy.socks - proxy.smartbro.netFF - prefs.js: network.proxy.socks_port - 8080FF - prefs.js: network.proxy.ssl - proxy.smartbro.netFF - prefs.js: network.proxy.ssl_port - 8080FF - prefs.js: network.proxy.type - 0FF - component: c:\documents and settings\ritchelle\application data\mozilla\firefox\profiles\ql6y7frz.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dllFF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dllFF - plugin: c:\documents and settings\ritchelle\application data\kalydo\kalydoplayer\npkalydo.dllFF - plugin: c:\documents and settings\ritchelle\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dllFF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dllFF - plugin: c:\program files\divx\divx plus web player\npdivx32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dllFF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dllFF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}FF - Ext: Auto Copy: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} - %profile%\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}FF - Ext: Copy Plain Text: {723AAF16-AF1F-4404-A5D7-0BFE39766605} - %profile%\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}FF - Ext: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - %profile%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}FF - Ext: Avira SearchFree Toolbar plus WebGuard: toolbar@ask.com - %profile%\extensions\toolbar@ask.comFF - Ext: easyComment: plugins@bf-itservice.de - %profile%\extensions\plugins@bf-itservice.deFF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jungFF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jungFF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff.---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc, .============= SERVICES / DRIVERS ===============.R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-26 11608]R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-9-12 328536]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-26 136360]R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-26 269480]R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-6-29 428200]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-26 66616]R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-9-12 820568]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-30 366152]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-30 22216]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-10-20 239472].=============== Created Last 30 ================.2011-10-24 14:10:55 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan2011-10-24 14:10:52 -------- d-----w- c:\program files\Security Task Manager2011-10-21 16:35:21 -------- d-----w- c:\documents and settings\ritchelle\local settings\application data\CrashRpt2011-10-20 05:44:08 -------- d-----w- c:\documents and settings\all users\application data\PC Tools2011-10-17 15:00:54 -------- d-----w- c:\program files\Microsoft ActiveSync2011-10-17 14:15:26 -------- d-sh--w- c:\documents and settings\ritchelle\PrivacIE2011-10-16 21:45:52 -------- d-sh--w- c:\documents and settings\ritchelle\IETldCache2011-10-16 20:26:19 -------- d-----w- C:\43bcb4e61c834af1aec645422011-10-16 14:33:52 -------- d-----w- c:\windows\ie8updates2011-10-16 14:33:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2011-10-16 14:33:16 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2011-10-16 14:33:16 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll2011-10-16 14:33:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2011-10-16 14:33:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2011-10-16 14:33:16 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll2011-10-16 14:33:16 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll2011-10-16 14:31:55 -------- dc-h--w- c:\windows\ie82011-10-16 02:32:29 -------- d-----w- c:\windows\system32\CatRoot_bak2011-10-14 05:53:58 -------- d-----w- c:\program files\MSXML 6.02011-10-14 05:51:22 -------- d-----w- c:\windows\ServicePackFiles2011-10-14 00:06:44 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe2011-10-14 00:06:43 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe2011-10-14 00:06:43 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe2011-10-14 00:06:43 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe2011-10-13 18:53:57 -------- d-----w- c:\windows\system32\PreInstall2011-10-13 18:53:55 -------- d--h--w- c:\windows\$hf_mig$2011-10-13 07:34:32 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys2011-10-12 23:51:20 -------- d-----w- c:\windows\system32\SoftwareDistribution2011-10-12 01:09:43 -------- d-----w- c:\documents and settings\ritchelle\application data\f-secure2011-10-12 01:09:16 -------- d-----w- c:\documents and settings\all users\application data\F-Secure2011-10-02 11:10:20 -------- d-----w- c:\documents and settings\ritchelle\local settings\application data\Nero.==================== Find3M ====================.2011-09-06 21:47:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-08-31 09:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys.============= FINISH: 22:37:03.81 ===============Thanks,Joseph Link to post Share on other sites More sharing options...
Staff screen317 Posted October 28, 2011 Staff ID:489770 Share Posted October 28, 2011 Hi and welcome to Malwarebytes.Those are legitimate system files and I would not use IOBit products. Please read this:http://forums.malwarebytes.org/index.php?showtopic=33217I highly recommend uninstalling their software.Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
morpheusjr16 Posted October 29, 2011 Author ID:489897 Share Posted October 29, 2011 Hi Screen317,Thanks for the information about iObit. I have already uninstalled their programs.Here are the logs:MALWAREBYTESMalwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8039Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870210/29/2011 5:53:45 PMmbam-log-2011-10-29 (17-53-45).txtScan type: Quick scanObjects scanned: 195559Time elapsed: 10 minute(s), 27 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)DDS LOG.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29Run by Ritchelle at 17:54:28 on 2011-10-29Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2010.927 [GMT 8:00].AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exesvchost.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\vsnpstd3.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exeC:\Program Files\DNA\btdna.exeC:\Program Files\BitTorrent\bittorrent.exeC:\Program Files\Skype\Phone\Skype.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXEsvchost.exeC:\Program Files\Mozilla Firefox\firefox.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.comuSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.htmludefault_page_url = hxxp://www.microsoft.comuWindow Title = Microsoft Internet ExplorermWindow Title = Microsoft Internet ExploreruInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comuURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Avira SearchFree Toolbar plus WebGuardBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllTB: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quietuRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"uRun: [bitTorrent] "c:\program files\bittorrent\bittorrent.exe"uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimizeduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [snpstd3] c:\windows\vsnpstd3.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minmRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentmRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"dRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{08b785c1-3893-4154-b53b-f5d341d0aaaa}\Icon3E5562ED7.icoIE: &SearchIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllLSP: c:\program files\avira\antivir desktop\avsda.dllDPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://69.179.81.86/Remote/msrdp.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabTCP: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66TCP: Interfaces\{6326D031-D5EF-4645-A3D2-9216AE18C255} : DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: igfxcui - igfxdev.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe".================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\ritchelle\application data\mozilla\firefox\profiles\ql6y7frz.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.comFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=FF - prefs.js: network.proxy.ftp - proxy.smartbro.netFF - prefs.js: network.proxy.ftp_port - 8080FF - prefs.js: network.proxy.gopher - proxy.smartbro.netFF - prefs.js: network.proxy.gopher_port - 8080FF - prefs.js: network.proxy.http - proxy.smartbro.netFF - prefs.js: network.proxy.http_port - 8080FF - prefs.js: network.proxy.socks - proxy.smartbro.netFF - prefs.js: network.proxy.socks_port - 8080FF - prefs.js: network.proxy.ssl - proxy.smartbro.netFF - prefs.js: network.proxy.ssl_port - 8080FF - prefs.js: network.proxy.type - 0FF - component: c:\documents and settings\ritchelle\application data\mozilla\firefox\profiles\ql6y7frz.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dllFF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dllFF - plugin: c:\documents and settings\ritchelle\application data\kalydo\kalydoplayer\npkalydo.dllFF - plugin: c:\documents and settings\ritchelle\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dllFF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dllFF - plugin: c:\program files\divx\divx plus web player\npdivx32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dllFF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dllFF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}FF - Ext: Auto Copy: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} - %profile%\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}FF - Ext: Copy Plain Text: {723AAF16-AF1F-4404-A5D7-0BFE39766605} - %profile%\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}FF - Ext: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - %profile%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}FF - Ext: Avira SearchFree Toolbar plus WebGuard: toolbar@ask.com - %profile%\extensions\toolbar@ask.comFF - Ext: easyComment: plugins@bf-itservice.de - %profile%\extensions\plugins@bf-itservice.deFF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jungFF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jungFF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ffFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension.---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc, .============= SERVICES / DRIVERS ===============.R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-26 11608]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-26 136360]R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-26 269480]R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-6-29 428200]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-26 66616]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-30 366152]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-30 22216]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336].=============== Created Last 30 ================.2011-10-28 06:18:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll2011-10-28 05:59:25 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll2011-10-28 05:54:35 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys2011-10-28 05:46:33 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys2011-10-28 05:44:18 293376 -c----w- c:\windows\system32\dllcache\winsrv.dll2011-10-28 05:41:16 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll2011-10-28 05:40:17 105472 -c----w- c:\windows\system32\dllcache\mup.sys2011-10-28 05:36:37 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll2011-10-28 05:28:00 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe2011-10-28 05:27:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll2011-10-28 05:26:55 270848 -c----w- c:\windows\system32\dllcache\sbe.dll2011-10-28 05:26:55 186880 -c----w- c:\windows\system32\dllcache\encdec.dll2011-10-28 05:25:49 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll2011-10-28 05:21:29 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll2011-10-28 05:18:45 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll2011-10-28 05:18:44 143360 -c----w- c:\windows\system32\dllcache\msadco.dll2011-10-28 05:18:43 200704 -c----w- c:\windows\system32\dllcache\msadox.dll2011-10-28 05:18:43 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll2011-10-28 05:18:43 102400 -c----w- c:\windows\system32\dllcache\msjro.dll2011-10-28 05:18:42 536576 -c----w- c:\windows\system32\dllcache\msado15.dll2011-10-28 05:17:48 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys2011-10-28 05:16:52 81920 -c----w- c:\windows\system32\dllcache\isign32.dll2011-10-28 05:15:58 45568 -c----w- c:\windows\system32\dllcache\wab.exe2011-10-28 05:05:42 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2011-10-28 05:05:41 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll2011-10-28 05:03:59 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll2011-10-28 05:03:04 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll2011-10-28 05:02:05 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll2011-10-28 05:00:42 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe2011-10-28 04:59:53 406016 -c----w- c:\windows\system32\dllcache\usp10.dll2011-10-28 04:44:14 -------- d-----w- c:\windows\system32\winrm2011-10-28 04:44:13 -------- d-----w- c:\windows\system32\GroupPolicy2011-10-28 04:43:33 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$2011-10-28 04:21:35 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll2011-10-28 04:21:34 265728 -c----w- c:\windows\system32\dllcache\http.sys2011-10-28 04:21:34 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll2011-10-28 04:14:49 90112 -c----w- c:\windows\system32\dllcache\wshext.dll2011-10-28 04:14:49 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll2011-10-28 04:14:49 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll2011-10-28 04:14:48 155648 -c----w- c:\windows\system32\dllcache\wscript.exe2011-10-28 04:14:48 135168 -c----w- c:\windows\system32\dllcache\cscript.exe2011-10-26 09:02:17 -------- d-----w- c:\windows\system32\scripting2011-10-26 09:02:16 -------- d-----w- c:\windows\l2schemas2011-10-26 09:02:15 -------- d-----w- c:\windows\system32\en2011-10-26 09:02:15 -------- d-----w- c:\windows\system32\bits2011-10-26 08:50:52 -------- d-----w- c:\windows\network diagnostic2011-10-24 14:10:55 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan2011-10-24 14:10:52 -------- d-----w- c:\program files\Security Task Manager2011-10-21 16:35:21 -------- d-----w- c:\documents and settings\ritchelle\local settings\application data\CrashRpt2011-10-20 05:44:08 -------- d-----w- c:\documents and settings\all users\application data\PC Tools2011-10-17 15:00:54 -------- d-----w- c:\program files\Microsoft ActiveSync2011-10-17 14:15:26 -------- d-sh--w- c:\documents and settings\ritchelle\PrivacIE2011-10-16 21:45:52 -------- d-sh--w- c:\documents and settings\ritchelle\IETldCache2011-10-16 20:26:19 -------- d-----w- C:\43bcb4e61c834af1aec645422011-10-16 14:33:52 -------- d-----w- c:\windows\ie8updates2011-10-16 14:33:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2011-10-16 14:33:16 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2011-10-16 14:33:16 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll2011-10-16 14:33:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2011-10-16 14:33:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2011-10-16 14:33:16 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll2011-10-16 14:33:16 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll2011-10-16 14:31:55 -------- dc-h--w- c:\windows\ie82011-10-16 03:08:09 73216 ------w- c:\windows\system32\drivers\atintuxx.sys2011-10-14 05:53:58 -------- d-----w- c:\program files\MSXML 6.02011-10-14 05:51:22 -------- d-----w- c:\windows\ServicePackFiles2011-10-14 00:30:39 357888 -c----w- c:\windows\system32\dllcache\srv.sys2011-10-14 00:16:04 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll2011-10-14 00:16:04 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll2011-10-14 00:11:32 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys2011-10-14 00:08:09 253952 -c----w- c:\windows\system32\dllcache\es.dll2011-10-14 00:08:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys2011-10-14 00:07:03 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2011-10-14 00:02:48 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll2011-10-14 00:01:17 5120 ----a-w- c:\windows\system32\xpsp4res.dll2011-10-14 00:01:16 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe2011-10-13 18:53:57 -------- d-----w- c:\windows\system32\PreInstall2011-10-13 18:53:55 -------- d--h--w- c:\windows\$hf_mig$2011-10-13 07:35:07 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll2011-10-13 07:34:32 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys2011-10-12 23:51:20 -------- d-----w- c:\windows\system32\SoftwareDistribution2011-10-12 01:09:43 -------- d-----w- c:\documents and settings\ritchelle\application data\f-secure2011-10-12 01:09:16 -------- d-----w- c:\documents and settings\all users\application data\F-Secure2011-10-02 11:10:20 -------- d-----w- c:\documents and settings\ritchelle\local settings\application data\Nero.==================== Find3M ====================.2011-10-26 08:22:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-10-02 21:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-10-02 18:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-09-26 03:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 03:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 03:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys2011-08-31 09:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys.============= FINISH: 17:55:38.46 ===============COMBOFIX LOG Link to post Share on other sites More sharing options...
morpheusjr16 Posted October 29, 2011 Author ID:489898 Share Posted October 29, 2011 Here's the Combofix log.ComboFix 11-10-29.03 - Ritchelle 10/29/2011 18:02:46.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2010.971 [GMT 8:00]Running from: c:\documents and settings\Ritchelle\Desktop\ComboFix.exeAV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\datac:\data\nasty_gf.exec:\documents and settings\All Users\Application Data\Tarma Installerc:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dllc:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20110901104754.logc:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tizc:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tizc:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tizc:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tizc:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tizc:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tizc:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tizc:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tizc:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tizc:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.datc:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exec:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.icoc:\windows\help\tours\htmltour\unlock_playing.htm..((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-29 )))))))))))))))))))))))))))))))..2011-10-28 06:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll2011-10-28 05:59 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll2011-10-28 05:54 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys2011-10-28 05:46 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys2011-10-28 05:44 . 2011-06-20 17:44 293376 -c----w- c:\windows\system32\dllcache\winsrv.dll2011-10-28 05:41 . 2010-12-20 17:32 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll2011-10-28 05:40 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys2011-10-28 05:36 . 2009-04-20 17:17 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll2011-10-28 05:28 . 2011-01-27 11:57 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe2011-10-28 05:27 . 2011-02-02 07:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll2011-10-28 05:26 . 2011-02-09 13:53 270848 -c----w- c:\windows\system32\dllcache\sbe.dll2011-10-28 05:26 . 2011-02-09 13:53 186880 -c----w- c:\windows\system32\dllcache\encdec.dll2011-10-28 05:25 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll2011-10-28 05:21 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll2011-10-28 05:18 . 2010-11-09 14:52 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll2011-10-28 05:18 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll2011-10-28 05:18 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll2011-10-28 05:18 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll2011-10-28 05:18 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll2011-10-28 05:18 . 2010-11-09 14:52 536576 -c----w- c:\windows\system32\dllcache\msado15.dll2011-10-28 05:17 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys2011-10-28 05:16 . 2010-11-18 18:12 81920 -c----w- c:\windows\system32\dllcache\isign32.dll2011-10-28 05:15 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe2011-10-28 05:05 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2011-10-28 05:05 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll2011-10-28 05:03 . 2010-08-27 05:57 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll2011-10-28 05:03 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll2011-10-28 05:02 . 2010-07-16 12:05 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll2011-10-28 05:00 . 2010-08-17 13:17 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe2011-10-28 04:59 . 2010-04-16 15:36 406016 -c----w- c:\windows\system32\dllcache\usp10.dll2011-10-28 04:44 . 2011-10-28 04:44 -------- d-----w- c:\windows\system32\winrm2011-10-28 04:44 . 2011-10-28 04:44 -------- d-----w- c:\windows\system32\GroupPolicy2011-10-28 04:43 . 2011-10-28 04:44 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$2011-10-28 04:21 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll2011-10-26 09:02 . 2011-10-26 09:02 -------- d-----w- c:\windows\system32\scripting2011-10-26 09:02 . 2011-10-26 09:02 -------- d-----w- c:\windows\l2schemas2011-10-26 09:02 . 2011-10-26 09:02 -------- d-----w- c:\windows\system32\en2011-10-26 09:02 . 2011-10-26 09:02 -------- d-----w- c:\windows\system32\bits2011-10-24 14:10 . 2011-10-24 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan2011-10-24 14:10 . 2011-10-24 14:15 -------- d-----w- c:\program files\Security Task Manager2011-10-21 16:35 . 2011-10-21 16:35 -------- d-----w- c:\documents and settings\Ritchelle\Local Settings\Application Data\CrashRpt2011-10-20 05:44 . 2011-10-20 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools2011-10-17 15:00 . 2011-10-17 15:00 -------- d-----w- c:\program files\Microsoft ActiveSync2011-10-17 14:15 . 2011-10-17 14:15 -------- d-sh--w- c:\documents and settings\Ritchelle\PrivacIE2011-10-16 21:45 . 2011-10-16 21:45 -------- d-sh--w- c:\documents and settings\Ritchelle\IETldCache2011-10-16 20:26 . 2011-10-16 20:26 -------- d-----w- C:\43bcb4e61c834af1aec645422011-10-16 14:33 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2011-10-16 14:33 . 2011-08-23 09:48 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll2011-10-16 14:33 . 2011-08-22 23:48 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll2011-10-16 14:33 . 2011-08-22 23:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2011-10-16 14:33 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2011-10-16 14:33 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2011-10-16 14:33 . 2011-08-22 23:48 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll2011-10-16 14:31 . 2011-10-16 14:33 -------- dc-h--w- c:\windows\ie82011-10-16 03:08 . 2004-08-03 14:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys2011-10-14 05:53 . 2011-10-14 05:53 -------- d-----w- c:\program files\MSXML 6.02011-10-14 05:51 . 2011-10-26 08:56 -------- d-----w- c:\windows\ServicePackFiles2011-10-14 00:30 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys2011-10-14 00:16 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll2011-10-14 00:16 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll2011-10-14 00:11 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys2011-10-14 00:08 . 2008-07-07 20:26 253952 -c----w- c:\windows\system32\dllcache\es.dll2011-10-14 00:08 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys2011-10-14 00:07 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2011-10-14 00:02 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll2011-10-14 00:01 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll2011-10-14 00:01 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe2011-10-13 18:53 . 2011-10-28 06:18 -------- d--h--w- c:\windows\$hf_mig$2011-10-13 07:35 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll2011-10-13 07:34 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys2011-10-13 07:21 . 2011-10-13 07:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google2011-10-13 07:20 . 2011-10-13 07:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla2011-10-12 01:09 . 2011-10-12 01:09 -------- d-----w- c:\documents and settings\Ritchelle\Application Data\f-secure2011-10-12 01:09 . 2011-10-12 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure2011-10-02 11:10 . 2011-10-02 11:10 -------- d-----w- c:\documents and settings\Ritchelle\Local Settings\Application Data\Nero...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-10-26 08:22 . 2011-06-09 00:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-10-02 21:06 . 2010-05-27 09:47 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-10-02 18:37 . 2009-04-26 02:05 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-09-26 03:41 . 2008-07-29 11:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 03:41 . 2001-08-23 15:00 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 03:41 . 2001-08-23 15:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-09 09:12 . 2004-08-03 22:56 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-06 13:20 . 2004-08-03 21:17 1858944 ----a-w- c:\windows\system32\win32k.sys2011-08-31 09:00 . 2009-11-30 10:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-22 23:48 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll2011-08-22 23:48 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-08-22 23:48 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-08-22 11:56 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec2011-08-17 13:49 . 2004-08-03 21:14 138496 ----a-w- c:\windows\system32\drivers\afd.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-06 323392]"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2011-09-11 4992880]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760].c:\documents and settings\Others\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784].c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2010-10-1 6144].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe""tsnpstd3"=c:\windows\tsnpstd3.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center]"SerialNumber"="A109A-K13-3ZXD-BAP5-TE".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\DNA\\btdna.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\BitTorrent\\bittorrent.exe"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="c:\\Program Files\\AIM\\aim.exe"="c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"="c:\\Program Files\\Ventrilo\\Ventrilo.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management .R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/26/2010 6:23 AM 136360]R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [6/29/2011 8:41 AM 428200]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/30/2009 6:34 PM 366152]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/30/2009 6:34 PM 22216]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 9:03 AM 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 9:03 AM 136176]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:56 AM 14336].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcWINRM REG_MULTI_SZ WINRM.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2009-08-20 05:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2011-10-28 c:\windows\Tasks\At1.job- c:\program files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16 13:12].2011-10-28 c:\windows\Tasks\At2.job- c:\program files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16 13:12].2011-10-28 c:\windows\Tasks\At3.job- c:\program files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16 13:12].2011-10-28 c:\windows\Tasks\At4.job- c:\program files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16 13:12].2011-10-18 c:\windows\Tasks\expressShakeIcon.job- c:\program files\NCH Software\Express\express.exe [2011-07-06 00:30].2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 01:03].2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 01:03].2011-10-18 c:\windows\Tasks\scribeShakeIcon.job- c:\program files\NCH Software\Scribe\scribe.exe [2011-07-06 00:29]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.commWindow Title = Microsoft Internet ExploreruInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000LSP: c:\program files\Avira\AntiVir Desktop\avsda.dllTCP: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66FF - ProfilePath - c:\documents and settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.comFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=FF - prefs.js: network.proxy.ftp - proxy.smartbro.netFF - prefs.js: network.proxy.ftp_port - 8080FF - prefs.js: network.proxy.gopher - proxy.smartbro.netFF - prefs.js: network.proxy.gopher_port - 8080FF - prefs.js: network.proxy.http - proxy.smartbro.netFF - prefs.js: network.proxy.http_port - 8080FF - prefs.js: network.proxy.socks - proxy.smartbro.netFF - prefs.js: network.proxy.socks_port - 8080FF - prefs.js: network.proxy.ssl - proxy.smartbro.netFF - prefs.js: network.proxy.ssl_port - 8080FF - prefs.js: network.proxy.type - 0FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}FF - Ext: Auto Copy: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} - %profile%\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}FF - Ext: Copy Plain Text: {723AAF16-AF1F-4404-A5D7-0BFE39766605} - %profile%\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}FF - Ext: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - %profile%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}FF - Ext: Avira SearchFree Toolbar plus WebGuard: toolbar@ask.com - %profile%\extensions\toolbar@ask.comFF - Ext: easyComment: plugins@bf-itservice.de - %profile%\extensions\plugins@bf-itservice.deFF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jungFF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jungFF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ffFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc, .- - - - ORPHANS REMOVED - - - -.BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)AddRemove-{108A39BF-4ED1-4293-B11A-06BD521FB8F7} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{108A3~1\Setup.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-10-29 18:08Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-57989841-1960408961-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).[HKEY_LOCAL_MACHINE\software\zbshareware]@DACL=(02 0000)"times"="8""lastcheck"="1""Name"="ledworld""Code"="BHJDH17937""autorun"="1"DUMPHIVE0.003 (REGF).--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'lsass.exe'(288)c:\program files\Avira\AntiVir Desktop\avsda.dll.Completion time: 2011-10-29 18:11:12ComboFix-quarantined-files.txt 2011-10-29 10:10.Pre-Run: 15,024,979,968 bytes freePost-Run: 17,027,772,416 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect.- - End Of File - - A41B8D7122F2C64B4CC2BCCF6BC50A7CThanks,Joseph Link to post Share on other sites More sharing options...
Staff screen317 Posted November 2, 2011 Staff ID:491160 Share Posted November 2, 2011 Hi,Please see:Forum Piracy PolicyWe will not assist users that are obviously using illegal software.If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.It's likely why your issue began in the first place. Link to post Share on other sites More sharing options...
morpheusjr16 Posted November 2, 2011 Author ID:491250 Share Posted November 2, 2011 Hi Chris,I've already disabled my BitTorrent software which I usually use to be able to watch tv series from the US.I've attached the new logs.MALWAREBYTESMalwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8065Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870211/2/2011 10:19:26 PMmbam-log-2011-11-02 (22-19-26).txtScan type: Quick scanObjects scanned: 191560Time elapsed: 8 minute(s), 11 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)DDS.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29Run by Ritchelle at 22:21:21 on 2011-11-02Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2010.1098 [GMT 8:00].AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}.============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exesvchost.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\vsnpstd3.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXEC:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exeC:\Program Files\DNA\btdna.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\WINDOWS\system32\NOTEPAD.EXE.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.commWindow Title = Microsoft Internet ExploreruInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dlluRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quietuRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimizedmRun: [RTHDCPL] RTHDCPL.EXEmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [snpstd3] c:\windows\vsnpstd3.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minmRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentmRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"dRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{08b785c1-3893-4154-b53b-f5d341d0aaaa}\Icon3E5562ED7.icoIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllLSP: c:\program files\avira\antivir desktop\avsda.dllDPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://69.179.81.86/Remote/msrdp.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabTCP: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66TCP: Interfaces\{6326D031-D5EF-4645-A3D2-9216AE18C255} : DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllNotify: igfxcui - igfxdev.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe".================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\ritchelle\application data\mozilla\firefox\profiles\ql6y7frz.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.comFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=FF - prefs.js: network.proxy.ftp - proxy.smartbro.netFF - prefs.js: network.proxy.ftp_port - 8080FF - prefs.js: network.proxy.gopher - proxy.smartbro.netFF - prefs.js: network.proxy.gopher_port - 8080FF - prefs.js: network.proxy.http - proxy.smartbro.netFF - prefs.js: network.proxy.http_port - 8080FF - prefs.js: network.proxy.socks - proxy.smartbro.netFF - prefs.js: network.proxy.socks_port - 8080FF - prefs.js: network.proxy.ssl - proxy.smartbro.netFF - prefs.js: network.proxy.ssl_port - 8080FF - prefs.js: network.proxy.type - 0FF - component: c:\documents and settings\ritchelle\application data\mozilla\firefox\profiles\ql6y7frz.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dllFF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dllFF - plugin: c:\documents and settings\ritchelle\application data\kalydo\kalydoplayer\npkalydo.dllFF - plugin: c:\documents and settings\ritchelle\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dllFF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dllFF - plugin: c:\program files\divx\divx plus web player\npdivx32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dllFF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dllFF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}FF - Ext: Auto Copy: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} - %profile%\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}FF - Ext: Copy Plain Text: {723AAF16-AF1F-4404-A5D7-0BFE39766605} - %profile%\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}FF - Ext: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - %profile%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}FF - Ext: Avira SearchFree Toolbar plus WebGuard: toolbar@ask.com - %profile%\extensions\toolbar@ask.comFF - Ext: easyComment: plugins@bf-itservice.de - %profile%\extensions\plugins@bf-itservice.deFF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jungFF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jungFF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ffFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension.---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc, .============= SERVICES / DRIVERS ===============.R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-26 11608]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-26 136360]R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-26 269480]R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-6-29 428200]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-26 66616]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-30 366152]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-30 22216]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336].=============== Created Last 30 ================.2011-10-29 10:00:56 -------- d-sha-r- C:\cmdcons2011-10-29 09:57:27 98816 ----a-w- c:\windows\sed.exe2011-10-29 09:57:27 518144 ----a-w- c:\windows\SWREG.exe2011-10-29 09:57:27 256000 ----a-w- c:\windows\PEV.exe2011-10-29 09:57:27 208896 ----a-w- c:\windows\MBR.exe2011-10-28 06:18:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll2011-10-28 05:59:25 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll2011-10-28 05:54:35 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys2011-10-28 05:46:33 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys2011-10-28 05:44:18 293376 -c----w- c:\windows\system32\dllcache\winsrv.dll2011-10-28 05:41:16 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll2011-10-28 05:40:17 105472 -c----w- c:\windows\system32\dllcache\mup.sys2011-10-28 05:36:37 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll2011-10-28 05:28:00 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe2011-10-28 05:27:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll2011-10-28 05:26:55 270848 -c----w- c:\windows\system32\dllcache\sbe.dll2011-10-28 05:26:55 186880 -c----w- c:\windows\system32\dllcache\encdec.dll2011-10-28 05:25:49 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll2011-10-28 05:21:29 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll2011-10-28 05:18:45 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll2011-10-28 05:18:44 143360 -c----w- c:\windows\system32\dllcache\msadco.dll2011-10-28 05:18:43 200704 -c----w- c:\windows\system32\dllcache\msadox.dll2011-10-28 05:18:43 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll2011-10-28 05:18:43 102400 -c----w- c:\windows\system32\dllcache\msjro.dll2011-10-28 05:18:42 536576 -c----w- c:\windows\system32\dllcache\msado15.dll2011-10-28 05:17:48 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys2011-10-28 05:16:52 81920 -c----w- c:\windows\system32\dllcache\isign32.dll2011-10-28 05:15:58 45568 -c----w- c:\windows\system32\dllcache\wab.exe2011-10-28 05:05:42 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2011-10-28 05:05:41 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll2011-10-28 05:03:59 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll2011-10-28 05:03:04 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll2011-10-28 05:02:05 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll2011-10-28 05:00:42 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe2011-10-28 04:59:53 406016 -c----w- c:\windows\system32\dllcache\usp10.dll2011-10-28 04:44:14 -------- d-----w- c:\windows\system32\winrm2011-10-28 04:44:13 -------- d-----w- c:\windows\system32\GroupPolicy2011-10-28 04:43:33 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$2011-10-28 04:21:35 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll2011-10-28 04:21:34 265728 -c----w- c:\windows\system32\dllcache\http.sys2011-10-28 04:21:34 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll2011-10-28 04:14:49 90112 -c----w- c:\windows\system32\dllcache\wshext.dll2011-10-28 04:14:49 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll2011-10-28 04:14:49 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll2011-10-28 04:14:48 155648 -c----w- c:\windows\system32\dllcache\wscript.exe2011-10-28 04:14:48 135168 -c----w- c:\windows\system32\dllcache\cscript.exe2011-10-26 09:02:17 -------- d-----w- c:\windows\system32\scripting2011-10-26 09:02:16 -------- d-----w- c:\windows\l2schemas2011-10-26 09:02:15 -------- d-----w- c:\windows\system32\en2011-10-26 09:02:15 -------- d-----w- c:\windows\system32\bits2011-10-26 08:50:52 -------- d-----w- c:\windows\network diagnostic2011-10-24 14:10:55 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan2011-10-24 14:10:52 -------- d-----w- c:\program files\Security Task Manager2011-10-21 16:35:21 -------- d-----w- c:\documents and settings\ritchelle\local settings\application data\CrashRpt2011-10-20 05:44:08 -------- d-----w- c:\documents and settings\all users\application data\PC Tools2011-10-17 15:00:54 -------- d-----w- c:\program files\Microsoft ActiveSync2011-10-17 14:15:26 -------- d-sh--w- c:\documents and settings\ritchelle\PrivacIE2011-10-16 21:45:52 -------- d-sh--w- c:\documents and settings\ritchelle\IETldCache2011-10-16 20:26:19 -------- d-----w- C:\43bcb4e61c834af1aec645422011-10-16 14:33:52 -------- d-----w- c:\windows\ie8updates2011-10-16 14:33:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2011-10-16 14:33:16 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2011-10-16 14:33:16 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll2011-10-16 14:33:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2011-10-16 14:33:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2011-10-16 14:33:16 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll2011-10-16 14:33:16 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll2011-10-16 14:31:55 -------- dc-h--w- c:\windows\ie82011-10-16 03:08:09 73216 ------w- c:\windows\system32\drivers\atintuxx.sys2011-10-14 05:53:58 -------- d-----w- c:\program files\MSXML 6.02011-10-14 05:51:22 -------- d-----w- c:\windows\ServicePackFiles2011-10-14 00:30:39 357888 -c----w- c:\windows\system32\dllcache\srv.sys2011-10-14 00:16:04 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll2011-10-14 00:16:04 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll2011-10-14 00:11:32 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys2011-10-14 00:08:09 253952 -c----w- c:\windows\system32\dllcache\es.dll2011-10-14 00:08:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys2011-10-14 00:07:03 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2011-10-14 00:02:48 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll2011-10-14 00:01:17 5120 ----a-w- c:\windows\system32\xpsp4res.dll2011-10-14 00:01:16 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe2011-10-13 18:53:57 -------- d-----w- c:\windows\system32\PreInstall2011-10-13 18:53:55 -------- d--h--w- c:\windows\$hf_mig$2011-10-13 07:35:07 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll2011-10-13 07:34:32 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys2011-10-12 23:51:20 -------- d-----w- c:\windows\system32\SoftwareDistribution2011-10-12 01:09:43 -------- d-----w- c:\documents and settings\ritchelle\application data\f-secure2011-10-12 01:09:16 -------- d-----w- c:\documents and settings\all users\application data\F-Secure2011-10-10 03:09:40 4550304 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll.==================== Find3M ====================.2011-10-26 08:22:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-10-02 21:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-10-02 18:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-09-26 03:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 03:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 03:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys2011-08-31 09:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys.============= FINISH: 22:22:27.76 ===============COMBOFIXComboFix 11-11-02.01 - Ritchelle 11/02/2011 22:35:03.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2010.1268 [GMT 8:00]Running from: c:\documents and settings\Ritchelle\Desktop\ComboFix.exeAV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))..2011-10-28 06:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll2011-10-28 05:59 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll2011-10-28 05:54 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys2011-10-28 05:46 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys2011-10-28 05:44 . 2011-06-20 17:44 293376 -c----w- c:\windows\system32\dllcache\winsrv.dll2011-10-28 05:41 . 2010-12-20 17:32 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll2011-10-28 05:40 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys2011-10-28 05:36 . 2009-04-20 17:17 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll2011-10-28 05:28 . 2011-01-27 11:57 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe2011-10-28 05:27 . 2011-02-02 07:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll2011-10-28 05:26 . 2011-02-09 13:53 270848 -c----w- c:\windows\system32\dllcache\sbe.dll2011-10-28 05:26 . 2011-02-09 13:53 186880 -c----w- c:\windows\system32\dllcache\encdec.dll2011-10-28 05:25 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll2011-10-28 05:21 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll2011-10-28 05:18 . 2010-11-09 14:52 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll2011-10-28 05:18 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll2011-10-28 05:18 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll2011-10-28 05:18 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll2011-10-28 05:18 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll2011-10-28 05:18 . 2010-11-09 14:52 536576 -c----w- c:\windows\system32\dllcache\msado15.dll2011-10-28 05:17 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys2011-10-28 05:16 . 2010-11-18 18:12 81920 -c----w- c:\windows\system32\dllcache\isign32.dll2011-10-28 05:15 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe2011-10-28 05:05 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2011-10-28 05:05 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll2011-10-28 05:03 . 2010-08-27 05:57 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll2011-10-28 05:03 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll2011-10-28 05:02 . 2010-07-16 12:05 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll2011-10-28 05:00 . 2010-08-17 13:17 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe2011-10-28 04:59 . 2010-04-16 15:36 406016 -c----w- c:\windows\system32\dllcache\usp10.dll2011-10-28 04:44 . 2011-10-28 04:44 -------- d-----w- c:\windows\system32\winrm2011-10-28 04:44 . 2011-10-28 04:44 -------- d-----w- c:\windows\system32\GroupPolicy2011-10-28 04:43 . 2011-10-28 04:44 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$2011-10-28 04:21 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll2011-10-26 09:02 . 2011-10-26 09:02 -------- d-----w- c:\windows\system32\scripting2011-10-26 09:02 . 2011-10-26 09:02 -------- d-----w- c:\windows\l2schemas2011-10-26 09:02 . 2011-10-26 09:02 -------- d-----w- c:\windows\system32\en2011-10-26 09:02 . 2011-10-26 09:02 -------- d-----w- c:\windows\system32\bits2011-10-24 14:10 . 2011-10-24 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan2011-10-24 14:10 . 2011-10-24 14:15 -------- d-----w- c:\program files\Security Task Manager2011-10-21 16:35 . 2011-10-21 16:35 -------- d-----w- c:\documents and settings\Ritchelle\Local Settings\Application Data\CrashRpt2011-10-20 05:44 . 2011-10-20 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools2011-10-17 15:00 . 2011-10-17 15:00 -------- d-----w- c:\program files\Microsoft ActiveSync2011-10-17 14:15 . 2011-10-17 14:15 -------- d-sh--w- c:\documents and settings\Ritchelle\PrivacIE2011-10-16 21:45 . 2011-10-16 21:45 -------- d-sh--w- c:\documents and settings\Ritchelle\IETldCache2011-10-16 20:26 . 2011-10-16 20:26 -------- d-----w- C:\43bcb4e61c834af1aec645422011-10-16 14:33 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2011-10-16 14:33 . 2011-08-23 09:48 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll2011-10-16 14:33 . 2011-08-22 23:48 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll2011-10-16 14:33 . 2011-08-22 23:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll2011-10-16 14:33 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2011-10-16 14:33 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2011-10-16 14:33 . 2011-08-22 23:48 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll2011-10-16 14:31 . 2011-10-16 14:33 -------- dc-h--w- c:\windows\ie82011-10-16 03:08 . 2004-08-03 14:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys2011-10-14 05:53 . 2011-10-14 05:53 -------- d-----w- c:\program files\MSXML 6.02011-10-14 05:51 . 2011-10-26 08:56 -------- d-----w- c:\windows\ServicePackFiles2011-10-14 00:30 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys2011-10-14 00:16 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll2011-10-14 00:16 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll2011-10-14 00:11 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys2011-10-14 00:08 . 2008-07-07 20:26 253952 -c----w- c:\windows\system32\dllcache\es.dll2011-10-14 00:08 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys2011-10-14 00:07 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2011-10-14 00:02 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll2011-10-14 00:01 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll2011-10-14 00:01 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe2011-10-13 18:53 . 2011-10-28 06:18 -------- d--h--w- c:\windows\$hf_mig$2011-10-13 07:35 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll2011-10-13 07:34 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys2011-10-13 07:21 . 2011-10-13 07:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google2011-10-13 07:20 . 2011-10-13 07:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla2011-10-12 01:09 . 2011-10-12 01:09 -------- d-----w- c:\documents and settings\Ritchelle\Application Data\f-secure2011-10-12 01:09 . 2011-10-12 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure2011-10-10 03:09 . 2011-10-10 03:09 4550304 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-10-26 08:22 . 2011-06-09 00:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-10-02 21:06 . 2010-05-27 09:47 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-10-02 18:37 . 2009-04-26 02:05 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-09-26 03:41 . 2008-07-29 11:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 03:41 . 2001-08-23 15:00 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 03:41 . 2001-08-23 15:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-09 09:12 . 2004-08-03 22:56 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-06 13:20 . 2004-08-03 21:17 1858944 ----a-w- c:\windows\system32\win32k.sys2011-08-31 09:00 . 2009-11-30 10:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-22 23:48 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll2011-08-22 23:48 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-08-22 23:48 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-08-22 11:56 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec2011-08-17 13:49 . 2004-08-03 21:14 138496 ----a-w- c:\windows\system32\drivers\afd.sys..((((((((((((((((((((((((((((( SnapShot@2011-10-29_10.08.23 ))))))))))))))))))))))))))))))))))))))))).+ 2011-11-02 14:04 . 2011-11-02 14:04 16384 c:\windows\Temp\Perflib_Perfdata_734.dat+ 2011-11-01 11:52 . 2011-11-01 11:52 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe+ 2011-11-01 11:52 . 2011-11-01 11:52 1252864 c:\windows\Installer\53065.msi+ 2011-11-01 11:52 . 2011-11-01 11:52 1527808 c:\windows\Installer\53054.msi.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-06 323392]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760].c:\documents and settings\Others\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784].c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2010-10-1 6144].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe""tsnpstd3"=c:\windows\tsnpstd3.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center]"SerialNumber"="A109A-K13-3ZXD-BAP5-TE".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\DNA\\btdna.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\BitTorrent\\bittorrent.exe"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="c:\\Program Files\\AIM\\aim.exe"="c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"="c:\\Program Files\\Ventrilo\\Ventrilo.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management .R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/26/2010 6:23 AM 136360]R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [6/29/2011 8:41 AM 428200]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/30/2009 6:34 PM 366152]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/30/2009 6:34 PM 22216]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 9:03 AM 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 9:03 AM 136176]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:56 AM 14336].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcWINRM REG_MULTI_SZ WINRM.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2009-08-20 05:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2011-11-02 c:\windows\Tasks\At1.job- c:\program files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16 13:12].2011-11-02 c:\windows\Tasks\At2.job- c:\program files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16 13:12].2011-11-02 c:\windows\Tasks\At3.job- c:\program files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16 13:12].2011-11-02 c:\windows\Tasks\At4.job- c:\program files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2010-11-16 13:12].2011-10-30 c:\windows\Tasks\expressShakeIcon.job- c:\program files\NCH Software\Express\express.exe [2011-07-06 00:30].2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 01:03].2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 01:03].2011-10-30 c:\windows\Tasks\scribeShakeIcon.job- c:\program files\NCH Software\Scribe\scribe.exe [2011-07-06 00:29]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.commWindow Title = Microsoft Internet ExploreruInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000LSP: c:\program files\Avira\AntiVir Desktop\avsda.dllTCP: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66FF - ProfilePath - c:\documents and settings\Ritchelle\Application Data\Mozilla\Firefox\Profiles\ql6y7frz.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.comFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=FF - prefs.js: network.proxy.ftp - proxy.smartbro.netFF - prefs.js: network.proxy.ftp_port - 8080FF - prefs.js: network.proxy.gopher - proxy.smartbro.netFF - prefs.js: network.proxy.gopher_port - 8080FF - prefs.js: network.proxy.http - proxy.smartbro.netFF - prefs.js: network.proxy.http_port - 8080FF - prefs.js: network.proxy.socks - proxy.smartbro.netFF - prefs.js: network.proxy.socks_port - 8080FF - prefs.js: network.proxy.ssl - proxy.smartbro.netFF - prefs.js: network.proxy.ssl_port - 8080FF - prefs.js: network.proxy.type - 0FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}FF - Ext: Auto Copy: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} - %profile%\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}FF - Ext: Copy Plain Text: {723AAF16-AF1F-4404-A5D7-0BFE39766605} - %profile%\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}FF - Ext: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - %profile%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}FF - Ext: Avira SearchFree Toolbar plus WebGuard: toolbar@ask.com - %profile%\extensions\toolbar@ask.comFF - Ext: easyComment: plugins@bf-itservice.de - %profile%\extensions\plugins@bf-itservice.deFF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jungFF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jungFF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ffFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc, ..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-11-02 22:42Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-57989841-1960408961-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).[HKEY_LOCAL_MACHINE\software\zbshareware]@DACL=(02 0000)"times"="8""lastcheck"="1""Name"="ledworld""Code"="BHJDH17937""autorun"="1"DUMPHIVE0.003 (REGF).--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'lsass.exe'(496)c:\program files\Avira\AntiVir Desktop\avsda.dll.- - - - - - - > 'explorer.exe'(3972)c:\windows\system32\WININET.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\msvdm.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dll.Completion time: 2011-11-02 22:45:41ComboFix-quarantined-files.txt 2011-11-02 14:45ComboFix2.txt 2011-10-29 10:11.Pre-Run: 18,517,446,656 bytes freePost-Run: 18,521,464,832 bytes free.- - End Of File - - 3CAC3F10156C4E7D839872D45C1C7454 Link to post Share on other sites More sharing options...
Staff screen317 Posted November 7, 2011 Staff ID:492331 Share Posted November 7, 2011 We are not asking you to disable. We are asking you to uninstall it. If you intend to use it after you get help here then you are wasting our time. Link to post Share on other sites More sharing options...
morpheusjr16 Posted November 7, 2011 Author ID:492361 Share Posted November 7, 2011 Hi Chris,Got it. Just one last request. Could you teach me how to uninstall combofix?Thanks,Joseph Link to post Share on other sites More sharing options...
Staff screen317 Posted November 12, 2011 Staff ID:493857 Share Posted November 12, 2011 Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components. Link to post Share on other sites More sharing options...
Staff screen317 Posted November 21, 2011 Staff ID:496670 Share Posted November 21, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 6, 2011 Staff ID:501869 Share Posted December 6, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts