Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92138 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack log for help please [Solved]


  • This topic is locked This topic is locked
29 replies to this topic

#1 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 06 January 2012 - 08:28 AM

Hi. I asked for help in another area and was told to do a log which is below. I get a 404 not found nginx error when trying to google and on some other sites . Also I would like help infixing my IE as it will not allow me into my orange emails or let me see the dropdown menus in ebay. I also get redirected sometimes when I search or click a link. Thanks for any help you can offer. Sue.



404 Not Found

--------------------------------------------------------------------------------

nginx

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:18:24, on 06/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\home\My Documents\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows...dir.asp?Ext=DAT
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [ADAiO2StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebse...mp;n=2010090105
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.Sony-europe.com
O15 - Trusted Zone: *.Sonystyle-europe.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - https://us.dl1.yimg....nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1277842996358
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1277845074437
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-31-0.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Advent AIO Network Discovery Service - DSGi - C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 8702 bytes

Edited by sooty4, 06 January 2012 - 08:54 AM.

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 07 January 2012 - 02:30 PM

Hi,

Please do the following:

  • Open HiJackThis
  • Click on Do a system scan only
  • Check the boxes next to ONLY the entries listed below (if still present):


R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O8 - Extra context menu item: &Search - http://edits.mywebse...mp;n=2010090105
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe

  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.


NEXT


Re-run HijackThis >> click on Config >> Misc Tools, and then press the .Delete an NT service button.
When it opens enter the service name MyWebSearchService and press OK

NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well


NEXT


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 09 January 2012 - 08:22 AM

Thanks. The first two logs are below. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Run by home at 14:15:34 on 2012-01-09 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1536.1054 [GMT 0:00] . AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB} AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k LocalService C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Documents and Settings\home\My Documents\Downloads\HiJackThis(1).exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=DAT uInternet Settings,ProxyOverride = 127.0.0.1 uSearchAssistant = mSearchAssistant = BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ADAiO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\ADAiO2MUI.exe mRun: [Conime] %windir%\system32\conime.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: ebay.co.uk\www Trusted Zone: Sony-europe.com Trusted Zone: Sonystyle-europe.com DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxps://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277842996358 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277845074437 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{F1F7002A-61F1-480A-BDD1-8C28D64F107B} : DhcpNameServer = 194.168.4.100 194.168.8.100 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\zec6cna6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.co.uk/ FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p= FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll FF - plugin: c:\documents and settings\home\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL . ============= SERVICES / DRIVERS =============== . R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-12-14 56208] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-6 11608] R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-16 228208] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-12-14 71440] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-12-14 164112] R2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\advent\aio\center\ADAIOHostService.exe [2011-10-14 361904] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-6 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-6 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-6 66616] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-12-14 931640] R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-3-29 807917] R3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2010-12-13 618112] R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520] R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2002-3-28 175232] S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe [2011-3-20 28762] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] . =============== Created Last 30 ================ . 2012-01-01 18:51:59 -------- d-----w- c:\documents and settings\home\application data\PCPro 2012-01-01 18:51:59 -------- d-----w- c:\documents and settings\home\application data\PC Cleaners 2012-01-01 18:51:48 5167888 ----a-w- c:\windows\uninst.exe 2012-01-01 18:51:46 -------- d-----w- c:\documents and settings\all users\application data\PC1Data 2011-12-14 12:23:32 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . ==================== Find3M ==================== . 2011-12-21 16:54:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 23:44:04 75160 ----a-w- c:\windows\CouponPrinter.ocx 2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13:22 186880 ------w- c:\windows\system32\encdec.dll . ============= FINISH: 14:16:59.25 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 20/06/2010 16:21:13 System Uptime: 09/01/2012 12:25:35 (2 hours ago) . Motherboard: ASUSTeK Computer INC. | | P4S266VX Processor: Intel® Pentium® 4 CPU 1.80GHz | PGA 478 | 1816/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 19 GiB total, 4.366 GiB free. D: is FIXED (NTFS) - 19 GiB total, 18.551 GiB free. E: is Removable F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP129: 01/01/2012 20:02:22 - System Checkpoint . ==== Installed Programs ====================== . ACDSee for PENTAX AdC4USelfUpdater Adobe Acrobat 5.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements Adobe Shockwave Player 11.6 ADVENT AIO Printer Advent Essentials aioscnnr ALDI Print Software ArcSoft WebCam Companion 3 Avira AntiVir Personal - Free Antivirus Beatnik Player Coupon Printer DigitalPrint 1.1 DVgate Free Window Registry Repair Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB981793) hp instant support HP Memories Disc HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers Internet Explorer (Enable DEP) Java Auto Updater Java™ 6 Update 24 Lucent Technologies Soft Modem AMR Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Automated Troubleshooting Services Shim Microsoft Fix it Center Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Motion JPEG Software Decoder MovieShaker 3.3 Mozilla Firefox 8.0 (x86 en-GB) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser Music Visualizer Library 1.2 My Web Search Online Registration OpenMG Limited Patch 3.0.01-02-01-18-01 OpenMG Secure Module 3.0.01 PC Camer@ PowerDVD PreReq QuickTime Rapport RealPlayer Basic RealProducer Basic 8.5 RoboForm 7-2-6 (All Users) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SiS Audio Driver Skype Toolbars Skype™ 5.3 Smart Capture SonicStage 1.1.00 SonicStage CD-R Writing Module Sony DV Shared Library swMSM Turbo Lister 2 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB982632) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VAIO Action Setup VAIO Brezza Wallpaper VAIO Clock Screen Saver VAIO Grid Wallpaper VAIO Online Registration VAIO Serenus Wallpaper VAIO System Information VAIO Web Phone WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows PowerShell™ 1.0 Windows XP Service Pack 3 Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 04/01/2012 17:20:22, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) . ==== End Of File =========================== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 20/06/2010 16:21:13 System Uptime: 09/01/2012 12:25:35 (2 hours ago) . Motherboard: ASUSTeK Computer INC. | | P4S266VX Processor: Intel® Pentium® 4 CPU 1.80GHz | PGA 478 | 1816/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 19 GiB total, 4.366 GiB free. D: is FIXED (NTFS) - 19 GiB total, 18.551 GiB free. E: is Removable F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP129: 01/01/2012 20:02:22 - System Checkpoint . ==== Installed Programs ====================== . ACDSee for PENTAX AdC4USelfUpdater Adobe Acrobat 5.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements Adobe Shockwave Player 11.6 ADVENT AIO Printer Advent Essentials aioscnnr ALDI Print Software ArcSoft WebCam Companion 3 Avira AntiVir Personal - Free Antivirus Beatnik Player Coupon Printer DigitalPrint 1.1 DVgate Free Window Registry Repair Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB981793) hp instant support HP Memories Disc HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers Internet Explorer (Enable DEP) Java Auto Updater Java™ 6 Update 24 Lucent Technologies Soft Modem AMR Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Automated Troubleshooting Services Shim Microsoft Fix it Center Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Motion JPEG Software Decoder MovieShaker 3.3 Mozilla Firefox 8.0 (x86 en-GB) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser Music Visualizer Library 1.2 My Web Search Online Registration OpenMG Limited Patch 3.0.01-02-01-18-01 OpenMG Secure Module 3.0.01 PC Camer@ PowerDVD PreReq QuickTime Rapport RealPlayer Basic RealProducer Basic 8.5 RoboForm 7-2-6 (All Users) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SiS Audio Driver Skype Toolbars Skype™ 5.3 Smart Capture SonicStage 1.1.00 SonicStage CD-R Writing Module Sony DV Shared Library swMSM Turbo Lister 2 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB982632) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VAIO Action Setup VAIO Brezza Wallpaper VAIO Clock Screen Saver VAIO Grid Wallpaper VAIO Online Registration VAIO Serenus Wallpaper VAIO System Information VAIO Web Phone WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows PowerShell™ 1.0 Windows XP Service Pack 3 Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 04/01/2012 17:20:22, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) . ==== End Of File =========================== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 20/06/2010 16:21:13 System Uptime: 09/01/2012 12:25:35 (2 hours ago) . Motherboard: ASUSTeK Computer INC. | | P4S266VX Processor: Intel® Pentium® 4 CPU 1.80GHz | PGA 478 | 1816/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 19 GiB total, 4.366 GiB free. D: is FIXED (NTFS) - 19 GiB total, 18.551 GiB free. E: is Removable F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP129: 01/01/2012 20:02:22 - System Checkpoint . ==== Installed Programs ====================== . ACDSee for PENTAX AdC4USelfUpdater Adobe Acrobat 5.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements Adobe Shockwave Player 11.6 ADVENT AIO Printer Advent Essentials aioscnnr ALDI Print Software ArcSoft WebCam Companion 3 Avira AntiVir Personal - Free Antivirus Beatnik Player Coupon Printer DigitalPrint 1.1 DVgate Free Window Registry Repair Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB981793) hp instant support HP Memories Disc HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers Internet Explorer (Enable DEP) Java Auto Updater Java™ 6 Update 24 Lucent Technologies Soft Modem AMR Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Automated Troubleshooting Services Shim Microsoft Fix it Center Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Motion JPEG Software Decoder MovieShaker 3.3 Mozilla Firefox 8.0 (x86 en-GB) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser Music Visualizer Library 1.2 My Web Search Online Registration OpenMG Limited Patch 3.0.01-02-01-18-01 OpenMG Secure Module 3.0.01 PC Camer@ PowerDVD PreReq QuickTime Rapport RealPlayer Basic RealProducer Basic 8.5 RoboForm 7-2-6 (All Users) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SiS Audio Driver Skype Toolbars Skype™ 5.3 Smart Capture SonicStage 1.1.00 SonicStage CD-R Writing Module Sony DV Shared Library swMSM Turbo Lister 2 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB982632) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VAIO Action Setup VAIO Brezza Wallpaper VAIO Clock Screen Saver VAIO Grid Wallpaper VAIO Online Registration VAIO Serenus Wallpaper VAIO System Information VAIO Web Phone WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows PowerShell™ 1.0 Windows XP Service Pack 3 Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 04/01/2012 17:20:22, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) . ==== End Of File ===========================

#4 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 09 January 2012 - 09:54 AM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software Run date: 2012-01-09 14:28:58 ----------------------------- 14:28:58.843 OS Version: Windows 5.1.2600 Service Pack 3 14:28:58.843 Number of processors: 1 586 0x102 14:28:58.843 ComputerName: YOUR-0XV8V0OEAP UserName: home 14:28:59.546 Initialize success 14:43:52.750 AVAST engine defs: 12010900 14:44:04.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 14:44:04.609 Disk 0 Vendor: ST340810A 5.38 Size: 38166MB BusType: 3 14:44:04.609 Disk 1 \Device\Harddisk1\DR3 -> \Device\0000005f 14:44:04.609 Disk 1 Vendor: Sony 0000 Size: 38166MB BusType: 0 14:44:04.640 Disk 0 MBR read successfully 14:44:04.640 Disk 0 MBR scan 14:44:04.703 Disk 0 Windows XP default MBR code 14:44:04.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 19116 MB offset 63 14:44:04.718 Disk 0 Partition - 00 0F Extended LBA 19045 MB offset 39150405 14:44:04.750 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 19045 MB offset 39150468 14:44:04.765 Disk 0 scanning sectors +78156225 14:44:04.828 Disk 0 scanning C:\WINDOWS\system32\drivers 14:44:28.000 Service scanning 14:44:28.328 Service ACPI C:\WINDOWS\System32\DRIVERS\ACPI.sys **LOCKED** 32 14:44:29.390 Modules scanning 14:44:43.109 Disk 0 trace - called modules: 14:44:43.125 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x897eced9]<< 14:44:43.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x898d1ab8] 14:44:43.125 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000059[0x898b69e8] 14:44:43.125 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x898b5940] 14:44:43.718 AVAST engine scan C:\WINDOWS 14:45:06.703 AVAST engine scan C:\WINDOWS\system32 14:49:26.984 AVAST engine scan C:\WINDOWS\system32\drivers 14:49:50.906 AVAST engine scan C:\Documents and Settings\home 14:50:26.890 File: C:\Documents and Settings\home\Application Data\Sun\Java\Deployment\cache\6.0\22\1abec896-7add9557 **INFECTED** Win32:Sinowal-LC [Trj] 14:52:23.375 File: C:\Documents and Settings\home\Local Settings\Temp\0.3127321844189709.exe **INFECTED** Win32:Sinowal-LC [Trj] 14:52:53.218 File: C:\Documents and Settings\home\Local Settings\Temp\jar_cache3429873614996434683.tmp **INFECTED** Win32:Malware-gen 14:52:53.906 File: C:\Documents and Settings\home\Local Settings\Temp\jar_cache8595359004865703877.tmp **INFECTED** Win32:Malware-gen 14:52:54.484 File: C:\Documents and Settings\home\Local Settings\Temp\jar_cache8709830576172129322.tmp **INFECTED** Win32:Malware-gen 14:56:48.031 AVAST engine scan C:\Documents and Settings\All Users 15:01:15.812 Scan finished successfully 15:23:54.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\home\My Documents\MBR.dat" 15:23:54.406 The log file has been saved successfully to "C:\Documents and Settings\home\My Documents\aswMBR.txt"

#5 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 09 January 2012 - 10:12 AM

Farbar Service Scanner Ran by home (administrator) on 09-01-2012 at 16:08:21 Microsoft Windows XP Home Edition Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: =========== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x0700000004000000010000000200000003000000050000000600000007000000 IpSec Tag value is correct. **** End of log **** Thanks I have done all you asked but I was not sure how to attach the zipped file to my post. I think I have done it.. Sue.

Attached Files

  • Attached File  MBR.zip   511bytes   175 downloads


#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 09 January 2012 - 12:43 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#7 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 10 January 2012 - 08:07 AM

Thanks./ Combofix log here. The error is still showing.
ComboFix 12-01-09.07 - home 10/01/2012 13:37:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1536.1153 [GMT 0:00]
Running from: c:\documents and settings\home\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\home\Recent\hpothb07.dat
c:\documents and settings\home\Recent\hpothb07.tif
c:\documents and settings\home\WINDOWS
c:\program files\FunWebProducts
c:\program files\FunWebProducts\PopSwatr\History\allowed
c:\program files\FunWebProducts\PopSwatr\History\notallow
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn-new.htmlx
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\2.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\M3FFTBPR.DLL
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\2.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\2.bin\M3PATCH.DLL
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\2.bin\M3UNPAT.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0000DDFC
c:\program files\MyWebSearch\bar\Cache\0000E9F2
c:\program files\MyWebSearch\bar\Cache\00010951
c:\program files\MyWebSearch\bar\Cache\00012E6D
c:\program files\MyWebSearch\bar\Cache\00017EEF
c:\program files\MyWebSearch\bar\Cache\00019611.bmp
c:\program files\MyWebSearch\bar\Cache\00021A44
c:\program files\MyWebSearch\bar\Cache\000268F1
c:\program files\MyWebSearch\bar\Cache\00028090
c:\program files\MyWebSearch\bar\Cache\00028E7A.exe
c:\program files\MyWebSearch\bar\Cache\00029ED6
c:\program files\MyWebSearch\bar\Cache\000306A8
c:\program files\MyWebSearch\bar\Cache\000C6AD5.bmp
c:\program files\MyWebSearch\bar\Cache\000C6C9A.bin
c:\program files\MyWebSearch\bar\Cache\000C6EDC
c:\program files\MyWebSearch\bar\Cache\0019DE50
c:\program files\MyWebSearch\bar\Cache\001C9D80
c:\program files\MyWebSearch\bar\Cache\0067ED68
c:\program files\MyWebSearch\bar\Cache\00BB3923.bin
c:\program files\MyWebSearch\bar\Cache\00BB3E24.bin
c:\program files\MyWebSearch\bar\Cache\00BB3E72.bin
c:\program files\MyWebSearch\bar\Cache\00BB3ED0.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\8_step1.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\bkez.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkgr.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkgs.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bklf.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkrg.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzc.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzl.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzn.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzq.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzr.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzu.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzv.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzw.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2d.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2r.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3d.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3r.png
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut4.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut4b.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut4c.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shield.png
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\f3PSSavr.scr
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-01 18:51 . 2012-01-02 11:40 -------- d-----w- c:\documents and settings\home\Application Data\PCPro
2012-01-01 18:51 . 2012-01-01 18:51 -------- d-----w- c:\documents and settings\home\Application Data\PC Cleaners
2012-01-01 18:51 . 2012-01-01 18:51 5167888 ----a-w- c:\windows\uninst.exe
2012-01-01 18:51 . 2012-01-01 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2011-12-14 12:23 . 2011-12-14 12:23 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 16:54 . 2011-06-09 14:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2002-03-29 16:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2002-03-29 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2002-03-29 16:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2001-12-03 21:55 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 11:23 . 2010-07-18 11:54 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2002-03-29 16:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2002-03-29 16:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 23:44 . 2011-08-18 00:41 75160 ----a-w- c:\windows\CouponPrinter.ocx
2011-10-25 13:33 . 2002-03-29 16:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2001-08-17 13:48 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2010-07-18 11:54 186880 ------w- c:\windows\system32\encdec.dll
2011-11-10 08:47 . 2011-10-02 08:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ADAiO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe" [2010-10-18 2362880]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
backup=c:\windows\pss\VAIO Action Setup (Server).lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADAiO2StatusMonitor]
2010-10-18 11:41 2362880 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\ADAiO2MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 11:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2011-01-10 14:23 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Detector]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-20 13:59 136176 ----atw- c:\documents and settings\home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
2002-03-29 14:07 32768 ----a-w- c:\windows\LTSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2007-12-10 15:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 15:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-07 12:32 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-03-15 14:12 107000 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\ArcSoft\\WebCam Companion 3\\Utility.exe"=
"c:\\Program Files\\Advent\\AIO\\Center\\Advent.Statistics.exe"=
"c:\\Program Files\\Advent\\AIO\\Center\\AdNetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Advent\\AIO\\Firmware\\AdventAIOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\ADVENT\\Installer\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9333:TCP"= 9333:TCP:ADDiscovery
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [14/12/2011 12:23 56208]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [16/12/2011 12:39 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [14/12/2011 12:23 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [14/12/2011 12:23 164112]
R2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\Advent\AIO\Center\ADAIOHostService.exe [14/10/2011 13:59 361904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/03/2011 11:43 136360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [14/12/2011 12:23 931640]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [29/03/2002 14:34 807917]
R3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [13/12/2010 17:00 618112]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 12:45 21520]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [28/03/2002 10:08 175232]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 21:09 267568]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3244783744-2621537104-1815002781-1005Core.job
- c:\documents and settings\home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 13:59]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3244783744-2621537104-1815002781-1005UA.job
- c:\documents and settings\home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 13:59]
.
2012-01-10 c:\windows\Tasks\User_Feed_Synchronization-{05259640-3FC6-4058-8291-C66DFD0DC59C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=DAT
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant =
Trusted Zone: ebay.co.uk\www
Trusted Zone: Sony-europe.com
Trusted Zone: Sonystyle-europe.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\zec6cna6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
AddRemove-SiS7012 - c:\progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-10 13:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1860)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-01-10 13:58:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-10 13:58
.
Pre-Run: 4,451,856,384 bytes free
Post-Run: 4,793,606,144 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 3B1F1CAC302507845155564B05AE5D57

#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 10 January 2012 - 05:18 PM

Hi,

Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#9 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 11 January 2012 - 09:08 AM

Hi and thanks.. Both reports below. Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.11.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 home :: YOUR-0XV8V0OEAP [administrator] 11/01/2012 12:21:32 mbam-log-2012-01-11 (12-21-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 161844 Time elapsed: 7 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 10 HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (Adware.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Documents and Settings\home\My Documents\Downloads\WeatherBlink.exe (Adware.FunWeb) -> Quarantined and deleted successfully. (end) C:\Documents and Settings\home\Application Data\Sun\Java\Deployment\cache\6.0\15\ee7ed4f-16f700dc Java/Agent.EA trojan C:\Documents and Settings\home\Application Data\Sun\Java\Deployment\cache\6.0\56\378fcb78-383c61e5 Java/Exploit.CVE-2011-3544.T trojan C:\Documents and Settings\home\Application Data\Sun\Java\Deployment\cache\6.0\62\2d7ffebe-5cb74fe1 Java/Exploit.CVE-2011-3544.Q trojan C:\Documents and Settings\home\My Documents\Downloads\backups\backup-20120109-134544-292.dll a variant of Win32/Toolbar.MyWebSearch.K application C:\Documents and Settings\home\My Documents\Downloads\backups\backup-20120109-134544-394.dll Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL.vir Win32/Adware.FunWeb application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir Win32/Adware.FunWeb application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTtpct.dll.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir Win32/Adware.FunWeb application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir Win32/Adware.FunWeb application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCrctr.dll.vir Win32/Toolbar.MyWebSearch.P application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir Win32/FunWeb application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3MSg.dll.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUtlcn.dll.vir Win32/Toolbar.MyWebSearch.J application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir a variant of Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3TPINST.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3UNPAT.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP129\A0296034.DLL Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP129\A0296035.DLL a variant of Win32/Toolbar.MyWebSearch.K application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300255.DLL Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300264.DLL Win32/Adware.FunWeb application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300270.DLL Win32/Adware.FunWeb application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300282.DLL Win32/Toolbar.MyWebSearch.G application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300290.DLL Win32/Toolbar.MyWebSearch.B application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300298.DLL Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300307.DLL Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300315.DLL Win32/Adware.FunWeb application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300321.SCR Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300330.DLL Win32/Toolbar.MyWebSearch.G application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300336.DLL Win32/Toolbar.MyWebSearch.D application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300344.DLL Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300350.EXE Win32/Adware.FunWeb application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300359.DLL Win32/Toolbar.MyWebSearch.P application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300375.DLL Win32/FunWeb application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300389.DLL Win32/Toolbar.MyWebSearch.H application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300396.DLL a variant of Win32/Toolbar.MyWebSearch.I application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300418.DLL Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300426.DLL Win32/Toolbar.MyWebSearch.P application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300433.EXE Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300447.DLL Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300457.DLL Win32/Toolbar.MyWebSearch.J application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300471.DLL a variant of Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300480.DLL Win32/Toolbar.MyWebSearch.P application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300486.EXE Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300494.EXE Win32/Toolbar.MyWebSearch.J application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300501.EXE Win32/Toolbar.MyWebSearch.I application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300509.DLL a variant of Win32/Toolbar.MyWebSearch.I application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300516.DLL a variant of Win32/Toolbar.MyWebSearch.I application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300524.DLL Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300531.EXE Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300538.DLL Win32/Toolbar.MyWebSearch.J application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300549.DLL Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300556.EXE Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300563.DLL Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300570.DLL Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP130\A0300620.scr Win32/Toolbar.MyWebSearch application Operating memory a variant of Win32/Ramnit.A virus

#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 11 January 2012 - 04:54 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Documents and Settings\home\Application Data\Sun\Java\Deployment\cache\6.0\15\ee7ed4f-16f700dc 
C:\Documents and Settings\home\Application Data\Sun\Java\Deployment\cache\6.0\56\378fcb78-383c61e5 
C:\Documents and Settings\home\Application Data\Sun\Java\Deployment\cache\6.0\62\2d7ffebe-5cb74fe1 
C:\Documents and Settings\home\My Documents\Downloads\backups\backup-20120109-134544-292.dll 
C:\Documents and Settings\home\My Documents\Downloads\backups\backup-20120109-134544-394.dll 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

We need to set a new system restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create,
when the confirmation screen shows the restore point has been created click Close.

Now remove all previous Restore Points:
Click Start > Run > copy and paste the following into the run box:

cleanmgr

Choose to scan drive C:\ (if C:\ is your main drive) At the top, click on More Options tab. Click the Clean up button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.


NEXT


Please rerun the ESET on line scanner, the entry that ESET refers to a variant of Ramnit has me a little worried, as Ramnit is not cleanable, hopefully it is not on your machine and the detection is false, so once we clean up the restore points and infected files, i want to make sure ESET doesn't detect anything else

Also please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#11 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 13 January 2012 - 10:11 AM

Thanks. Combofix log here and ESET scan results. The 404 not found nginx error is still there and I still get it when I try to use google. I was also redirected to forex.com when I clicked the link to your reply. The only change I can see is there is now a black strip on my toolbar with what looks like the side of a piece of lego on it in grey. I can also now get the dropdown menu and Orange in my IE.

ComboFix 12-01-13.03 - home 13/01/2012 13:54:56.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1536.1078 [GMT 0:00]
Running from: c:\documents and settings\home\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\home\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
* Created a new restore point
.
FILE ::
"c:\documents and settings\home\Application Data\Sun\Java\Deployment\cache\6.0\15\ee7ed4f-16f700dc"
"c:\documents and settings\home\Application Data\Sun\Java\Deployment\cache\6.0\56\378fcb78-383c61e5"
"c:\documents and settings\home\Application Data\Sun\Java\Deployment\cache\6.0\62\2d7ffebe-5cb74fe1"
"c:\documents and settings\home\My Documents\Downloads\backups\backup-20120109-134544-292.dll"
"c:\documents and settings\home\My Documents\Downloads\backups\backup-20120109-134544-394.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\home\My Documents\Downloads\backups\backup-20120109-134544-292.dll
c:\documents and settings\home\My Documents\Downloads\backups\backup-20120109-134544-394.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-12 19:05 . 2012-01-12 19:05 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-12 19:05 . 2012-01-12 19:05 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-12 19:05 . 2012-01-12 19:05 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-12 19:05 . 2012-01-12 19:05 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-11 15:27 . 2012-01-11 15:27 -------- d-----w- c:\documents and settings\home\Local Settings\Application Data\Amazon
2012-01-11 15:27 . 2012-01-11 15:27 -------- d-----w- c:\program files\Amazon
2012-01-11 12:44 . 2012-01-11 12:44 -------- d-----w- c:\program files\ESET
2012-01-11 12:20 . 2012-01-11 12:20 -------- d-----w- c:\documents and settings\home\Application Data\Malwarebytes
2012-01-11 12:20 . 2012-01-11 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-11 12:20 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 12:20 . 2012-01-11 12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-01 18:51 . 2012-01-02 11:40 -------- d-----w- c:\documents and settings\home\Application Data\PCPro
2012-01-01 18:51 . 2012-01-01 18:51 -------- d-----w- c:\documents and settings\home\Application Data\PC Cleaners
2012-01-01 18:51 . 2012-01-01 18:51 5167888 ----a-w- c:\windows\uninst.exe
2012-01-01 18:51 . 2012-01-01 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 16:54 . 2011-06-09 14:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 12:23 . 2011-12-14 12:23 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-25 21:57 . 2002-03-29 16:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2002-03-29 16:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2002-03-29 16:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2002-03-29 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2002-03-29 16:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2001-12-03 21:55 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 11:23 . 2010-07-18 11:54 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2002-03-29 16:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2002-03-29 16:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2002-03-29 16:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2002-03-29 16:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 23:44 . 2011-08-18 00:41 75160 ----a-w- c:\windows\CouponPrinter.ocx
2011-10-25 13:33 . 2002-03-29 16:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2001-08-17 13:48 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2010-07-18 11:54 186880 ------w- c:\windows\system32\encdec.dll
2012-01-12 19:05 . 2011-10-02 08:51 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-10_13.51.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-13 13:05 . 2012-01-13 13:05 16384 c:\windows\TEMP\Perflib_Perfdata_3c0.dat
+ 2002-03-29 16:00 . 2012-01-11 15:57 67884 c:\windows\system32\perfc009.dat
- 2002-03-29 16:00 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2002-03-29 16:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2011-12-25 03:49 . 2011-12-25 03:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-01-12 13:10 . 2012-01-12 13:10 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-13 09:32 . 2011-10-13 09:32 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-13 09:33 . 2011-10-13 09:33 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-13 09:33 . 2011-10-13 09:33 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2002-03-29 16:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2002-03-29 16:00 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2002-03-29 16:00 . 2012-01-11 15:57 432928 c:\windows\system32\perfh009.dat
+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
- 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2011-12-25 03:49 . 2011-12-25 03:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2011-12-25 05:40 . 2011-12-25 05:40 819200 c:\windows\Installer\b62e9d.msp
+ 2011-11-03 10:06 . 2011-11-03 10:06 771584 c:\windows\assembly\temp\5DJPU06CIN\System.Runtime.Remoting.ni.dll
+ 2012-01-12 13:10 . 2012-01-12 13:10 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
+ 2012-01-12 13:10 . 2012-01-12 13:10 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-12 13:10 . 2012-01-12 13:10 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
+ 2012-01-12 13:10 . 2012-01-12 13:10 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-12 13:10 . 2012-01-12 13:10 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
+ 2012-01-12 13:10 . 2012-01-12 13:10 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2012-01-12 13:07 . 2012-01-12 13:07 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
+ 2012-01-12 13:09 . 2012-01-12 13:09 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
+ 2012-01-12 13:09 . 2012-01-12 13:09 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2012-01-12 13:09 . 2012-01-12 13:09 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3062d06077a424dff6997145cad8e9e1\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-11 16:02 . 2012-01-11 16:02 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-13 09:32 . 2011-10-13 09:32 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-11-27 17:11 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2011-12-25 03:50 . 2011-12-25 03:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-26 09:59 . 2011-12-26 09:59 4368896 c:\windows\Installer\b62e95.msp
+ 2012-01-12 13:11 . 2012-01-12 13:11 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-01-12 13:11 . 2012-01-12 13:11 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-01-12 13:11 . 2012-01-12 13:11 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-01-12 13:11 . 2012-01-12 13:11 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-01-12 13:07 . 2012-01-12 13:07 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-01-12 13:10 . 2012-01-12 13:11 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-01-12 13:10 . 2012-01-12 13:10 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
+ 2012-01-12 13:10 . 2012-01-12 13:10 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
+ 2012-01-12 13:08 . 2012-01-12 13:08 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
+ 2012-01-12 13:10 . 2012-01-12 13:10 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
+ 2012-01-12 13:09 . 2012-01-12 13:09 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-13 09:34 . 2011-10-13 09:34 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-13 09:32 . 2011-10-13 09:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-04-03 15:52 . 2011-04-03 15:52 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-11 15:59 . 2012-01-11 15:59 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-10-13 09:32 . 2011-10-13 09:33 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-11 15:56 . 2012-01-11 15:56 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-11 15:57 . 2012-01-11 15:57 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 09:33 . 2011-10-13 09:33 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-06-29 06:30 . 2012-01-11 15:57 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-29 06:30 . 2011-10-13 09:33 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-29 20:41 . 2012-01-11 15:59 52128560 c:\windows\system32\MRT.exe
+ 2012-01-12 13:07 . 2012-01-12 13:07 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
+ 2012-01-12 13:09 . 2012-01-12 13:09 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2012-01-11 16:00 . 2012-01-11 16:00 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ADAiO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe" [2010-10-18 2362880]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
backup=c:\windows\pss\VAIO Action Setup (Server).lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADAiO2StatusMonitor]
2010-10-18 11:41 2362880 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\ADAiO2MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 11:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2011-01-10 14:23 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Detector]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-20 13:59 136176 ----atw- c:\documents and settings\home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
2002-03-29 14:07 32768 ----a-w- c:\windows\LTSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2007-12-10 15:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 15:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-07 12:32 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-03-15 14:12 107000 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\ArcSoft\\WebCam Companion 3\\Utility.exe"=
"c:\\Program Files\\Advent\\AIO\\Center\\Advent.Statistics.exe"=
"c:\\Program Files\\Advent\\AIO\\Center\\AdNetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Advent\\AIO\\Firmware\\AdventAIOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\ADVENT\\Installer\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9333:TCP"= 9333:TCP:ADDiscovery
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [14/12/2011 12:23 56208]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [16/12/2011 12:39 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [14/12/2011 12:23 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [14/12/2011 12:23 164112]
R2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\Advent\AIO\Center\ADAIOHostService.exe [14/10/2011 13:59 361904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/03/2011 11:43 136360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [14/12/2011 12:23 931640]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [29/03/2002 14:34 807917]
R3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [13/12/2010 17:00 618112]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 12:45 21520]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [28/03/2002 10:08 175232]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 21:09 267568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3244783744-2621537104-1815002781-1005Core.job
- c:\documents and settings\home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 13:59]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3244783744-2621537104-1815002781-1005UA.job
- c:\documents and settings\home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 13:59]
.
2012-01-13 c:\windows\Tasks\User_Feed_Synchronization-{05259640-3FC6-4058-8291-C66DFD0DC59C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=DAT
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant =
Trusted Zone: ebay.co.uk\www
Trusted Zone: Sony-europe.com
Trusted Zone: Sonystyle-europe.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\zec6cna6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-13 14:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-01-13 14:08:12
ComboFix-quarantined-files.txt 2012-01-13 14:07
ComboFix2.txt 2012-01-10 13:58
.
Pre-Run: 3,605,217,280 bytes free
Post-Run: 3,606,675,456 bytes free
.
- - End Of File - - 741DE5AD350F6868FB04AEEE22546032





ESET SCAN here

C:\Documents and Settings\home\Application Data\Sun\Java\Deployment\cache\6.0\19\18421313-71a6a175 Java/Exploit.CVE-2011-3544.T trojan
C:\Documents and Settings\home\Application Data\Sun\Java\Deployment\cache\6.0\32\79269c20-65ceef83 Java/Agent.EA trojan
C:\Qoobox\Quarantine\C\Documents and Settings\home\My Documents\Downloads\backups\backup-20120109-134544-292.dll.vir a variant of Win32/Toolbar.MyWebSearch.K application
C:\Qoobox\Quarantine\C\Documents and Settings\home\My Documents\Downloads\backups\backup-20120109-134544-394.dll.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTtpct.dll.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCrctr.dll.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3MSg.dll.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUtlcn.dll.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3TPINST.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3UNPAT.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application
Operating memory a variant of Win32/Ramnit.A virus

#12 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 13 January 2012 - 04:05 PM

It concerns me that ESET reports "Operating memory a variant of Win32/Ramnit.A virus" ramnit is a polymorphic infection that cannot be cleaned, ESET only reports "a variant" and if you had Ramnit as we know it, a lot more files would be infected.


Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#13 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 14 January 2012 - 10:52 AM

Thanks again. The 404 error has gone and my IE is working better now. Just the black strip with a lego on it on my toolbar left. What do you think that could be? I dont know how to send you a picture of it. Here is the log: 16:44:22.0765 2860 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05 16:44:22.0921 2860 ============================================================ 16:44:22.0921 2860 Current date / time: 2012/01/14 16:44:22.0921 16:44:22.0921 2860 SystemInfo: 16:44:22.0921 2860 16:44:22.0921 2860 OS Version: 5.1.2600 ServicePack: 3.0 16:44:22.0921 2860 Product type: Workstation 16:44:22.0921 2860 ComputerName: YOUR-0XV8V0OEAP 16:44:22.0921 2860 UserName: home 16:44:22.0921 2860 Windows directory: C:\WINDOWS 16:44:22.0921 2860 System windows directory: C:\WINDOWS 16:44:22.0921 2860 Processor architecture: Intel x86 16:44:22.0921 2860 Number of processors: 1 16:44:22.0921 2860 Page size: 0x1000 16:44:22.0921 2860 Boot type: Normal boot 16:44:22.0921 2860 ============================================================ 16:44:25.0343 2860 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000, SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054 16:44:25.0781 2860 Initialize success 16:44:49.0609 1640 ============================================================ 16:44:49.0609 1640 Scan started 16:44:49.0609 1640 Mode: Manual; 16:44:49.0609 1640 ============================================================ 16:44:50.0062 1640 Abiosdsk - ok 16:44:50.0140 1640 abp480n5 - ok 16:44:50.0265 1640 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys 16:44:50.0265 1640 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17 16:44:50.0265 1640 ACPI ( Virus.Win32.Rloader.a ) - infected 16:44:50.0265 1640 ACPI - detected Virus.Win32.Rloader.a (0) 16:44:50.0375 1640 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 16:44:50.0390 1640 ACPIEC - ok 16:44:50.0468 1640 adpu160m - ok 16:44:50.0593 1640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 16:44:50.0625 1640 aec - ok 16:44:50.0765 1640 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 16:44:50.0796 1640 AFD - ok 16:44:50.0890 1640 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys 16:44:50.0906 1640 AFS2K - ok 16:44:51.0000 1640 Aha154x - ok 16:44:51.0078 1640 aic78u2 - ok 16:44:51.0171 1640 aic78xx - ok 16:44:51.0265 1640 AliIde - ok 16:44:51.0359 1640 amsint - ok 16:44:51.0484 1640 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 16:44:51.0500 1640 Arp1394 - ok 16:44:51.0578 1640 asc - ok 16:44:51.0671 1640 asc3350p - ok 16:44:51.0750 1640 asc3550 - ok 16:44:52.0140 1640 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 16:44:52.0156 1640 ASCTRM - ok 16:44:52.0312 1640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16:44:52.0328 1640 AsyncMac - ok 16:44:52.0437 1640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 16:44:52.0437 1640 atapi - ok 16:44:52.0562 1640 Atdisk - ok 16:44:52.0656 1640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 16:44:52.0671 1640 Atmarpc - ok 16:44:52.0796 1640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 16:44:52.0796 1640 audstub - ok 16:44:52.0859 1640 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 16:44:52.0859 1640 avgio - ok 16:44:52.0984 1640 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 16:44:53.0000 1640 avgntflt - ok 16:44:53.0109 1640 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 16:44:53.0125 1640 avipbb - ok 16:44:53.0250 1640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 16:44:53.0250 1640 Beep - ok 16:44:53.0343 1640 catchme - ok 16:44:53.0484 1640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 16:44:53.0500 1640 cbidf2k - ok 16:44:53.0593 1640 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 16:44:53.0609 1640 CCDECODE - ok 16:44:53.0687 1640 cd20xrnt - ok 16:44:53.0796 1640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 16:44:53.0796 1640 Cdaudio - ok 16:44:53.0906 1640 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 16:44:53.0921 1640 Cdfs - ok 16:44:54.0031 1640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 16:44:54.0046 1640 Cdrom - ok 16:44:54.0140 1640 Changer - ok 16:44:54.0234 1640 CmdIde - ok 16:44:54.0343 1640 Cpqarray - ok 16:44:54.0437 1640 dac2w2k - ok 16:44:54.0531 1640 dac960nt - ok 16:44:54.0640 1640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 16:44:54.0656 1640 Disk - ok 16:44:54.0812 1640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 16:44:54.0890 1640 dmboot - ok 16:44:55.0000 1640 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys 16:44:55.0015 1640 DMICall - ok 16:44:55.0140 1640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 16:44:55.0156 1640 dmio - ok 16:44:55.0265 1640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 16:44:55.0281 1640 dmload - ok 16:44:55.0406 1640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 16:44:55.0421 1640 DMusic - ok 16:44:55.0515 1640 dpti2o - ok 16:44:55.0609 1640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 16:44:55.0609 1640 drmkaud - ok 16:44:55.0765 1640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 16:44:55.0781 1640 Fastfat - ok 16:44:55.0890 1640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 16:44:55.0906 1640 Fdc - ok 16:44:56.0000 1640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 16:44:56.0015 1640 Fips - ok 16:44:56.0125 1640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 16:44:56.0140 1640 Flpydisk - ok 16:44:56.0265 1640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 16:44:56.0281 1640 FltMgr - ok 16:44:56.0406 1640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 16:44:56.0421 1640 Fs_Rec - ok 16:44:56.0531 1640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 16:44:56.0546 1640 Ftdisk - ok 16:44:56.0671 1640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 16:44:56.0687 1640 Gpc - ok 16:44:56.0812 1640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 16:44:56.0812 1640 HidUsb - ok 16:44:56.0906 1640 hpn - ok 16:44:56.0984 1640 hpt3xx - ok 16:44:57.0109 1640 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 16:44:57.0125 1640 HPZid412 - ok 16:44:57.0250 1640 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16:44:57.0265 1640 HPZipr12 - ok 16:44:57.0359 1640 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 16:44:57.0375 1640 HPZius12 - ok 16:44:57.0484 1640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 16:44:57.0500 1640 HTTP - ok 16:44:57.0578 1640 i2omgmt - ok 16:44:57.0671 1640 i2omp - ok 16:44:57.0781 1640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 16:44:57.0796 1640 i8042prt - ok 16:44:57.0906 1640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys 16:44:57.0921 1640 Imapi - ok 16:44:58.0015 1640 ini910u - ok 16:44:58.0109 1640 IntelIde - ok 16:44:58.0218 1640 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 16:44:58.0218 1640 ip6fw - ok 16:44:58.0343 1640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 16:44:58.0359 1640 IpFilterDriver - ok 16:44:58.0468 1640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 16:44:58.0484 1640 IpInIp - ok 16:44:58.0593 1640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 16:44:58.0593 1640 IpNat - ok 16:44:58.0703 1640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 16:44:58.0718 1640 IPSec - ok 16:44:58.0828 1640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 16:44:58.0828 1640 IRENUM - ok 16:44:58.0937 1640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 16:44:58.0953 1640 isapnp - ok 16:44:59.0062 1640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 16:44:59.0078 1640 Kbdclass - ok 16:44:59.0203 1640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 16:44:59.0250 1640 kmixer - ok 16:44:59.0359 1640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 16:44:59.0375 1640 KSecDD - ok 16:44:59.0484 1640 lbrtfdc - ok 16:44:59.0656 1640 LucentSoftModem (2760ea66615b0357f3d8f7e7ba147e33) C:\WINDOWS\system32\DRIVERS\LTSM.sys 16:44:59.0750 1640 LucentSoftModem - ok 16:44:59.0875 1640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 16:44:59.0875 1640 mnmdd - ok 16:45:00.0000 1640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 16:45:00.0000 1640 Modem - ok 16:45:00.0109 1640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 16:45:00.0125 1640 Mouclass - ok 16:45:00.0234 1640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 16:45:00.0250 1640 mouhid - ok 16:45:00.0390 1640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 16:45:00.0406 1640 MountMgr - ok 16:45:00.0484 1640 mraid35x - ok 16:45:00.0609 1640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 16:45:00.0640 1640 MRxDAV - ok 16:45:00.0750 1640 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 16:45:00.0843 1640 MRxSmb - ok 16:45:00.0968 1640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 16:45:00.0984 1640 Msfs - ok 16:45:01.0093 1640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 16:45:01.0093 1640 MSKSSRV - ok 16:45:01.0187 1640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 16:45:01.0203 1640 MSPCLOCK - ok 16:45:01.0328 1640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 16:45:01.0328 1640 MSPQM - ok 16:45:01.0437 1640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16:45:01.0453 1640 mssmbios - ok 16:45:01.0562 1640 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 16:45:01.0578 1640 MSTEE - ok 16:45:01.0687 1640 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 16:45:01.0718 1640 Mup - ok 16:45:01.0859 1640 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 16:45:01.0875 1640 NABTSFEC - ok 16:45:02.0000 1640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 16:45:02.0046 1640 NDIS - ok 16:45:02.0156 1640 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 16:45:02.0171 1640 NdisIP - ok 16:45:02.0265 1640 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 16:45:02.0281 1640 NdisTapi - ok 16:45:02.0390 1640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16:45:02.0390 1640 Ndisuio - ok 16:45:02.0500 1640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 16:45:02.0515 1640 NdisWan - ok 16:45:02.0625 1640 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 16:45:02.0640 1640 NDProxy - ok 16:45:02.0734 1640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 16:45:02.0750 1640 NetBIOS - ok 16:45:02.0859 1640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 16:45:02.0890 1640 NetBT - ok 16:45:03.0031 1640 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 16:45:03.0031 1640 NIC1394 - ok 16:45:03.0140 1640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 16:45:03.0156 1640 Npfs - ok 16:45:03.0296 1640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 16:45:03.0359 1640 Ntfs - ok 16:45:03.0500 1640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 16:45:03.0500 1640 Null - ok 16:45:03.0703 1640 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 16:45:03.0953 1640 nv - ok 16:45:04.0078 1640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16:45:04.0078 1640 NwlnkFlt - ok 16:45:04.0187 1640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 16:45:04.0203 1640 NwlnkFwd - ok 16:45:04.0312 1640 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 16:45:04.0312 1640 ohci1394 - ok 16:45:04.0453 1640 PAC207 (4a410c7aea51123519c20d43a20bce96) C:\WINDOWS\system32\DRIVERS\PFC027.SYS 16:45:04.0531 1640 PAC207 - ok 16:45:04.0625 1640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 16:45:04.0640 1640 Parport - ok 16:45:04.0750 1640 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 16:45:04.0765 1640 PartMgr - ok 16:45:04.0875 1640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 16:45:04.0890 1640 ParVdm - ok 16:45:04.0984 1640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 16:45:05.0000 1640 PCI - ok 16:45:05.0078 1640 PCIDump - ok 16:45:05.0171 1640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 16:45:05.0187 1640 PCIIde - ok 16:45:05.0312 1640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 16:45:05.0328 1640 Pcmcia - ok 16:45:05.0421 1640 PDCOMP - ok 16:45:05.0515 1640 PDFRAME - ok 16:45:05.0593 1640 PDRELI - ok 16:45:05.0687 1640 PDRFRAME - ok 16:45:05.0781 1640 perc2 - ok 16:45:05.0859 1640 perc2hib - ok 16:45:06.0015 1640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 16:45:06.0031 1640 PptpMiniport - ok 16:45:06.0125 1640 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 16:45:06.0140 1640 Processor - ok 16:45:06.0250 1640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 16:45:06.0265 1640 PSched - ok 16:45:06.0578 1640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 16:45:06.0593 1640 Ptilink - ok 16:45:06.0718 1640 PxHelp20 (79e924e9126bc541d6e1c76e9b077bb7) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 16:45:06.0718 1640 PxHelp20 - ok 16:45:06.0812 1640 ql1080 - ok 16:45:06.0890 1640 Ql10wnt - ok 16:45:06.0984 1640 ql12160 - ok 16:45:07.0078 1640 ql1240 - ok 16:45:07.0156 1640 ql1280 - ok 16:45:07.0328 1640 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys 16:45:07.0359 1640 RapportCerberus_34302 - ok 16:45:07.0468 1640 RapportEI (e72edf9410fa365c0c383f7366fbf7c9) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 16:45:07.0484 1640 RapportEI - ok 16:45:07.0609 1640 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys 16:45:07.0625 1640 RapportIaso - ok 16:45:07.0781 1640 RapportKELL (541bb19a74b1c28279a204c417321e52) C:\WINDOWS\system32\Drivers\RapportKELL.sys 16:45:07.0796 1640 RapportKELL - ok 16:45:07.0921 1640 RapportPG (0773fab5c2bd7342ba248b3c8cdef3c3) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 16:45:07.0953 1640 RapportPG - ok 16:45:08.0078 1640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 16:45:08.0078 1640 RasAcd - ok 16:45:08.0343 1640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 16:45:08.0359 1640 Rasl2tp - ok 16:45:08.0453 1640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 16:45:08.0468 1640 RasPppoe - ok 16:45:08.0578 1640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 16:45:08.0593 1640 Raspti - ok 16:45:08.0703 1640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 16:45:08.0750 1640 Rdbss - ok 16:45:08.0859 1640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 16:45:08.0859 1640 RDPCDD - ok 16:45:09.0000 1640 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 16:45:09.0015 1640 RDPWD - ok 16:45:09.0156 1640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 16:45:09.0171 1640 redbook - ok 16:45:09.0421 1640 rtl8139 (dbd3887e257c4348e314e0b94c4cf3ff) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS 16:45:09.0437 1640 rtl8139 - ok 16:45:09.0609 1640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 16:45:09.0609 1640 Secdrv - ok 16:45:09.0718 1640 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 16:45:09.0734 1640 serenum - ok 16:45:09.0843 1640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 16:45:09.0859 1640 Serial - ok 16:45:09.0984 1640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 16:45:10.0000 1640 Sfloppy - ok 16:45:10.0093 1640 Simbad - ok 16:45:10.0218 1640 SiS7012 (6e691a346b9b219e038ed04c6977a71d) C:\WINDOWS\system32\drivers\sis7012.sys 16:45:10.0250 1640 SiS7012 - ok 16:45:10.0359 1640 sisagp (c729eb60dd40948e5eb3fb53dc9cad44) C:\WINDOWS\system32\DRIVERS\sisagp.sys 16:45:10.0375 1640 sisagp - ok 16:45:10.0484 1640 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 16:45:10.0484 1640 SLIP - ok 16:45:10.0609 1640 SONYWBMS (752a5c46742d07c15e9b4c246fcad8d4) C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS 16:45:10.0625 1640 SONYWBMS - ok 16:45:10.0703 1640 Sparrow - ok 16:45:10.0812 1640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 16:45:10.0812 1640 splitter - ok 16:45:10.0937 1640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 16:45:10.0953 1640 sr - ok 16:45:11.0093 1640 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 16:45:11.0140 1640 Srv - ok 16:45:11.0265 1640 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 16:45:11.0265 1640 ssmdrv - ok 16:45:11.0390 1640 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 16:45:11.0406 1640 streamip - ok 16:45:11.0515 1640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 16:45:11.0531 1640 swenum - ok 16:45:11.0640 1640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 16:45:11.0640 1640 swmidi - ok 16:45:11.0750 1640 symc810 - ok 16:45:11.0843 1640 symc8xx - ok 16:45:11.0937 1640 sym_hi - ok 16:45:12.0015 1640 sym_u3 - ok 16:45:12.0125 1640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 16:45:12.0140 1640 sysaudio - ok 16:45:12.0296 1640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 16:45:12.0359 1640 Tcpip - ok 16:45:12.0484 1640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 16:45:12.0500 1640 TDPIPE - ok 16:45:12.0609 1640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 16:45:12.0609 1640 TDTCP - ok 16:45:12.0718 1640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 16:45:12.0734 1640 TermDD - ok 16:45:12.0859 1640 TosIde - ok 16:45:13.0000 1640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 16:45:13.0015 1640 Udfs - ok 16:45:13.0093 1640 ultra - ok 16:45:13.0218 1640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 16:45:13.0281 1640 Update - ok 16:45:13.0421 1640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 16:45:13.0437 1640 usbccgp - ok 16:45:13.0531 1640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 16:45:13.0546 1640 usbhub - ok 16:45:13.0656 1640 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 16:45:13.0656 1640 usbohci - ok 16:45:13.0765 1640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 16:45:13.0781 1640 usbprint - ok 16:45:13.0890 1640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 16:45:13.0890 1640 usbscan - ok 16:45:14.0000 1640 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:45:14.0015 1640 USBSTOR - ok 16:45:14.0109 1640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 16:45:14.0125 1640 VgaSave - ok 16:45:14.0203 1640 ViaIde - ok 16:45:14.0312 1640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 16:45:14.0328 1640 VolSnap - ok 16:45:14.0468 1640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 16:45:14.0484 1640 Wanarp - ok 16:45:14.0562 1640 WDICA - ok 16:45:14.0671 1640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 16:45:14.0687 1640 wdmaud - ok 16:45:14.0890 1640 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 16:45:14.0890 1640 WS2IFSL - ok 16:45:15.0015 1640 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 16:45:15.0031 1640 WSTCODEC - ok 16:45:15.0125 1640 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 16:45:15.0312 1640 \Device\Harddisk0\DR0 - ok 16:45:15.0328 1640 Boot (0x1200) (569e1f8b76dcaa5b0d30e7ac40952eb7) \Device\Harddisk0\DR0\Partition0 16:45:15.0328 1640 \Device\Harddisk0\DR0\Partition0 - ok 16:45:15.0343 1640 Boot (0x1200) (4673c7f7cce5569b9012ca1e4a0fe186) \Device\Harddisk0\DR0\Partition1 16:45:15.0343 1640 \Device\Harddisk0\DR0\Partition1 - ok 16:45:15.0359 1640 ============================================================ 16:45:15.0359 1640 Scan finished 16:45:15.0359 1640 ============================================================ 16:45:15.0390 0912 Detected object count: 1 16:45:15.0390 0912 Actual detected object count: 1 16:46:07.0203 0912 Backup copy found, using it.. 16:46:07.0250 0912 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot 16:46:07.0250 0912 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure 16:46:17.0031 1028 Deinitialize success

Edited by sooty4, 14 January 2012 - 11:23 AM.


#14 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 14 January 2012 - 11:38 AM

Please rerun Combofix - allow it to update is it asks to do so (make sure your security programs are disabled) post the resulting log please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#15 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 14 January 2012 - 12:36 PM

Hi. Resulting combofix log here. Computer running as per beg. of last message. Black Strip is 7mm across. Thanks.

ComboFix 12-01-13.05 - home 14/01/2012 17:57:46.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1536.1148 [GMT 0:00]
Running from: c:\documents and settings\home\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-14 to 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-12 19:05 . 2012-01-12 19:05 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-12 19:05 . 2012-01-12 19:05 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-12 19:05 . 2012-01-12 19:05 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-12 19:05 . 2012-01-12 19:05 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-11 15:27 . 2012-01-11 15:27 -------- d-----w- c:\documents and settings\home\Local Settings\Application Data\Amazon
2012-01-11 15:27 . 2012-01-11 15:27 -------- d-----w- c:\program files\Amazon
2012-01-11 12:44 . 2012-01-11 12:44 -------- d-----w- c:\program files\ESET
2012-01-11 12:20 . 2012-01-11 12:20 -------- d-----w- c:\documents and settings\home\Application Data\Malwarebytes
2012-01-11 12:20 . 2012-01-11 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-11 12:20 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 12:20 . 2012-01-11 12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-01 18:51 . 2012-01-02 11:40 -------- d-----w- c:\documents and settings\home\Application Data\PCPro
2012-01-01 18:51 . 2012-01-01 18:51 -------- d-----w- c:\documents and settings\home\Application Data\PC Cleaners
2012-01-01 18:51 . 2012-01-01 18:51 5167888 ----a-w- c:\windows\uninst.exe
2012-01-01 18:51 . 2012-01-01 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-14 16:46 . 2001-08-17 13:57 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-12-21 16:54 . 2011-06-09 14:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 12:23 . 2011-12-14 12:23 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-25 21:57 . 2002-03-29 16:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2002-03-29 16:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2002-03-29 16:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2002-03-29 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2002-03-29 16:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2001-12-03 21:55 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 11:23 . 2010-07-18 11:54 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2002-03-29 16:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2002-03-29 16:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2002-03-29 16:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2002-03-29 16:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 23:44 . 2011-08-18 00:41 75160 ----a-w- c:\windows\CouponPrinter.ocx
2011-10-25 13:33 . 2002-03-29 16:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2001-08-17 13:48 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2010-07-18 11:54 186880 ------w- c:\windows\system32\encdec.dll
2012-01-12 19:05 . 2011-10-02 08:51 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-13_14.04.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-14 16:47 . 2012-01-14 16:47 16384 c:\windows\TEMP\Perflib_Perfdata_ec.dat
+ 2012-01-14 17:57 . 2012-01-14 17:57 16384 c:\windows\TEMP\Perflib_Perfdata_a70.dat
+ 2002-03-29 16:00 . 2012-01-14 16:51 68218 c:\windows\system32\perfc009.dat
+ 2002-03-29 16:00 . 2012-01-14 16:51 433580 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ADAiO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe" [2010-10-18 2362880]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
backup=c:\windows\pss\VAIO Action Setup (Server).lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADAiO2StatusMonitor]
2010-10-18 11:41 2362880 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\ADAiO2MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 11:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2011-01-10 14:23 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Detector]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-20 13:59 136176 ----atw- c:\documents and settings\home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
2002-03-29 14:07 32768 ----a-w- c:\windows\LTSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2007-12-10 15:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 15:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-07 12:32 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-03-15 14:12 107000 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\ArcSoft\\WebCam Companion 3\\Utility.exe"=
"c:\\Program Files\\Advent\\AIO\\Center\\Advent.Statistics.exe"=
"c:\\Program Files\\Advent\\AIO\\Center\\AdNetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Advent\\AIO\\Firmware\\AdventAIOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\ADVENT\\Installer\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9333:TCP"= 9333:TCP:ADDiscovery
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [14/12/2011 12:23 56208]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [16/12/2011 12:39 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [14/12/2011 12:23 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [14/12/2011 12:23 164112]
R2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\Advent\AIO\Center\ADAIOHostService.exe [14/10/2011 13:59 361904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/03/2011 11:43 136360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [14/12/2011 12:23 931640]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [29/03/2002 14:34 807917]
R3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [13/12/2010 17:00 618112]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 12:45 21520]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [28/03/2002 10:08 175232]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 21:09 267568]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 77389103
*NewlyCreated* - RAPPORTIASO
*Deregistered* - 77389103
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3244783744-2621537104-1815002781-1005Core.job
- c:\documents and settings\home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 13:59]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3244783744-2621537104-1815002781-1005UA.job
- c:\documents and settings\home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 13:59]
.
2012-01-14 c:\windows\Tasks\User_Feed_Synchronization-{05259640-3FC6-4058-8291-C66DFD0DC59C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=DAT
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant =
Trusted Zone: ebay.co.uk\www
Trusted Zone: Sony-europe.com
Trusted Zone: Sonystyle-europe.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\zec6cna6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-77389103.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-14 18:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3068)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-01-14 18:10:39
ComboFix-quarantined-files.txt 2012-01-14 18:10
ComboFix2.txt 2012-01-13 14:08
ComboFix3.txt 2012-01-10 13:58
.
Pre-Run: 5,109,538,816 bytes free
Post-Run: 5,112,971,264 bytes free
.
- - End Of File - - 8B7A0C1EE4B25BE8A77F2261EB6961E4

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users