Jump to content
Sign in to follow this  
Dutchman4727

I too have Exploit Java/Blacole.ET DDS.txt file included

Recommended Posts

Posted Today, 01:04 PM

Hello, I too have had problems with Exploit Java/Blacole.ET. I also am a novice at this sort of thing, so let me thank any/everyone up front for the help and patience that comes with dealing with a newbie. Included is the DDS.txt file for my system as well as the Attach txt. I look forward to any response

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_30

Run by Gregory Van :filtered: at 13:45:24 on 2012-04-07

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?AF=110807&tt=290312_bexdll&babsrc=HP_ss&mntrId=980c58cd0000000000000013ce22f86b

uDefault_Page_URL = hxxp://uk.ask.com/?o=461

uWindow Title = Windows Internet Explorer provided by Ask Jeeves

uInternet Settings,ProxyServer = proxy-mem3131d.network.fedex.com:3128

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &ESPN: {ae6f2894-af10-4c9c-b16e-1dfc6ff8c0c6} - c:\program files\espn\toolbar\DIGToolBar.dll

TB: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No File

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - {57F02779-3D88-4958-8AD3-83C12D86ADC7}

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07}

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

Trusted Zone: target.com

DPF: {037790A6-1576-11D6-903D-00105AABADD3} - hxxps://pilot.fedex.com/bluezone/bzw2h5/controls/sglw2hcm.ocx

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.115/WebSlingPlayer.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt.ocx

TCP: Interfaces\{B0E660A7-5E4B-42DE-AC8D-90F7DD3E87A0} : DhcpNameServer = 192.168.1.254

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

Notify: TPSvc - TPSvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Authentication Packages = msv1_0 relog_ap

LSA: Notification Packages = :\windows\system32\srrstr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\gregory van :filtered:\application data\mozilla\firefox\profiles\7dmwtqfl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2708334&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/

FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\gregory van :filtered:\application data\mozilla\firefox\profiles\7dmwtqfl.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll

.

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

.

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110807

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 980c58cd0000000000000013ce22f86b

FF - user.js: extensions.BabylonToolbar_i.hardId - 980c58cd0000000000000013ce22f86b

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:49:19

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

regfile=NOTEPAD.EXE %1

scrfile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-04-07 13:36:01 -------- d-sh--w- C:\found.000

2012-04-06 00:25:06 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{338724cf-042a-4d89-89bf-82e22fdbc748}\mpengine.dll

2012-04-06 00:18:58 -------- d-----w- c:\program files\Microsoft Security Client

2012-04-05 23:59:54 767952 ----a-w- c:\windows\BDTSupport.dll

2012-04-05 23:59:53 2250704 ----a-w- c:\windows\PCTBDCore.dll

2012-04-05 23:59:53 1681360 ----a-w- c:\windows\PCTBDRes.dll

2012-04-05 23:59:53 149456 ----a-w- c:\windows\SGDetectionTool.dll

2012-04-05 23:58:42 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-04-05 23:58:28 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2012-04-05 23:58:21 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2012-04-05 23:58:08 -------- d-----w- c:\program files\PC Tools

2012-04-05 23:54:50 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2012-04-05 23:54:50 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys

2012-04-05 23:54:47 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2012-04-05 23:54:47 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2012-04-05 23:54:45 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-04-05 23:54:45 -------- d-----w- c:\program files\common files\PC Tools

2012-04-01 20:49:09 -------- d-----w- c:\documents and settings\gregory van :filtered:\local settings\application data\Babylon

2012-04-01 20:49:08 -------- d-----w- c:\documents and settings\gregory van :filtered:\application data\Babylon

2012-04-01 20:49:08 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2012-04-01 20:48:59 -------- d-----w- c:\program files\FoxTabVideoConverter

2012-04-01 20:34:48 -------- d-----w- c:\documents and settings\gregory van :filtered:\application data\RealNetworks

2012-04-01 20:22:16 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2012-04-01 20:22:16 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2012-04-01 19:24:44 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll

2012-04-01 19:23:49 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll

2012-04-01 19:23:38 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll

2012-04-01 18:33:44 -------- d-----w- c:\documents and settings\all users\application data\Speedbit

2012-04-01 18:33:40 -------- d-----w- c:\program files\SpeedBit Video Accelerator

2012-04-01 16:53:49 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-31 17:01:18 -------- d-----w- c:\documents and settings\gregory van :filtered:\application data\PCTools

2012-03-31 03:23:33 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys

2012-03-31 03:05:25 -------- d-----w- c:\documents and settings\gregory van :filtered:\application data\TestApp

2012-03-20 16:29:45 -------- d-----w- c:\documents and settings\gregory van :filtered:\local settings\application data\Threat Expert

2012-03-19 12:55:19 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-19 12:55:19 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-03-15 00:23:35 -------- d-----w- c:\program files\PC Tools Security

2012-03-14 23:35:13 -------- d-----w- c:\documents and settings\gregory van :filtered:\application data\Systweak

2012-03-14 23:34:55 17280 ----a-w- c:\windows\system32\roboot.exe

2012-03-14 22:04:57 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-03-14 22:04:57 -------- d-----w- c:\windows\system32\wbem\Repository

.

==================== Find3M ====================

.

2012-04-01 16:57:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 07:32:39 39016 ----a-w- c:\windows\system32\drivers\tbhsd.sys

2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-15 15:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 15:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-24 05:29:58 23608 ----a-w- c:\windows\system32\drivers\SndTAudio.sys

2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2004-08-04 10:00:00 94784 --sh--w- c:\windows\twain.dll

2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll

.

============= FINISH: 13:47:58.16 ===============

 

 

.

attach.txt

Share this post


Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)

  • The fixes are specific to your problem and should only be used for the issues on this machine.

  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

  • It's often worth reading through these instructions and printing them for ease of reference.

  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

 

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

 

Stay with this topic until I give you the all clean post.

----------

 

 

Please download aswMBR to your desktop.

 

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
Posted Image

Click the image to enlarge it

----------

 

As a note: I understand your desire for privacy but please do not block out any portions of the logs. When we begin to attempt to fix your system the file paths will not work. If you would, please run new scans with DDS and then post the new logs created by DDS and aswMBR. :)

Share this post


Link to post
Share on other sites

Hi Jeff!!!!! Thank goodness, I was beginning to think no one was going to take my case....LOL. Here are both the scan results you requested. I must use 2 computers for this as the machinr in question will no longer connect to the internet and all restore points prior to infection seem to be gone or hidden.

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_30

Run by Gregory Van :filtered: at 13:45:24 on 2012-04-07

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?AF=110807&tt=290312_bexdll&babsrc=HP_ss&mntrId=980c58cd0000000000000013ce22f86b

uDefault_Page_URL = hxxp://uk.ask.com/?o=461

uWindow Title = Windows Internet Explorer provided by Ask Jeeves

uInternet Settings,ProxyServer = proxy-mem3131d.network.fedex.com:3128

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:program filespc toolspc tools securitybdtPCTBrowserDefender.dll

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll

BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:program filespc toolspc tools securitybdtPCTBrowserDefender.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginierpbrowserrecordplugin.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:windowssystem32dlatfswshx.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll

BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:program filessuperfishwindow shopperSuperfishIEAddon.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre6binssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program fileswindows livetoolbarwltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll

TB: &ESPN: {ae6f2894-af10-4c9c-b16e-1dfc6ff8c0c6} - c:program filesespntoolbarDIGToolBar.dll

TB: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No File

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:program filespc toolspc tools securitybdtPCTBrowserDefender.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program fileswindows livetoolbarwltcore.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - No File

uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe

mRun: [MSC] "c:program filesmicrosoft security clientmsseces.exe" -hide -runkey

dRun: [OE] c:program filestrend microinternet securitytmas_oeTMAS_OEMon.exe

dRun: [DWQueuedReporting] "c:progra~1common~1micros~1dwdwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:progra~1micros~4office12EXCEL.EXE/3000

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:program filesiespelliespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:program filesiespelliespell.dll/SPELLOPTION.HTM

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~4office12ONBttnIE.dll

IE: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - {57F02779-3D88-4958-8AD3-83C12D86ADC7}

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07}

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

LSP: c:program filescommon filespc toolslspPCTLsp.dll

Trusted Zone: target.com

DPF: {037790A6-1576-11D6-903D-00105AABADD3} - hxxps://pilot.fedex.com/bluezone/bzw2h5/controls/sglw2hcm.ocx

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.115/WebSlingPlayer.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt.ocx

TCP: Interfaces{B0E660A7-5E4B-42DE-AC8D-90F7DD3E87A0} : DhcpNameServer = 192.168.1.254

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

Notify: igfxcui - igfxdev.dll

Notify: IntelWireless - c:program filesintelwirelessbinLgNotify.dll

Notify: TPSvc - TPSvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll

LSA: Authentication Packages = msv1_0 relog_ap

LSA: Notification Packages = :windowssystem32srrstr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:documents and settingsgregory van :filtered:application datamozillafirefoxprofiles7dmwtqfl.default

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2708334&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/

FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginmozillapluginsnprpchromebrowserrecordext.dll

FF - plugin: c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginmozillapluginsnprphtml5videoshim.dll

FF - plugin: c:documents and settingsgregory van :filtered:application datamozillafirefoxprofiles7dmwtqfl.defaultextensions{9eb34849-81d3-4841-939d-666d522b889a}pluginsnpSlingPlayer.dll

FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll

FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll

FF - plugin: c:program filesgoogleupdate1.3.21.111npGoogleUpdate3.dll

FF - plugin: c:program filesjavajre6binnew_pluginnpdeployJava1.dll

FF - plugin: c:program filesmicrosoft silverlight4.1.10111.0npctrlui.dll

FF - plugin: c:program filesmicrosoftoffice livenpOLW.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpdeployJava1.dll

FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dll

FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll

FF - plugin: c:windowssystem32macromedflashNPSWF32_11_2_202_228.dll

.

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

.

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110807

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 980c58cd0000000000000013ce22f86b

FF - user.js: extensions.BabylonToolbar_i.hardId - 980c58cd0000000000000013ce22f86b

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:49:19

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

regfile=NOTEPAD.EXE %1

scrfile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-04-07 13:36:01 -------- d-sh--w- C:found.000

2012-04-06 00:25:06 6582328 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{338724cf-042a-4d89-89bf-82e22fdbc748}mpengine.dll

2012-04-06 00:18:58 -------- d-----w- c:program filesMicrosoft Security Client

2012-04-05 23:59:54 767952 ----a-w- c:windowsBDTSupport.dll

2012-04-05 23:59:53 2250704 ----a-w- c:windowsPCTBDCore.dll

2012-04-05 23:59:53 1681360 ----a-w- c:windowsPCTBDRes.dll

2012-04-05 23:59:53 149456 ----a-w- c:windowsSGDetectionTool.dll

2012-04-05 23:58:42 253352 ----a-w- c:windowssystem32driverspctgntdi.sys

2012-04-05 23:58:28 17848 ----a-w- c:windowssystem32driverspctBTFix.sys

2012-04-05 23:58:21 70536 ----a-w- c:windowssystem32driverspctplsg.sys

2012-04-05 23:58:08 -------- d-----w- c:program filesPC Tools

2012-04-05 23:54:50 909728 ----a-w- c:windowssystem32driverspctEFA.sys

2012-04-05 23:54:50 342168 ----a-w- c:windowssystem32driverspctDS.sys

2012-04-05 23:54:47 331880 ----a-w- c:windowssystem32driversPCTCore.sys

2012-04-05 23:54:47 162584 ----a-w- c:windowssystem32driversPCTAppEvent.sys

2012-04-05 23:54:45 185560 ----a-w- c:windowssystem32driversPCTSD.sys

2012-04-05 23:54:45 -------- d-----w- c:program filescommon filesPC Tools

2012-04-01 20:49:09 -------- d-----w- c:documents and settingsgregory van :filtered:local settingsapplication dataBabylon

2012-04-01 20:49:08 -------- d-----w- c:documents and settingsgregory van :filtered:application dataBabylon

2012-04-01 20:49:08 -------- d-----w- c:documents and settingsall usersapplication dataBabylon

2012-04-01 20:48:59 -------- d-----w- c:program filesFoxTabVideoConverter

2012-04-01 20:34:48 -------- d-----w- c:documents and settingsgregory van :filtered:application dataRealNetworks

2012-04-01 20:22:16 9200 ------w- c:windowssystem32driverscdralw2k.sys

2012-04-01 20:22:16 9072 ------w- c:windowssystem32driverscdr4_xp.sys

2012-04-01 19:24:44 11776 ----a-w- c:program filesmozilla firefoxpluginsnprjplug.dll

2012-04-01 19:23:49 150696 ----a-w- c:program filesmozilla firefoxpluginsnppl3260.dll

2012-04-01 19:23:38 108544 ----a-w- c:program filesmozilla firefoxpluginsnprpjplug.dll

2012-04-01 18:33:44 -------- d-----w- c:documents and settingsall usersapplication dataSpeedbit

2012-04-01 18:33:40 -------- d-----w- c:program filesSpeedBit Video Accelerator

2012-04-01 16:53:49 418464 ----a-w- c:windowssystem32FlashPlayerApp.exe

2012-03-31 17:01:18 -------- d-----w- c:documents and settingsgregory van :filtered:application dataPCTools

2012-03-31 03:23:33 56840 ----a-w- c:windowssystem32driversPCTBD.sys

2012-03-31 03:05:25 -------- d-----w- c:documents and settingsgregory van :filtered:application dataTestApp

2012-03-20 16:29:45 -------- d-----w- c:documents and settingsgregory van :filtered:local settingsapplication dataThreat Expert

2012-03-19 12:55:19 592824 ----a-w- c:program filesmozilla firefoxgkmedias.dll

2012-03-19 12:55:19 44472 ----a-w- c:program filesmozilla firefoxmozglue.dll

2012-03-15 00:23:35 -------- d-----w- c:program filesPC Tools Security

2012-03-14 23:35:13 -------- d-----w- c:documents and settingsgregory van :filtered:application dataSystweak

2012-03-14 23:34:55 17280 ----a-w- c:windowssystem32roboot.exe

2012-03-14 22:04:57 -------- d-----w- c:windowssystem32wbemrepositoryFS

2012-03-14 22:04:57 -------- d-----w- c:windowssystem32wbemRepository

.

==================== Find3M ====================

.

2012-04-01 16:57:14 70304 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2012-03-01 07:32:39 39016 ----a-w- c:windowssystem32driverstbhsd.sys

2012-02-23 14:18:36 237072 ------w- c:windowssystem32MpSigStub.exe

2012-02-15 15:01:50 4547944 ----a-w- c:windowssystem32usbaaplrc.dll

2012-02-15 15:01:50 43520 ----a-w- c:windowssystem32driversusbaapl.sys

2012-02-03 09:22:18 1860096 ----a-w- c:windowssystem32win32k.sys

2012-01-24 05:29:58 23608 ----a-w- c:windowssystem32driversSndTAudio.sys

2012-01-11 19:06:47 3072 ------w- c:windowssystem32iacenc.dll

2012-01-09 16:20:25 139784 ----a-w- c:windowssystem32driversrdpwd.sys

2004-08-04 10:00:00 94784 --sh--w- c:windowstwain.dll

2010-12-20 17:32:15 551936 --sh--w- c:windowssystem32oleaut32.dll

.

============= FINISH: 13:47:58.16 ===============

 

 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-10 13:21:45

-----------------------------

13:21:45.988 OS Version: Windows 5.1.2600 Service Pack 3

13:21:45.988 Number of processors: 1 586 0xD06

13:21:45.988 ComputerName: DGYWD581 UserName:

13:21:46.469 Initialize success

13:21:57.325 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-3

13:21:57.325 Disk 0 Vendor: WDC_WD1600BEVE-00UYT0 01.04A01 Size: 152627MB BusType: 3

13:21:57.375 Disk 0 MBR read successfully

13:21:57.375 Disk 0 MBR scan

13:21:57.375 Disk 0 unknown MBR code

13:21:57.375 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 188 MB offset 63

13:21:57.395 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 138035 MB offset 385560

13:21:57.415 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 14402 MB offset 283081365

13:21:57.425 Disk 0 scanning sectors +312576705

13:21:57.505 Disk 0 scanning C:WINDOWSsystem32drivers

13:22:07.309 Service scanning

13:22:11.104 Service .cdrom * **LOCKED** 123

13:22:20.107 Service MpKsle185e09c c:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{338724CF-042A-4D89-89BF-82E22FDBC748}MpKsle185e09c.sys **LOCKED** 32

13:22:30.683 Modules scanning

13:22:38.374 Disk 0 trace - called modules:

13:22:38.414 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS NDIS.sys iwca.sys

13:22:38.434 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x8acacab8]

13:22:38.444 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8ac7f9c8]

13:22:38.464 5 PCTCore.sys[f7857407] -> nt!IofCallDriver -> Device0000008b[0x8acae9e8]

13:22:38.474 7 ACPI.sys[f758e620] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-3[0x8ac65d98]

13:22:38.494 Scan finished successfully

13:24:12.930 Disk 0 MBR has been saved successfully to "E:MBR.dat"

13:24:12.950 The log file has been saved successfully to "E:aswMBR.txt"

Share this post


Link to post
Share on other sites

Hi,

 

Just a quick question. Is this a work computer? Are you aware that there are settings to use a proxy server set on your system?

Share this post


Link to post
Share on other sites

No it is not a "work" computer, this is a laptop that I take with me on the road. I use it for a variety of work and personal tasks. No I was not aware of settings to use a proxy server. That is above my Tech skill level......LOL

Edited by Dutchman4727

Share this post


Link to post
Share on other sites

Please read through these instructions to familarize yourself with what to expect when this tool runs

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

Posted Image

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

Notes:

 

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

----------

Share this post


Link to post
Share on other sites

Hi Jeff, Thanks for the help. I will download and run as directed. The computer I am currently using (at work) will not permit the download so I will have to do it tonight. I hope to have the results posted by tomorrow. Thanks again.

 

Greg

Share this post


Link to post
Share on other sites

Hi Jeff, Here is the log from Combofix. As you can see my laptop does not have the Windows Recovery module accesible. Since I cannot access the internet with the laptop, any suggestions on how to get it reinstalled/ I am on the road and do not have my Windows installation disks. Thanks again.

Greg

 

 

ComboFix 12-04-11.03 - Gregory Van :filtered: 04/11/2012 12:42:43.1.1 - x86

Running from: c:documents and settingsGregory Van :filtered:DesktopComboFix.exe

* Created a new restore point

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:documents and settingsAll UsersApplication DataTEMP

c:documents and settingsGregory Van :filtered:Application DataAdobeplugs

c:documents and settingsGregory Van :filtered:Application DataAdobeshed

c:documents and settingsGregory Van :filtered:Application DataAdobeshedthr1.chm

c:documents and settingsGregory Van :filtered:WINDOWS

c:windowsDownloaded Program FilesTemp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------Service_.cdrom

.

.

((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))

.

.

2012-04-07 13:36 . 2012-04-07 13:36 -------- d-----w- C:found.000

2012-04-06 13:13 . 2012-04-06 13:13 -------- d-----w- c:documents and settingsAdministratorIETldCache

2012-04-06 11:40 . 2012-04-06 11:40 -------- d-----w- c:documents and settingsNetworkServiceApplication DataApple Computer

2012-04-06 00:25 . 2012-03-20 07:53 6582328 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{338724CF-042A-4D89-89BF-82E22FDBC748}mpengine.dll

2012-04-06 00:18 . 2012-04-06 00:22 -------- d-----w- c:program filesMicrosoft Security Client

2012-04-05 23:59 . 2012-02-17 19:08 767952 ----a-w- c:windowsBDTSupport.dll

2012-04-05 23:59 . 2012-02-17 19:08 149456 ----a-w- c:windowsSGDetectionTool.dll

2012-04-05 23:59 . 2012-02-17 19:08 2250704 ----a-w- c:windowsPCTBDCore.dll

2012-04-05 23:59 . 2012-02-17 19:08 1681360 ----a-w- c:windowsPCTBDRes.dll

2012-04-05 23:58 . 2012-02-24 14:31 253352 ----a-w- c:windowssystem32driverspctgntdi.sys

2012-04-05 23:58 . 2012-02-24 14:35 17848 ----a-w- c:windowssystem32driverspctBTFix.sys

2012-04-05 23:58 . 2012-02-24 14:37 70536 ----a-w- c:windowssystem32driverspctplsg.sys

2012-04-05 23:58 . 2012-04-05 23:58 -------- d-----w- c:program filesPC Tools

2012-04-05 23:54 . 2011-12-01 20:07 909728 ----a-w- c:windowssystem32driverspctEFA.sys

2012-04-05 23:54 . 2011-12-01 20:07 342168 ----a-w- c:windowssystem32driverspctDS.sys

2012-04-05 23:54 . 2011-11-14 19:12 331880 ----a-w- c:windowssystem32driversPCTCore.sys

2012-04-05 23:54 . 2011-11-14 19:12 162584 ----a-w- c:windowssystem32driversPCTAppEvent.sys

2012-04-05 23:54 . 2012-04-06 13:18 -------- d-----w- c:program filesCommon FilesPC Tools

2012-04-05 23:54 . 2012-02-24 14:36 185560 ----a-w- c:windowssystem32driversPCTSD.sys

2012-04-05 22:19 . 2012-04-05 22:19 -------- d-----w- c:documents and settingsNetworkServiceApplication Dataiolo

2012-04-01 20:49 . 2012-04-01 20:49 237 ----a-w- C:user.js

2012-04-01 20:49 . 2012-04-01 20:49 -------- d-----w- c:documents and settingsGregory Van :filtered:Local SettingsApplication DataBabylon

2012-04-01 20:49 . 2012-04-01 20:49 -------- d-----w- c:documents and settingsGregory Van :filtered:Application DataBabylon

2012-04-01 20:49 . 2012-04-01 20:49 -------- d-----w- c:documents and settingsAll UsersApplication DataBabylon

2012-04-01 20:48 . 2012-04-01 20:49 -------- d-----w- c:program filesFoxTabVideoConverter

2012-04-01 20:34 . 2012-04-01 20:34 -------- d-----w- c:documents and settingsGregory Van :filtered:Application DataRealNetworks

2012-04-01 20:22 . 2012-04-01 20:21 9200 ------w- c:windowssystem32driverscdralw2k.sys

2012-04-01 20:22 . 2012-04-01 20:21 9072 ------w- c:windowssystem32driverscdr4_xp.sys

2012-04-01 19:24 . 2012-04-01 19:24 11776 ----a-w- c:program filesMozilla Firefoxpluginsnprjplug.dll

2012-04-01 19:23 . 2012-04-01 19:23 150696 ----a-w- c:program filesMozilla Firefoxpluginsnppl3260.dll

2012-04-01 19:23 . 2012-04-01 19:23 108544 ----a-w- c:program filesMozilla Firefoxpluginsnprpjplug.dll

2012-04-01 18:33 . 2012-04-01 18:33 -------- d-----w- c:documents and settingsAll UsersApplication DataSpeedbit

2012-04-01 18:33 . 2012-04-01 18:34 -------- d-----w- c:program filesSpeedBit Video Accelerator

2012-04-01 16:53 . 2012-04-01 16:57 418464 ----a-w- c:windowssystem32FlashPlayerApp.exe

2012-03-31 17:01 . 2012-03-31 17:01 -------- d-----w- c:documents and settingsGregory Van :filtered:Application DataPCTools

2012-03-31 03:23 . 2011-09-28 17:14 56840 ----a-w- c:windowssystem32driversPCTBD.sys

2012-03-31 03:05 . 2012-03-31 03:05 -------- d-----w- c:documents and settingsGregory Van :filtered:Application DataTestApp

2012-03-20 16:29 . 2012-03-20 16:29 -------- d-----w- c:documents and settingsGregory Van :filtered:Local SettingsApplication DataThreat Expert

2012-03-19 12:55 . 2012-03-19 12:55 592824 ----a-w- c:program filesMozilla Firefoxgkmedias.dll

2012-03-19 12:55 . 2012-03-19 12:55 44472 ----a-w- c:program filesMozilla Firefoxmozglue.dll

2012-03-15 00:23 . 2012-04-05 23:44 -------- d-----w- c:program filesPC Tools Security

2012-03-14 23:35 . 2012-03-15 04:52 -------- d-----w- c:documents and settingsGregory Van :filtered:Application DataSystweak

2012-03-14 23:34 . 2012-03-06 20:30 17280 ----a-w- c:windowssystem32roboot.exe

2012-03-14 22:04 . 2012-03-14 22:04 -------- d-----w- c:windowssystem32wbemRepository

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-01 16:57 . 2011-06-11 20:30 70304 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2012-03-01 07:32 . 2012-03-01 07:32 39016 ----a-w- c:windowssystem32driverstbhsd.sys

2012-02-23 14:18 . 2010-01-14 21:23 237072 ------w- c:windowssystem32MpSigStub.exe

2012-02-15 15:01 . 2011-01-20 17:12 4547944 ----a-w- c:windowssystem32usbaaplrc.dll

2012-02-15 15:01 . 2011-01-20 17:12 43520 ----a-w- c:windowssystem32driversusbaapl.sys

2012-02-03 09:22 . 2008-08-26 15:07 1860096 ----a-w- c:windowssystem32win32k.sys

2012-01-24 05:29 . 2012-03-06 18:35 23608 ----a-w- c:windowssystem32driversSndTAudio.sys

2012-03-19 12:55 . 2011-11-30 14:32 97208 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll

2004-08-04 10:00 94784 --sh--w- c:windowstwain.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2011-06-15 997920]

"TkBellExe"="c:program filesrealrealplayerupdaterealsched.exe" [2012-04-01 296056]

"bacstray"="c:program filesBroadcomBACSBacsTray.exe" [2003-12-15 118784]

.

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]

"DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2009-09-26 518040]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyIntelWireless]

2004-09-07 21:08 110592 ----a-w- c:program filesIntelWirelessBinLgNotify.dll

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ 0

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:windowspssAdobe Reader Speed Launch.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

backup=c:windowspssDigital Line Detect.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet 7100 series) - 1.lnk]

backup=c:windowspssHPAiODevice(hp officejet 7100 series) - 1.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

backup=c:windowspssMcAfee Security Scan Plus.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:windowspssMicrosoft Office.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

backup=c:windowspssQuickBooks Update Agent.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^STK02N 2.0 PNP Monitor.lnk]

backup=c:windowspssSTK02N 2.0 PNP Monitor.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk]

backup=c:windowspssWireless USB 2.0 WLAN Card Utility.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^Gregory Van :filtered:^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:windowspssAdobe Reader Speed Launch.lnkStartup

.

[HKLM~startupfolderC:^Documents and Settings^Gregory Van :filtered:^Start Menu^Programs^Startup^Digital Line Detect.lnk]

backup=c:windowspssDigital Line Detect.lnkStartup

.

[HKLM~startupfolderC:^Documents and Settings^Gregory Van :filtered:^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:windowspssMicrosoft Office.lnkStartup

.

[HKLM~startupfolderC:^Documents and Settings^Gregory Van :filtered:^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

backup=c:windowspssQuickBooks Update Agent.lnkStartup

.

[HKLM~startupfolderC:^Documents and Settings^Gregory Van :filtered:^Start Menu^Programs^Startup^STK02N 2.0 PNP Monitor.lnk]

backup=c:windowspssSTK02N 2.0 PNP Monitor.lnkStartup

HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISTray

HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPerformerTray

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcronisTimounterMonitor]

2009-10-16 22:42 904840 ----a-w- c:program filesSeagateDiscWizardTimounterMonitor.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Photo Downloader]

2007-03-09 15:09 63712 ----a-w- c:program filesAdobePhotoshop Album Starter Edition3.2Appsapdproxy.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAirPort Base Station Agent]

2009-11-11 21:17 771360 ----a-w- c:program filesAirPortAPAgent.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAppleSyncNotifier]

2011-10-06 05:52 59240 ----a-w- c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon]

2012-02-21 01:28 59240 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregbacstray]

2003-12-15 17:08 118784 ----a-w- c:program filesBroadcomBACSBacsTray.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBroadcom Wireless Manager UI]

2007-03-16 23:10 1392640 ----a-w- c:windowssystem32WLTRAY.EXE

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]

2008-04-14 10:42 15360 ----a-w- c:windowssystem32ctfmon.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDellSupport]

2007-03-15 15:09 460784 ----a-w- c:program filesDellSupportDSAgnt.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDIGServices]

2005-05-19 18:55 101888 ----a-w- c:program filesESPNRunTimeDIGServices.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDiscWizardMonitor.exe]

2009-10-16 22:37 1325936 ----a-w- c:program filesSeagateDiscWizardDiscWizardMonitor.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdla]

2005-05-31 10:33 122941 ----a-w- c:windowssystem32dlatfswctrl.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdleemon.exe]

2010-01-18 15:49 770728 ----a-w- c:program filesDell V715wdleemon.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDMXLauncher]

2005-01-27 06:02 86016 ----a-w- c:program filesDellMedia ExperienceDMXLauncher.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdscactivate]

2007-11-15 14:24 16384 ----a-w- c:program filesDell Support Centergs_agentcustomdsca.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDVDLauncher]

2005-04-28 19:34 53248 ------w- c:program filesCyberLinkPowerDVDDVDLauncher.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDW6]

2011-06-08 14:45 822456 ----a-w- c:program filesThe Weather Channel FWDesktopDesktopWeather.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEzPrint]

2010-01-18 15:49 139944 ----a-w- c:program filesDell V715wezprint.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregigfxhkcmd]

2005-09-20 13:32 77824 ----a-w- c:windowssystem32hkcmd.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregigfxpers]

2005-09-20 13:36 114688 ----a-w- c:windowssystem32igfxpers.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregigfxtray]

2005-09-20 13:35 94208 ----a-w- c:windowssystem32igfxtray.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSPM Startup]

2005-02-16 20:15 221184 ----a-w- c:progra~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSScheduler]

2005-02-16 20:15 81920 ----a-w- c:program filesCommon FilesInstallShieldUpdateServiceissch.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]

2012-03-27 09:09 421736 ----a-w- c:program filesiTunesiTunesHelper.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOM_Monitor]

2006-05-16 21:50 40960 ----a-w- c:program filesOLYMPUSOLYMPUS MasterFirstStart.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSeagate Scheduler2 Service]

2009-10-16 22:39 136544 ----a-w- c:program filesCommon FilesSeagateSchedule2schedhlp.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregShare-to-Web Namespace Daemon]

2001-07-03 13:11 57344 ----a-w- c:program filesHewlett-PackardHP Share-to-Webhpgs2wnd.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]

2011-10-13 13:27 17351304 ----a-r- c:program filesSkypePhoneSkype.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpyware Doctor]

2010-12-22 19:22 512992 ----a-w- c:documents and settingsGregory Van :filtered:Desktopsdsetup.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSSBkgdUpdate]

2006-10-25 13:03 210472 ----a-w- c:program filesCommon FilesScanSoft SharedSSBkgdUpdateSSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSynTPEnh]

2004-05-14 19:35 536576 ----a-w- c:program filesSynapticsSynTPSynTPEnh.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSynTPLpr]

2004-05-14 05:23 98304 ----a-w- c:program filesSynapticsSynTPSynTPLpr.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]

2012-04-01 19:23 296056 ----a-w- c:program filesRealRealPlayerUpdaterealsched.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

"c:Program FilesSkypePhoneSkype.exe"=

"c:Program FilesMozilla Firefoxplugin-container.exe"=

"c:Documents and SettingsGregory Van :filtered:Start MenuProgramsSkypeSkype.exe"=

"c:Program FilesAirPortAPAgent.exe"=

"c:Program FilesAirPortAPUtil.exe"=

"c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe"=

"c:Program FilesiTunesiTunes.exe"=

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]

"5353:UDP"= 5353:UDP:Bonjour

.

R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [4/5/2012 7:54 PM 331880]

R0 pctDS;PC Tools Data Store;c:windowssystem32driverspctDS.sys [4/5/2012 7:54 PM 342168]

R0 pctEFA;PC Tools Extended File Attributes;c:windowssystem32driverspctEFA.sys [4/5/2012 7:54 PM 909728]

R1 MpKsl0eaea177;MpKsl0eaea177;c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{338724CF-042A-4D89-89BF-82E22FDBC748}MpKsl0eaea177.sys [4/11/2012 1:07 PM 29904]

R1 nipplpt;Novell iCapture Lpt Redirector;c:windowssystem32driversnipplpt.sys [7/5/2006 10:58 AM 18493]

R1 pctgntdi;pctgntdi;c:windowssystem32driverspctgntdi.sys [4/5/2012 7:58 PM 253352]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:windowssystem32driversPCTSD.sys [4/5/2012 7:54 PM 185560]

R2 Browser Defender Update Service;Browser Defender Update Service;c:program filesPC ToolsPC Tools SecurityBDTBDTUpdateService.exe [4/6/2012 8:57 AM 550864]

R2 dlee_device;dlee_device;c:windowssystem32dleecoms.exe -service --> c:windowssystem32dleecoms.exe -service [?]

R2 ioloSystemService;iolo System Service;c:program filesioloCommonLibioloServiceManager.exe [2/28/2012 12:32 PM 722616]

R2 sdAuxService;PC Tools Auxiliary Service;c:program filesPC ToolsPC Tools SecuritypctsAuxs.exe [4/6/2012 8:53 AM 402336]

R3 PCTBD;PC Tools Browser Defender Driver;c:windowssystem32driversPCTBD.sys [3/30/2012 11:23 PM 56840]

S0 Lbd;Lbd;c:windowssystem32DRIVERSLbd.sys --> c:windowssystem32DRIVERSLbd.sys [?]

S1 aubzwqrh;aubzwqrh;??c:windowssystem32driversaubzwqrh.sys --> c:windowssystem32driversaubzwqrh.sys [?]

S1 gwuxubig;gwuxubig;??c:windowssystem32driversgwuxubig.sys --> c:windowssystem32driversgwuxubig.sys [?]

S1 hkeltbkl;hkeltbkl;??c:windowssystem32drivershkeltbkl.sys --> c:windowssystem32drivershkeltbkl.sys [?]

S1 hsuqqnoe;hsuqqnoe;??c:windowssystem32drivershsuqqnoe.sys --> c:windowssystem32drivershsuqqnoe.sys [?]

S1 juafccbj;juafccbj;??c:windowssystem32driversjuafccbj.sys --> c:windowssystem32driversjuafccbj.sys [?]

S1 vqzqoyqc;vqzqoyqc;??c:windowssystem32driversvqzqoyqc.sys --> c:windowssystem32driversvqzqoyqc.sys [?]

S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:windowssystem32spooldriversw32x863dleeserv.exe [8/20/2010 3:47 PM 98984]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [4/1/2012 12:53 PM 253600]

S3 pctplsg;pctplsg;c:windowssystem32driverspctplsg.sys [4/5/2012 7:58 PM 70536]

S3 SndTAudio;SndTAudio;c:windowssystem32driversSndTAudio.sys [3/6/2012 2:35 PM 23608]

S4 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [1/9/2011 1:09 AM 136176]

S4 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [1/9/2011 1:09 AM 136176]

S4 PRISMSVC;PRISMSVC;c:windowssystem32PRISMSVC.exe [11/23/2011 10:26 AM 57344]

S4 Security Activity Dashboard Service;Security Activity Dashboard Service; [x]

S4 SgtSch2Svc;Seagate Scheduler2 Service;c:program filesCommon FilesSeagateSchedule2schedul2.exe [10/16/2009 6:39 PM 431456]

S4 VideoAcceleratorService;VideoAcceleratorService;c:progra~1SPEEDB~1VideoAcceleratorService.exe -start -scm --> c:progra~1SPEEDB~1VideoAcceleratorService.exe -start -scm [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL0EAEA177

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-06 c:windowsTasksAdobe Flash Player Updater.job

- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-01 16:57]

.

2012-04-02 c:windowsTasksAppleSoftwareUpdate.job

- c:program filesApple Software UpdateSoftwareUpdate.exe [2011-06-01 21:57]

.

2012-04-05 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-01-09 05:09]

.

2012-04-06 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-01-09 05:09]

.

2012-04-11 c:windowsTasksMP Scheduled Scan.job

- c:program filesMicrosoft Security ClientAntimalwareMpCmdRun.exe [2011-04-27 19:39]

.

2012-04-05 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-1215593385-302562173-2562513909-1006.job

- c:program filesRealRealUpgraderealupgrade.exe [2012-01-30 21:45]

.

2012-04-05 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-1215593385-302562173-2562513909-1006.job

- c:program filesRealRealUpgraderealupgrade.exe [2012-01-30 21:45]

.

2012-04-06 c:windowsTasksUser_Feed_Synchronization-{0BDFF483-AF2B-40C8-9FFB-8E8EDD38823F}.job

- c:windowssystem32msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.babylon.com/?AF=110807&tt=290312_bexdll&babsrc=HP_ss&mntrId=980c58cd0000000000000013ce22f86b

uInternet Settings,ProxyServer = proxy-mem3131d.network.fedex.com:3128

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:progra~1MICROS~4Office12EXCEL.EXE/3000

LSP: c:program filesCommon FilesPC ToolsLspPCTLsp.dll

Trusted Zone: target.com

DPF: {037790A6-1576-11D6-903D-00105AABADD3} - hxxps://pilot.fedex.com/bluezone/bzw2h5/controls/sglw2hcm.ocx

FF - ProfilePath - c:documents and settingsGregory Van :filtered:Application DataMozillaFirefoxProfiles7dmwtqfl.default

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2708334&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/

FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=

FF - prefs.js: network.proxy.type - 2

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110807

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 980c58cd0000000000000013ce22f86b

FF - user.js: extensions.BabylonToolbar_i.hardId - 980c58cd0000000000000013ce22f86b

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:49

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Notify-TPSvc - TPSvc.dll

SafeBoot-AVG Anti-Spyware Driver

SafeBoot-AVG Anti-Spyware Guard

AddRemove-WebCyberCoach_wtrb - c:program filesWebCyberCoachb_DellWCC_Wipe.exe WebCyberCoach extwtrb

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-11 13:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1436)

c:program filesIntelWirelessBinLgNotify.dll

.

- - - - - - - > 'lsass.exe'(1496)

c:windowssystem32relog_ap.dll

.

- - - - - - - > 'explorer.exe'(1216)

c:windowssystem32ieframe.dll

c:windowssystem32OneX.DLL

c:windowssystem32eappprxy.dll

c:windowssystem32webcheck.dll

c:windowssystem32WPDShServiceObj.dll

c:windowssystem32PortableDeviceTypes.dll

c:windowssystem32PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:program filesMicrosoft Security ClientAntimalwareMsMpEng.exe

c:program filesSymantecLiveUpdateALUSchedulerSvc.exe

c:windowssystem32bgsvcgen.exe

c:program filesBonjourmDNSResponder.exe

c:windowssystem32dleecoms.exe

c:program filesIntelWirelessBinZcfgSvc.exe

c:windowssystem32PRISMSVR.EXE

.

**************************************************************************

.

Completion time: 2012-04-11 13:19:22 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-11 17:19

.

Pre-Run: 98,924,593,152 bytes free

Post-Run: 99,120,402,432 bytes free

.

- - End Of File - - 53E6EDC69DD68A289B58C95A4D741671

Share this post


Link to post
Share on other sites

Hi,

 

Great job! Attaching the logs works as well. From now on please ATTACH the logs to your replies and we will be able to move along.

 

 

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

 

Disable your AntiVirus and AntiSpyware applications.

 

Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.

---------

Share this post


Link to post
Share on other sites

Hi,

 

Download the file I have attached to this response directly to your Desktop and then follow the instructions below...

 

Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Attach the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

CFScript.txt

Edited by jeffce

Share this post


Link to post
Share on other sites

Hi Jeff,

 

The new improved Combifix asked me to connect to the internet to download some files. The infected machine cannot as a symptom of the infection. I ran it anyway and attached is the resulting log. Cheers

Greg

Combofixlog5.txt

Share this post


Link to post
Share on other sites

Hi,

 

 

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

 

Disable your AntiVirus and AntiSpyware applications.

 

Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.

---------

 

Now run ComboFix using the same set of instructions I provided in Post # 13

Share this post


Link to post
Share on other sites

Hi,

 

Download the attached file to your desktop and do the following...

 

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

CFScript.txt

Share this post


Link to post
Share on other sites

Hi,

 

Looking better....

 

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

     

    Posted Image

  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:

C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------

 

 

ESET Online Scanner

I'd like us to scan your machine with ESET Online Scan

 

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as

    ESETScan. Include the contents of this report in your next reply.

  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/

----------

 

In your next reply please post the logs made by Malwarebytes and ESET online scan. :)

Share this post


Link to post
Share on other sites

Hi Jeff,

The machine still is unable to connect to the internet. So an online scan and update of malwarebytes is impossible unless I can restore the internet connection.......any ideas? I will install the malwarebytes from a flash drive.

 

Thanks

Greg

Share this post


Link to post
Share on other sites

Hi,

 

Run Malwarebytes again and this time remove anything found. Attach the log to your next reply.

----------

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
In your next reply ATTACH the logs made by Malwarebytes and Farbar Service Scanner. :)

Share this post


Link to post
Share on other sites

Hi,

 

Go to Start >> Run >> type CMD and this will open the command prompt.

 

In the command prompt type the following:

 

IPCONFIG /RELEASE (press Enter)

 

IPCONFIG /FLUSHDNS (press Enter)

 

IPCONFIG /RENEW (press Enter)

 

Close out of the command prompt and reboot.

 

Try to connect to the internet now and let me know if that helped.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×