Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Happili Virus Redirect

This is a discussion on Happili Virus Redirect within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello: I've been hit with the Happili virus where it redirects me when I conduct a google search. Attached is


 
 
Thread Tools Search this Thread
Old 05-11-2012, 09:43 AM   #1
Registered Member
 
Join Date: May 2012
Posts: 8
OS: Windows XP SP3



Hello:

I've been hit with the Happili virus where it redirects me when I conduct a google search. Attached is the GMER and TDSS files. Your help is greatly appreciated. Thank you.

-ttvr4
Attached Files
File Type: txt TDSSKiller.2.7.34.0_11.05.2012_09.39.16_log.txt (121.1 KB, 84 views)
File Type: txt gmer.txt (501.4 KB, 78 views)
ttvr4 is offline  
Sponsored Links
Advertisement
 
Old 05-12-2012, 02:37 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see the 2 logs from dds(not TDSSKiller) in order to help you:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-13-2012, 10:41 AM   #3
Registered Member
 
Join Date: May 2012
Posts: 8
OS: Windows XP SP3



Chemist:

Attached are the two files you requested. Thank you for your help.

-ttvr4

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by 30012132 at 10:40:46 on 2012-05-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.2703 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avaya\Contact Center Express\Desktop\Media Proxy Service\ASMediaProxyService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kepware\KEPServerEX 5\server_eventlog.exe
C:\Program Files\LadderComOp\LadderComOP.exe
C:\Program Files\OCS Inventory Agent\OcsService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\WatchGuard\WatchGuard Authentication Client\wgssoclient.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Kepware\KEPServerEX 5\server_runtime.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
svchost.exe
C:\Documents and Settings\30012132\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mmc.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com/sphome.aspx
uWindow Title = Windows Internet Explorer provided by Yokogawa Corporation of America
uStart Page = hxxp://mynet
uDefault_Page_URL = hxxp://mynet
uInternet Settings,ProxyServer = http=127.0.0.1:64545
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
mSearchAssistant = hxxp://www.bing.com/sphome.aspx
uWinlogon: Shell=explorer.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\30012132\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [MSCRM] "c:\program files\microsoft dynamics crm\client\configwizard\CrmForOutlookInstaller.exe" /activateaddin
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SBAMTray] "c:\program files\gfi software\gfiagent\SBAMTray.exe"
mRun: [wpaubj] rundll32.exe "c:\docume~1\30012132\locals~1\temp\wpaubj.dll",CreateTexture
mRun: [delidr] rundll32.exe "c:\docume~1\30012132\locals~1\temp\delidr.dll",MutexOperation
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: DisallowCpl = 1 (0x1)
uPolicies-disallowrun: 1 = antivirusplus.exe
uPolicies-disallowrun: 2 = autorun.inf
uPolicies-disallowrun: 3 = bittorrent.exe
uPolicies-disallowrun: 4 = clamscan.exe
uPolicies-disallowrun: 5 = clamtray.exe
uPolicies-disallowrun: 6 = clickyes.exe
uPolicies-disallowrun: 7 = dreamscene.exe
uPolicies-disallowrun: 8 = edonkey.exe
uPolicies-disallowrun: 9 = embassysecuritycenter.exe
uPolicies-disallowrun: 10 = freshclam.exe
uPolicies-disallowrun: 11 = gnutella.exe
uPolicies-disallowrun: 12 = GoogleUpdaterService.exe
uPolicies-disallowrun: 13 = iphox_downloader_p.exe
uPolicies-disallowrun: 14 = LimeWire.exe
uPolicies-disallowrun: 15 = napster.exe
uPolicies-disallowrun: 16 = optimize.exe
uPolicies-disallowrun: 17 = replaymusic.exe
uPolicies-disallowrun: 18 = sigtool.exe
uPolicies-disallowrun: 19 = simplemu.exe
uPolicies-disallowrun: 20 = skype.exe
uPolicies-disallowrun: 21 = spysweeper.exe
uPolicies-disallowrun: 22 = spysweeperui.exe
uPolicies-disallowrun: 23 = tcpsvcs.exe
uPolicies-disallowrun: 24 = toolbarupdater.exe
uPolicies-disallowrun: 25 = vprot.exe
uPolicies-disallowrun: 26 = wallpap.exe
uPolicies-disallowrun: 27 = wallpap[1].exe
uPolicies-disallowrun: 28 = warez.exe
uPolicies-disallowrun: 29 = whagent.exe
uPolicies-disallowrun: 30 = winmx_music.exe
uPolicies-disallowrun: 31 = winmxmusic.exe
uPolicies-disallowrun: 32 = winvnc.exe
uPolicies-disallowrun: 33 = wwdisp.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286153201906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C215884C-259F-4D49-B1A6-D6AE49758A56} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F41FA29D-175A-43DA-B1CD-94FCD8036AEE} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 72.34.139.33 fms-ico-prd1
Hosts: 72.34.139.102 fms-ico-prd2
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\30012132\application data\mozilla\firefox\profiles\bvmpmdkb.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64545
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\30012132\application data\mozilla\firefox\profiles\bvmpmdkb.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll
FF - plugin: c:\documents and settings\30012132\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\documents and settings\30012132\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\30012132\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\30012132\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-9-11 17072]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-1-20 752128]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-3-13 21496]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-3-13 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-3-13 212568]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-1-20 3246040]
R2 AS Media Proxy Service;AS Media Proxy Service;c:\program files\avaya\contact center express\desktop\media proxy service\ASMediaProxyService.exe [2010-12-15 20480]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-23 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-23 27040]
R2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\d-link\shareport utility\Spnuhelper.exe [2011-10-2 40960]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 376688]
R2 DriverX;DriverX;c:\windows\system32\drivers\Driverx.sys [2009-12-14 40992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-9-11 13336]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-9-11 60928]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 KEPServerEXLoggerV5;KEPServerEX 5.3 Event Logger;c:\program files\kepware\kepserverex 5\server_eventlog.exe [2010-8-10 105248]
R2 KEPServerEXV5;KEPServerEX 5.3;c:\program files\kepware\kepserverex 5\server_runtime.exe [2010-8-10 436000]
R2 LadderComOP;LadderComOP;c:\program files\laddercomop\LadderComOP.exe [2012-5-9 65536]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-10-5 12184]
R2 OCS Inventory Service;OCS Inventory Service;c:\program files\ocs inventory agent\OcsService.exe [2011-5-8 35840]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-9-11 59904]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-3-13 74104]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\gfiagent\SBPIMSvc.exe [2011-10-12 181616]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2009-7-3 246920]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R2 WatchGuard Authentication Client;WatchGuard Authentication Client;c:\program files\watchguard\watchguard authentication client\wgssoclient.exe [2009-4-23 192512]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-9-11 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-9-11 113664]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-1-20 167968]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-9-11 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-9-11 168616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-11 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-9-11 235520]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2011-9-13 6650752]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-3-13 69208]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-10-1 189792]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-8-30 101624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-28 136176]
S2 MSSQL$CRM;SQL Server (CRM);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S2 SBAMSvc;VIPRE Business Premium;c:\program files\gfi software\gfiagent\SBAMSvc.exe [2011-10-12 2804312]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-28 136176]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-3-13 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-3-13 94040]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2012-05-09 13:53:49 -------- d-----w- c:\program files\V-SFT V5
2012-05-09 13:23:37 -------- d-----w- c:\program files\LadderComOp
2012-05-09 13:22:39 0 ----a-w- c:\windows\system32\V-SFT_USB.BIN
2012-05-09 13:21:19 -------- d-----w- c:\program files\Y-View
2012-05-09 13:02:48 -------- d-----w- c:\program files\ToolBox
2012-05-09 13:02:47 -------- d-----w- c:\documents and settings\all users\application data\Yokogawa
2012-05-08 20:30:56 -------- d-----w- c:\program files\OCS Inventory Agent
2012-05-08 20:30:16 -------- d-----w- c:\documents and settings\all users\application data\OCS Inventory NG
2012-05-03 19:24:31 -------- d-----w- c:\documents and settings\30012132\local settings\application data\PackageAware
.
==================== Find3M ====================
.
2012-05-08 20:32:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 20:32:42 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 07:10:22 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-11 13:26:09 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:23:21 1871360 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:42:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 23:10:08 0 ----a-w- c:\windows\invcol.tmp
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-15 19:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 19:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 10:41:02.65 ===============
Attached Files
File Type: txt dds.txt (20.5 KB, 67 views)
File Type: txt attach.txt (28.2 KB, 79 views)
ttvr4 is offline  
Sponsored Links
Advertisement
 
Old 05-13-2012, 05:25 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello ttvr4. You're welcome.

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed. Let me know your intentions for an antivirus program.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

Disable all antivirus and antispyware programs. Get help here

Double-click ComboFix.exe and follow the prompts to run it.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  • With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:



Please click No

------------------------------------------------------

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:64545
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

Firefox::
FF - ProfilePath - c:\documents and settings\30012132\application data\mozilla\firefox\profiles\bvmpmdkb.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64545
FF - prefs.js: network.proxy.type - 0
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-13-2012, 08:22 PM   #5
Registered Member
 
Join Date: May 2012
Posts: 8
OS: Windows XP SP3



Chemist:

This computer does have anti virus installed. I stopped the anti virus service from running because I did not want it to interfere with DDS. Hope this helps.

-ttvr4
ttvr4 is offline  
Old 05-13-2012, 09:44 PM   #6
Registered Member
 
Join Date: May 2012
Posts: 8
OS: Windows XP SP3



Here is the ComboFix log

-ttvr4

ComboFix 12-05-13.04 - 30012132 05/13/2012 21:34:43.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.2713 [GMT -7:00]
Running from: c:\my documents\Downloads\ComboFix.exe
Command switches used :: c:\my documents\Downloads\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\30012132\LOCALS~1\Temp\delidr.dll
c:\docume~1\30012132\LOCALS~1\Temp\wpaubj.dll
c:\documents and settings\30012132\g2mdlhlpx.exe
c:\documents and settings\30012132\Local Settings\Application Data\assembly\tmp
c:\documents and settings\30012132\Local Settings\Temp\delidr.dll
c:\documents and settings\30012132\Local Settings\Temp\wpaubj.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\a9eaa5ee3efa398f.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\fdd85c2493fe8aab.fb
c:\windows\system32\OLD12.tmp
c:\windows\system32\OLD15.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 03:21 . 2012-05-14 03:21 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-14 03:21 . 2012-05-14 03:21 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-14 03:21 . 2012-05-14 03:21 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-09 13:53 . 2012-05-09 13:57 -------- d-----w- c:\program files\V-SFT V5
2012-05-09 13:23 . 2012-05-09 13:23 -------- d-----w- c:\program files\LadderComOp
2012-05-09 13:22 . 2008-10-30 18:25 0 ----a-w- c:\windows\system32\V-SFT_USB.BIN
2012-05-09 13:21 . 2012-05-09 20:07 -------- d-----w- c:\program files\Y-View
2012-05-09 13:02 . 2012-05-09 13:03 -------- d-----w- c:\program files\ToolBox
2012-05-09 13:02 . 2012-05-09 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Yokogawa
2012-05-08 20:30 . 2012-05-08 20:31 -------- d-----w- c:\program files\OCS Inventory Agent
2012-05-08 20:30 . 2012-05-08 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\OCS Inventory NG
2012-05-03 19:24 . 2012-05-03 19:24 -------- d-----w- c:\documents and settings\30012132\Local Settings\Application Data\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-11 14:45 . 2012-02-03 00:13 63 ----a-w- C:\PRGERROR.bak1
2012-05-11 14:44 . 2012-02-03 00:13 63 ----a-w- C:\PRGERROR.bak2
2012-05-09 16:04 . 2012-02-03 00:13 63 ----a-w- C:\PRGERROR.bak3
2012-05-08 20:32 . 2012-03-30 00:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-08 20:32 . 2011-07-14 15:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 07:10 . 2012-03-30 01:10 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-11 13:26 . 2008-04-25 16:16 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:23 . 2008-04-25 16:16 1871360 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:42 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 23:10 . 2012-03-14 23:10 0 ----a-w- c:\windows\invcol.tmp
2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2012-02-15 19:01 . 2011-01-13 02:58 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 19:01 . 2011-01-13 02:58 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-05-14 03:21 . 2011-05-09 00:27 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\30012132\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\30012132\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\30012132\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\30012132\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-25 495708]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2010-05-25 737280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 170008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 145432]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-02-03 2670592]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"MSCRM"="c:\program files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" [2011-04-28 58216]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"SBAMTray"="c:\program files\GFI Software\GFIAgent\SBAMTray.exe" [2011-10-12 1627504]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-515020923-1814085151-1527837076-1185\Scripts\Logon\0\0]
"Script"=userLogon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-515020923-1814085151-1527837076-1331\Scripts\Logon\0\0]
"Script"=userLogon.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^30012132^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\30012132\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^30012132^Start Menu^Programs^Startup^SharePort Utility.lnk]
path=c:\documents and settings\30012132\Start Menu\Programs\Startup\SharePort Utility.lnk
backup=c:\windows\pss\SharePort Utility.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell ControlPoint System Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
backup=c:\windows\pss\Dell ControlPoint System Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Y-Plant Alert Annunciator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Y-Plant Alert Annunciator.lnk
backup=c:\windows\pss\Y-Plant Alert Annunciator.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-03-26 16:00 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-12-12 01:00 358200 -c--a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-03-27 12:40 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-12-23 13:57 3334432 ----a-w- c:\documents and settings\30012132\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 05:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-26 07:46 1159168 -c----w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2009-01-09 06:53 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]
2009-11-02 16:40 657920 -c--a-w- c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-01 22:37 136176 ----atw- c:\documents and settings\30012132\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-03-04 01:16 284696 -c--a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-10 07:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-07 03:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEPServerEX 5.3]
2010-08-10 09:04 108320 -c--a-w- c:\program files\Kepware\KEPServerEX 5\server_admin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-10 07:07 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-12-29 21:35 140520 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintAudit6]
2010-01-14 22:33 1533264 -c--a-w- c:\program files\Ricoh\PCS Director\Client\pa6clint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 17:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 17:03 210472 -c--a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 20:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-12-12 00:58 5111464 -c--a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USCService]
2010-06-22 16:33 34232 ----a-w- c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2010-07-21 21:01 159616 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Dynamics CRM\\Client\\res\\web\\bin\\Microsoft.Crm.Application.Hoster.exe"=
"c:\\Documents and Settings\\30012132\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\D-Link\\SharePort Utility\\Connect.exe"=
"c:\\Program Files\\Brother\\Brmfl08j\\FAXRX.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\30012132\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\GFI Software\\GFIAgent\\SBAMSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"19540:UDP"= 19540:UDP:SXUPTP
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [9/11/2010 6:29 PM 17072]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [1/20/2011 11:20 PM 752128]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [3/13/2012 11:40 AM 21496]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [3/13/2012 11:26 AM 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [3/13/2012 11:26 AM 212568]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [1/20/2011 11:20 PM 3246040]
R2 AS Media Proxy Service;AS Media Proxy Service;c:\program files\Avaya\Contact Center Express\Desktop\Media Proxy Service\ASMediaProxyService.exe [12/15/2010 8:08 AM 20480]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [11/20/2009 3:42 PM 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [3/23/2010 10:09 PM 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [3/23/2010 10:09 PM 27040]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/8/2010 2:20 PM 376688]
R2 DriverX;DriverX;c:\windows\system32\drivers\Driverx.sys [12/14/2009 6:03 PM 40992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [9/11/2010 6:27 PM 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
R2 KEPServerEXLoggerV5;KEPServerEX 5.3 Event Logger;c:\program files\Kepware\KEPServerEX 5\server_eventlog.exe [8/10/2010 2:00 AM 105248]
R2 KEPServerEXV5;KEPServerEX 5.3;c:\program files\Kepware\KEPServerEX 5\server_runtime.exe [8/10/2010 1:55 AM 436000]
R2 LadderComOP;LadderComOP;c:\program files\LadderComOp\LadderComOP.exe [5/9/2012 6:23 AM 65536]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [10/5/2011 9:33 PM 12184]
R2 OCS Inventory Service;OCS Inventory Service;c:\program files\OCS Inventory Agent\OcsService.exe [5/8/2011 8:17 AM 35840]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [9/11/2010 8:52 PM 59904]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [3/13/2012 11:40 AM 74104]
R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\GFIAgent\SBPIMSvc.exe [10/12/2011 12:28 PM 181616]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [7/3/2009 6:19 PM 246920]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/12/2012 8:11 PM 918880]
R2 WatchGuard Authentication Client;WatchGuard Authentication Client;c:\program files\WatchGuard\WatchGuard Authentication Client\wgssoclient.exe [4/23/2009 8:54 PM 192512]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [9/11/2010 6:29 PM 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/11/2010 8:52 PM 113664]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [1/20/2011 11:21 PM 167968]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [9/11/2010 8:52 PM 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [9/11/2010 8:52 PM 168616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [9/11/2010 8:52 PM 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [9/11/2010 8:52 PM 235520]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [9/13/2011 9:05 PM 6650752]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [3/13/2012 11:26 AM 69208]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/30/2011 6:56 AM 101624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 10:16 AM 130384]
S2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\D-Link\SharePort Utility\Spnuhelper.exe [10/2/2011 6:44 PM 40960]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2011 11:27 AM 136176]
S2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [9/11/2010 6:29 PM 60928]
S2 MSSQL$CRM;SQL Server (CRM);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [11/24/2008 8:31 PM 29263712]
S2 SBAMSvc;VIPRE Business Premium;c:\program files\GFI Software\GFIAgent\SBAMSvc.exe [10/12/2011 12:28 PM 2804312]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2011 11:27 AM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/13/2012 8:21 PM 129976]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [3/13/2012 11:26 AM 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [3/13/2012 11:26 AM 94040]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 9:16 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 10:16 AM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 18:27]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 18:27]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515020923-1814085151-1527837076-11094Core.job
- c:\documents and settings\30012132\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-29 22:37]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515020923-1814085151-1527837076-11094UA.job
- c:\documents and settings\30012132\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-29 22:37]
.
2012-05-14 c:\windows\Tasks\User_Feed_Synchronization-{35B78326-ADED-4CBF-9A74-260D59E9E668}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2012-05-14 c:\windows\Tasks\User_Feed_Synchronization-{B33A8D86-0CD9-4535-857F-7687113B8AD1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2012-05-14 c:\windows\Tasks\User_Feed_Synchronization-{C3A2801F-9184-45A9-8CD1-47FF1672EFEF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mynet
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\30012132\Application Data\Mozilla\Firefox\Profiles\bvmpmdkb.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\30012132\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-13 21:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\wvauth.dll
c:\windows\system32\WININET.dll
.
Completion time: 2012-05-13 21:43:33
ComboFix-quarantined-files.txt 2012-05-14 04:43
.
Pre-Run: 160,890,040,320 bytes free
Post-Run: 161,030,676,480 bytes free
.
- - End Of File - - 4AE584FADD2A19FD2907F2AB71F720B8
Attached Files
File Type: txt ComboFix.txt (27.5 KB, 66 views)
ttvr4 is offline  
Old 05-14-2012, 04:14 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ttvr4. Please tell us how your system is behaving. Are the redirects gone?

Are you running AVG? I see very little signs of it in your logs. It also isn't shown as installed in your Attach.txt log.

No need to attach logs going forward. Just copy/paste them directly into the Reply to Thread window. Thanks.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

sc delete WinRM

A DOS window will open and close again, this is normal.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad (don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"WINRM"=-
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Under the Scanner tab, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

Java(TM) 6 Update 29

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish, then click 'Finish'.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-14-2012, 08:21 AM   #8
Registered Member
 
Join Date: May 2012
Posts: 8
OS: Windows XP SP3



Chemist:

I have Vipre antivirus installed on my computer which I disable when I run programs to capture log files. In addition, I have not seen any re-directs in the past 2 days. The redirects comes on and off.

I have Spybot and CCleaner installed on my laptop. I run these two programs weekly. I will go through the rest of your procedure later this afternoon. Thank you.

-ttvr4
ttvr4 is offline  
Old 05-14-2012, 09:15 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ttvr4. You're welcome. That's fine. Post when you are done.

I hope you don't use the registry cleaner function of CCleaner, as mentioned previously.

------------------------------------------------------

You have a few remnants of AVG we need to get rid of.

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

sc stop vToolbarUpdater10.2.0

A DOS window will open and close again, this is normal.

Repeat for the following:

sc delete vToolbarUpdater10.2.0

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

cmd /c rd /s/q "c:\program files\Common Files\AVG Secure Search"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"=-
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-14-2012, 09:06 PM   #10
Registered Member
 
Join Date: May 2012
Posts: 8
OS: Windows XP SP3



Chemist:

I have not seen the re-direct for at least 3 days now. Here are the logs.


Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.05.14.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
30012132 :: 300-0371 [administrator]

5/14/2012 7:19:43 PM
mbam-log-2012-05-14 (19-19-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323328
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: sysdm.cpl -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----------------------------------------------------

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c445f2703bd5f34e8fe89ce05debc648
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-15 04:03:49
# local_time=2012-05-14 09:03:49 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=149401
# found=1
# cleaned=0
# scan_time=3458
C:\Qoobox\Quarantine\C\DOCUME~1\30012132\LOCALS~1\Temp\delidr.dll.vir a variant of Win32/Medfos.J trojan (unable to clean) 00000000000000000000000000000000 I
ttvr4 is offline  
Old 05-15-2012, 04:58 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ttvr4. Qoobox is ComboFix's quarantine folder. It will get deleted when we uninstall ComboFix.

Please run dds again and post/attach the logs as before, this time keeping Vipre enabled. It shouldn't interfere with dds.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-15-2012, 08:39 AM   #12
Registered Member
 
Join Date: May 2012
Posts: 8
OS: Windows XP SP3



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by 30012132 at 8:38:07 on 2012-05-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.2258 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avaya\Contact Center Express\Desktop\Media Proxy Service\ASMediaProxyService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Kepware\KEPServerEX 5\server_eventlog.exe
C:\Program Files\LadderComOp\LadderComOP.exe
C:\Program Files\OCS Inventory Agent\OcsService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WatchGuard\WatchGuard Authentication Client\wgssoclient.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kepware\KEPServerEX 5\server_runtime.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe
C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\30012132\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
svchost.exe
C:\Documents and Settings\30012132\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mynet
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [MSCRM] "c:\program files\microsoft dynamics crm\client\configwizard\CrmForOutlookInstaller.exe" /activateaddin
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SBAMTray] "c:\program files\gfi software\gfiagent\SBAMTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286153201906
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{AD933964-4E83-4591-9216-22B1E8B0510A} : NameServer = 10.198.1.151,10.198.1.152
TCP: Interfaces\{C215884C-259F-4D49-B1A6-D6AE49758A56} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F41FA29D-175A-43DA-B1CD-94FCD8036AEE} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\30012132\application data\mozilla\firefox\profiles\bvmpmdkb.default\
FF - plugin: c:\documents and settings\30012132\application data\mozilla\firefox\profiles\bvmpmdkb.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll
FF - plugin: c:\documents and settings\30012132\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\documents and settings\30012132\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\30012132\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\30012132\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-9-11 17072]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-1-20 752128]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-3-13 21496]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-3-13 332248]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-8-30 101624]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-3-13 212568]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-1-20 3246040]
R2 AS Media Proxy Service;AS Media Proxy Service;c:\program files\avaya\contact center express\desktop\media proxy service\ASMediaProxyService.exe [2010-12-15 20480]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-23 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-23 27040]
R2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\d-link\shareport utility\Spnuhelper.exe [2011-10-2 40960]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 376688]
R2 DriverX;DriverX;c:\windows\system32\drivers\Driverx.sys [2009-12-14 40992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-9-11 13336]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-9-11 60928]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 KEPServerEXLoggerV5;KEPServerEX 5.3 Event Logger;c:\program files\kepware\kepserverex 5\server_eventlog.exe [2010-8-10 105248]
R2 KEPServerEXV5;KEPServerEX 5.3;c:\program files\kepware\kepserverex 5\server_runtime.exe [2010-8-10 436000]
R2 LadderComOP;LadderComOP;c:\program files\laddercomop\LadderComOP.exe [2012-5-9 65536]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-10-5 12184]
R2 OCS Inventory Service;OCS Inventory Service;c:\program files\ocs inventory agent\OcsService.exe [2011-5-8 35840]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-9-11 59904]
R2 SBAMSvc;VIPRE Business Premium;c:\program files\gfi software\gfiagent\SBAMSvc.exe [2011-10-12 2804312]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-3-13 74104]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\gfiagent\SBPIMSvc.exe [2011-10-12 181616]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2009-7-3 246920]
R2 WatchGuard Authentication Client;WatchGuard Authentication Client;c:\program files\watchguard\watchguard authentication client\wgssoclient.exe [2009-4-23 192512]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-9-11 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-9-11 113664]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-1-20 167968]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-9-11 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-9-11 168616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-11 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-9-11 235520]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2011-9-13 6650752]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-3-13 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-3-13 94040]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-10-1 189792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-28 136176]
S2 MSSQL$CRM;SQL Server (CRM);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-13 129976]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-3-13 69208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2012-05-15 03:01:38 -------- d-----w- c:\program files\ESET
2012-05-15 02:57:19 -------- d-----w- c:\documents and settings\30012132\local settings\application data\Sun
2012-05-15 02:56:10 -------- d-----w- c:\program files\Oracle
2012-05-15 02:56:02 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-15 02:56:02 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-15 02:18:26 -------- d-----w- c:\documents and settings\30012132\application data\Malwarebytes
2012-05-15 02:18:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-15 02:18:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-15 02:18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-14 03:34:25 -------- d-sha-r- C:\cmdcons
2012-05-14 03:29:29 98816 ----a-w- c:\windows\sed.exe
2012-05-14 03:29:29 518144 ----a-w- c:\windows\SWREG.exe
2012-05-14 03:29:29 256000 ----a-w- c:\windows\PEV.exe
2012-05-14 03:29:29 208896 ----a-w- c:\windows\MBR.exe
2012-05-14 03:21:14 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-14 03:21:07 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-14 03:21:07 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-09 13:53:49 -------- d-----w- c:\program files\V-SFT V5
2012-05-09 13:23:37 -------- d-----w- c:\program files\LadderComOp
2012-05-09 13:22:39 0 ----a-w- c:\windows\system32\V-SFT_USB.BIN
2012-05-09 13:21:19 -------- d-----w- c:\program files\Y-View
2012-05-09 13:02:48 -------- d-----w- c:\program files\ToolBox
2012-05-09 13:02:47 -------- d-----w- c:\documents and settings\all users\application data\Yokogawa
2012-05-08 20:30:56 -------- d-----w- c:\program files\OCS Inventory Agent
2012-05-08 20:30:16 -------- d-----w- c:\documents and settings\all users\application data\OCS Inventory NG
2012-05-03 19:24:31 -------- d-----w- c:\documents and settings\30012132\local settings\application data\PackageAware
.
==================== Find3M ====================
.
2012-05-08 20:32:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 20:32:42 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 07:10:22 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-11 13:26:09 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:23:21 1871360 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:42:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-05 01:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 23:10:08 0 ----a-w- c:\windows\invcol.tmp
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-15 19:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 19:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 8:39:42.85 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/30/2010 1:58:14 PM
System Uptime: 5/14/2012 7:47:07 PM (13 hours ago)
.
Motherboard: Dell Inc. | | 02K3Y4
Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz | CPU 1 | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 207 GiB total, 149.811 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 91 GiB total, 36.756 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP330: 2/14/2012 8:26:38 PM - System Checkpoint
RP331: 2/16/2012 9:59:01 AM - Software Distribution Service 3.0
RP332: 2/17/2012 3:24:02 PM - System Checkpoint
RP333: 2/18/2012 453 PM - System Checkpoint
RP334: 2/19/2012 5:01:28 PM - System Checkpoint
RP335: 2/20/2012 8:56:19 AM - Avg Update
RP336: 2/21/2012 10:56:11 AM - System Checkpoint
RP337: 2/22/2012 1141 AM - System Checkpoint
RP338: 2/23/2012 1:34:44 PM - System Checkpoint
RP339: 2/23/2012 2:30:15 PM - Installed MW100 Offline
RP340: 2/25/2012 9:59:50 AM - System Checkpoint
RP341: 2/27/2012 12:32:06 PM - System Checkpoint
RP342: 2/28/2012 12:00:38 PM - Unsigned driver install
RP343: 2/29/2012 9:32:23 AM - Software Distribution Service 3.0
RP344: 3/1/2012 11:03:05 AM - System Checkpoint
RP345: 3/2/2012 4:52:06 PM - System Checkpoint
RP346: 3/3/2012 4:55:31 PM - System Checkpoint
RP347: 3/4/2012 6:03:20 PM - System Checkpoint
RP348: 3/5/2012 6:13:37 PM - System Checkpoint
RP349: 3/6/2012 6:36:13 PM - System Checkpoint
RP350: 3/7/2012 9:14:04 PM - System Checkpoint
RP351: 3/8/2012 9:33:31 PM - System Checkpoint
RP352: 3/10/2012 11:21:11 AM - System Checkpoint
RP353: 3/11/2012 8:02:00 PM - System Checkpoint
RP354: 3/12/2012 8:14:28 PM - System Checkpoint
RP355: 3/13/2012 8:28:13 PM - System Checkpoint
RP356: 3/14/2012 8:46:47 AM - Software Distribution Service 3.0
RP357: 3/14/2012 6:26:41 PM - Installed DirectX
RP358: 3/14/2012 6:26:50 PM - Installed DirectX
RP359: 3/14/2012 6:26:56 PM - Installed DirectX
RP360: 3/14/2012 6:27:02 PM - Installed DirectX
RP361: 3/14/2012 6:27:46 PM - Installed Nero Kwik Media.
RP362: 3/14/2012 6:34:02 PM - Removed Nero Kwik Media.
RP363: 3/16/2012 11:42:25 AM - System Checkpoint
RP364: 3/17/2012 1:46:43 PM - System Checkpoint
RP365: 3/18/2012 10:08:02 PM - Software Distribution Service 3.0
RP366: 3/19/2012 10:52:01 PM - System Checkpoint
RP367: 3/22/2012 10:55:04 AM - System Checkpoint
RP368: 3/24/2012 6:32:38 PM - System Checkpoint
RP369: 3/26/2012 1:59:17 PM - System Checkpoint
RP370: 3/29/2012 10:46:23 AM - System Checkpoint
RP371: 3/31/2012 2:23:43 AM - Software Distribution Service 3.0
RP372: 4/1/2012 4:18:40 PM - System Checkpoint
RP373: 4/2/2012 6:16:39 PM - System Checkpoint
RP374: 4/3/2012 6:52:11 PM - System Checkpoint
RP375: 4/4/2012 8:00:19 PM - System Checkpoint
RP376: 4/5/2012 8:15:10 PM - System Checkpoint
RP377: 4/9/2012 11:25:00 AM - System Checkpoint
RP378: 4/10/2012 12:59:04 PM - System Checkpoint
RP379: 4/11/2012 1:15:44 PM - Software Distribution Service 3.0
RP380: 4/12/2012 1:26:35 PM - System Checkpoint
RP381: 4/13/2012 2:59:04 PM - System Checkpoint
RP382: 4/16/2012 5:12:54 PM - System Checkpoint
RP383: 4/17/2012 5:37:05 PM - System Checkpoint
RP384: 4/18/2012 12:03:15 PM - Software Distribution Service 3.0
RP385: 4/19/2012 4:41:29 PM - System Checkpoint
RP386: 4/21/2012 11:11:37 AM - System Checkpoint
RP387: 4/25/2012 6:33:55 PM - System Checkpoint
RP388: 4/26/2012 7:11:42 PM - System Checkpoint
RP389: 4/27/2012 8:02:20 PM - System Checkpoint
RP390: 4/30/2012 10:19:08 AM - System Checkpoint
RP391: 5/1/2012 6:02:32 PM - System Checkpoint
RP392: 5/2/2012 6:26:38 PM - System Checkpoint
RP393: 5/3/2012 7:56:46 PM - System Checkpoint
RP394: 5/8/2012 5:57:56 AM - System Checkpoint
RP395: 5/9/2012 6:02:47 AM - Installed ToolBox
RP396: 5/9/2012 6:21:18 AM - Installed Y-View
RP397: 5/9/2012 6:22:44 AM - Installed Y-View
RP398: 5/9/2012 6:23:36 AM - Installed LadderComOp
RP399: 5/9/2012 6:49:47 AM - Installed V-SFT Version 5.4
RP400: 5/9/2012 6:55:18 AM - Installed V-SFT Version 5.4
RP401: 5/9/2012 6:56:10 AM - Installed V-SFT Version 5.4
RP402: 5/9/2012 6:56:58 AM - Installed V-SFT Version 5.4
RP403: 5/9/2012 6:57:24 AM - Installed V-SFT Version 5.4
RP404: 5/9/2012 6:58:12 AM - Installed V-SFT Version 5.4
RP405: 5/9/2012 2:38:30 PM - Software Distribution Service 3.0
RP406: 5/13/2012 8:29:44 PM - ComboFix created restore point
RP407: 5/14/2012 7:45:45 PM - Removed Java(TM) 6 Update 29
RP408: 5/14/2012 7:55:35 PM - Installed Java(TM) 7 Update 4
RP409: 5/14/2012 7:56:09 PM - Installed JavaFX 2.1.0
.
==== Installed Programs ======================
.
2007 Microsoft Office system
32 Bit HP CIO Components Installer
AccelerometerP11
Acronis True Image Home
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Beyond Compare Version 3.2.4
BioAPI Framework
Bonjour
Brother BRAdmin Light 1.21.0001
Brother MFC-9320CW
Brother MFL-Pro Suite MFC-9320CW
BufferChm
CCleaner
Chanalyzer 3.4
Cisco WebEx Meetings
Contact Center Express Desktop
DAQWORX
DAQWORX DAQLOGGER
DAQWORX GateMODBUS
DAQWORX GateOPC
Dell Backup and Recovery Manager
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell ControlVault Host Components Installer
Dell Driver Download Manager
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
DJ_AIO_05_F4400_Software_Min
Document Manager Lite
Dropbox
DW WLAN Card Utility
DWG TrueView 2012
EMBASSY Security Center
EMBASSY Security Setup
eReg
ESC Home Page Plugin
ESET Online Scanner v3
F4400
FileZilla Client 3.5.1
Gemalto
GFI Business Agent
Google Chrome
Google Talk Plugin
Google Update Helper
GoToMeeting 5.0.0.799
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB967048-v2)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
hpWLPGInstaller
Intel PROSet Wireless
Intel(R) Network Connections 15.2.89.0
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
iTunes
Java Auto Updater
Java(TM) 7 Update 4
JavaFX 2.1.0
join.me
Juniper Networks Network Connect 6.5.0
Juniper Networks Network Connect 7.1.0
Juniper Networks Setup Client Activex Control
Juniper Networks, Inc. Setup Client
Junk Mail filter update
KEPServerEX 5
LadderComOp
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.61.0.1400
MCPS6.3
MFCLOC
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Dynamics CRM 4.0 for Microsoft Office Outlook
Microsoft Easy Assist v2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio Viewer 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2005
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (CRM)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser
MW100 Offline
MW100 Viewer Software
NTRU TCG Software Stack
OCS Inventory NG Agent 2.0.0.20
OGA Notifier 2.0.0048.0
PaperPort Image Printer
PCS Director
PowerDVD DX
PowerWeb ActiveX
Preboot Manager
Private Information Manager
QuickTime
RadioShack USB to Serial Driver
Reflection Suite for HP
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Security Wizards
Segoe UI
SharePort Utility
Skype Click to Call
Skype™ 5.5
Snagit 10.0.1
Spotify
Spybot - Search & Destroy
Toolbox
ToolBox Temperature Control and Monitoring Module
Trusted Drive Manager
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2264107)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
UPEK TouchChip Fingerprint Reader
V-SFT Version 5.4
VLC media player 1.1.7
VPN Client
WatchGuard Authentication Client 11.0.0
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
WebReg
WebSlingPlayer ActiveX
WideField2
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
WinRAR 4.00 beta 7 (32-bit)
WinZip
XML Paper Specification Shared Components Pack 1.0
Y-Plant Alert Annunciator
Y-Plant Alert Studio
Y-View
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
5/9/2012 9:20:26 AM, error: Dhcp [1002] - The IP address lease 10.197.5.51 for the Network Card with network address 24770307C364 has been denied by the DHCP server 10.197.1.151 (The DHCP Server sent a DHCPNACK message).
5/9/2012 9:19:19 AM, error: NETLOGON [5719] - No Domain Controller is available for domain USYKGW due to the following: The remote procedure call failed. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
5/9/2012 9:19:19 AM, error: Dhcp [1002] - The IP address lease 10.197.13.61 for the Network Card with network address 24770307C364 has been denied by the DHCP server 10.197.1.151 (The DHCP Server sent a DHCPNACK message).
5/9/2012 6:15:36 PM, error: Service Control Manager [7024] - The SQL Server (CRM) service terminated with service-specific error 3417 (0xD59).
5/9/2012 6:15:20 PM, error: NETLOGON [5719] - No Domain Controller is available for domain USYKGW due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
5/9/2012 3:53:17 PM, error: Dhcp [1002] - The IP address lease 10.197.13.61 for the Network Card with network address 24770307C364 has been denied by the DHCP server 184.49.81.129 (The DHCP Server sent a DHCPNACK message).
5/9/2012 12:41:27 PM, error: Dhcp [1002] - The IP address lease 10.31.209.237 for the Network Card with network address 00FFC8BA2D89 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
5/9/2012 1:28:51 PM, error: Srv [2011] - The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.
5/8/2012 543 AM, error: Dhcp [1002] - The IP address lease 10.31.208.25 for the Network Card with network address 00FF98BC2F89 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
5/14/2012 9:51:34 AM, error: Dhcp [1002] - The IP address lease 192.168.2.163 for the Network Card with network address 24770307C364 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/14/2012 9:17:54 PM, error: Dhcp [1002] - The IP address lease 10.31.210.88 for the Network Card with network address 00FF08C01389 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
5/14/2012 12:26:24 PM, error: Dhcp [1002] - The IP address lease 10.31.211.215 for the Network Card with network address 00FF987C3F89 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
5/13/2012 8:39:20 PM, error: Service Control Manager [7034] - The FF Install Filter Service service terminated unexpectedly. It has done this 1 time(s).
5/13/2012 8:39:20 PM, error: Service Control Manager [7034] - The DW WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
5/13/2012 8:39:20 PM, error: Service Control Manager [7034] - The D-Link SharePort Helper service terminated unexpectedly. It has done this 1 time(s).
5/11/2012 12:44:23 PM, error: PlugPlayManager [12] - The device 'Communications Port (COM1)' (ACPI\PNP0501\0) disappeared from the system without first being prepared for removal.
5/11/2012 10:09:58 AM, error: Dhcp [1002] - The IP address lease 10.31.211.215 for the Network Card with network address 00FF988C3389 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
5/11/2012 1:05:08 PM, error: Dhcp [1002] - The IP address lease 10.31.211.215 for the Network Card with network address 00FF987C2989 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
5/10/2012 7:45:26 AM, error: Dhcp [1002] - The IP address lease 10.31.211.215 for the Network Card with network address 00FFB0FB0B89 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
ttvr4 is offline  
Old 05-15-2012, 08:52 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

As far as those infected objects listed in the ESET report, those are safely tucked away in ComboFix's quarantine folder or in old System Restore Points, which we will be taking care of now.

Please disable Vipre before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > Windows End of Support Information - Windows Help & How-to

------------------------------------------------------

Make sure all your applications and browsers are up-to-date by visiting Secunia Online Software Inspector here:

Free Online Computer Scan - Online Software Inspector (OSI) - Secunia
  • Click 'Start Scanner'
  • Wait for Status/Currently Processing: at the lower left to say 'Java Applet loaded successfully. Press "Start" to begin.'
  • Click 'Start'.
  • The scan should take less than a minute or so.
  • When done, download and install all the recommended updates.
  • This will help ensure the malware writers cannot use exploits(bugs) in older versions of your applications to infect your computer in the future.
------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
    • Download Host.zip and Save it to your Desktop.
    • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
    • Follow the prompts and click 'Finish'.
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-15-2012, 11:01 AM   #14
Registered Member
 
Join Date: May 2012
Posts: 8
OS: Windows XP SP3



Great! Thank you for your help!

-ttvr4
ttvr4 is offline  
Old 05-15-2012, 11:47 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, ttvr4! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Persistent redirect virus
Hello, My girlfriend's laptop presented with some pretty bad viral issues a few weeks ago - both the redirect virus and "system repair" virus, which hid all her files, changed usernames and generally caused havoc. I did the internet search thing and managed to remove the system repair one (at...
thespoondog Resolved HJT Threads 35 09-12-2011 05:50 AM
Redirect virus
Hi, I am hoping you can help me please. I think I have a redirect virus. I am not computer savy at all and only know how to do a system restore and that hasn't worked. I have the the free Avast and Spyware blaster and that's about it (forgot to update them for a few weeks) I have ran them both...
belle13 Resolved HJT Threads 1 05-01-2011 02:22 AM
[SOLVED] Yet Another Antivira Av Virus :(
so I've gotten this virus Antivira Av that will pop up and say that I'm under attack... obviously fake. right now I'm in safe mode as i can't open anything other than the internet without Antivira closing it out. I couldn't find a save button for the Gmer log, so if necessary i can run it again...
chuckles3 Resolved HJT Threads 22 03-05-2011 10:39 PM
Google redirect virus woes
Hi, My computer seems to have a virus that redirects Google organic search results to random e-commerce pages that I've never heard of. Occasionally I also get the ol' "Your computer has been infected...click here to begin scan!" problem, too. I've tried several anti-virus programs (e.g....
coltrane Resolved HJT Threads 13 01-07-2011 05:05 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:17 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts