Tech Support Forum banner
Status
Not open for further replies.
1 - 14 of 14 Posts

·
Registered
Joined
·
7 Posts
Discussion Starter · #1 ·
I was wondering if someone can please help me remove the remnants of the "Windows Recovery" trojan from my laptop. I am running a 32-bit Windows XP Professional version 2002.

This is how my problem began: I was attempting to watch a video clip and a box popped up saying something about allowing the program permission to run. I clicked "ok"....Bad Move and I know better, but I wasn't thinking clearly. Anyway, right after that I got the BSOD and had to reboot. When it booted up my screen was black, all my icons were gone, no programs visible, task manager disabled and I could no longer connect to the internet etc. A "Windows anti-virus scanner" which had a logo that looked like a puzzle piece automatically started running and told me that my system had crashed and there were serious errors that needed to be fixed. There was a link at the bottom to purchase a recovery for the system....I didn't click it. I got on my desktop and began researching the symptoms and found a clear description of the virus. That site directed me to the "malwarebytes anti-malware". I ran that antivirus program and it uninstalled the virus, but when I rebooted the trojan came back. I also downloaded "Spyware Doctor", but this program would not install and now I get an error from that program each time I reboot and I can't find a way to uninstall or delete the program. After running Malware Bytes about three times and walking away from the laptop for a few days, I am now able to get on the internet, but my files and programs are still hidden. Also, I am not able to run my pre-installed anti-virus (Mcafee) scanner. I am also not able to run DDS or GMER, the programs downloaded, but I could not execute GMER and DDS executed but hung for 20 minutes until I finally force closed it through the task manager.

This is my work computer and it is imperative that I get it fixed as soon as possible, so any assistance that you could provide would be greatly appreciated. Thank you! Michelle :sigh:
 

·
Registered
Joined
·
1,383 Posts
Welcome to TSF :)

Download Combofix from this webpage: A guide and tutorial on using ComboFix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #3 ·
Hello and thank you for your response! I ran combofix and my files are no longer hidden, all of my programs are listed in the program menu, the favorites list is back in Internet Explorer. Everything seems to be back to normal so far. Below is the requested log from Combofix:

ComboFix 11-03-23.04 - usredmic 03/31/2011 2:24.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3318.2591 [GMT -5:00]
Running from: c:\documents and settings\usredmic\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\jrodrigues\ntuser.pol
c:\documents and settings\usredmic\ntuser.pol
c:\windows\Client.ini
c:\windows\system32\agent.exe
c:\windows\system32\Cache
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-30 21:13 . 2011-03-30 21:13 -------- d-----w- c:\documents and settings\usredmic\Local Settings\Application Data\Mozilla
2011-03-30 03:12 . 2011-03-31 04:03 -------- d-----w- c:\documents and settings\usredmic\Application Data\HPAppData
2011-03-26 12:59 . 2011-03-26 12:59 7168 ----a-w- c:\windows\system32\drivers\utiymzq1.sys
2011-03-26 09:30 . 2011-03-30 23:25 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-03-26 09:20 . 2011-03-30 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-26 07:02 . 2011-03-26 07:02 -------- d--h--w- c:\documents and settings\usredmic\Application Data\Malwarebytes
2011-03-26 07:02 . 2011-03-26 07:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-26 07:02 . 2011-03-26 07:26 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-03-26 05:24 . 2011-03-31 04:24 766090 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-26 04:39 . 2011-03-26 04:39 61952 ---ha-w- c:\windows\blasinst.dll
2011-03-26 04:39 . 2011-03-26 04:39 61952 ---ha-w- c:\windows\system32\blasinst.dll
2011-03-11 04:13 . 2010-11-29 23:28 4199768 ---ha-w- c:\windows\system32\cdintf400.dll
2011-03-11 04:12 . 2011-03-21 20:02 -------- d--h--w- c:\program files\Quicken
2011-03-05 03:58 . 2011-03-05 03:58 -------- d--h--w- c:\documents and settings\usredmic\.FamilySearchIndexing
2011-03-05 03:57 . 2011-03-05 03:57 -------- d--h--w- c:\program files\FamilySearch Indexing
2011-03-05 00:53 . 2008-01-30 21:36 90112 ---ha-w- c:\windows\unvise32.exe
2011-03-05 00:53 . 2011-03-05 00:53 -------- d--h--w- c:\program files\Quicken WillMaker Plus 2011
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 17:53 . 2011-03-30 21:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2010-11-02 336184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2010-04-17 1657448]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-09-21 1392640]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1206544]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-13 288112]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2010-02-26 152872]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2010-07-27 883272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-17 13803520]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-2-25 636256]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Quicken\\qw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [6/3/2010 6:50 PM 17072]
R2 ApImageService;ApImageService;c:\program files\ScanScope\ImageServer\ApService.exe [11/5/2010 4:27 PM 274432]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [12/17/2009 12:45 PM 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [12/17/2009 12:45 PM 27040]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2/10/2007 7:23 AM 206192]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2/10/2007 7:23 AM 17264]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [6/3/2010 6:11 PM 59904]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [6/3/2010 6:50 PM 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/3/2010 4:54 PM 113664]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [6/3/2010 6:09 PM 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [6/3/2010 5:47 PM 167080]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [6/3/2010 6:51 PM 125696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [6/3/2010 5:11 PM 58600]
S2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [6/3/2010 6:50 PM 60928]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [7/27/2010 5:19 PM 121416]
S3 bpenum;bpenum;c:\windows\system32\drivers\bpenum.sys [9/15/2009 11:46 PM 189568]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y5132.sys --> c:\windows\system32\DRIVERS\e1y5132.sys [?]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys --> c:\windows\system32\drivers\IntcHdmi.sys [?]
S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [1/23/2009 7:01 PM 148056]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [1/23/2009 7:01 PM 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [1/23/2009 7:01 PM 277440]
S3 utiymzq1;AVZ Kernel Driver;c:\windows\system32\drivers\utiymzq1.sys [3/26/2011 7:59 AM 7168]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 9:01 AM 2799808]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{397f5503-18ac-11de-97f4-806d6172696f}]
\Shell\AutoRun\command - D:\autoRcd.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bcd1e2a-b7b9-11df-8b37-f07bcba79653}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e382031-7976-11df-b312-0024d70e36c0}]
\Shell\AutoRun\command - E:\Setup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc8ecdf8-78fb-11df-b310-00059a3c7800}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Connection Wizard,ShellNext = hxxp://www.impac.com/
uInternet Settings,ProxyServer = 10.102.103.16:8080
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: bmnet.dll
Trusted Zone: livemeeting.com
DPF: {36F17E17-AC00-42BC-A6D9-294AD4E7DCD6} - hxxp://sto-atrs-01.int.elekta.com/Altiris/NS/NSCap/Bin/Win32/x86/AeXClientBootstrap.cab
DPF: {379FDCF7-A37D-420E-9564-34F4A3F38D83} - hxxp://edoc.impac.com/edoccompliance/framework/common/activex/q_ComplianceViewer.cab
DPF: {63427B88-346B-4348-969D-FBA42B83633C} - hxxp://edoc.impac.com/edoccompliance/framework/common/activex/qmcontrols.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {DBDFAE3F-9973-44B5-A202-FC6404434419} - hxxp://edoc.impac.com/doccompliance/framework/common/activex/qmcontrols.cab
DPF: {F77BA8AB-5ECF-4068-A393-8861AE213C85} - hxxp://edoc.impac.com/doccompliance/framework/common/activex/q_ComplianceViewer.cab
FF - ProfilePath - c:\documents and settings\usredmic\Application Data\Mozilla\Firefox\Profiles\9a58iya8.default\
FF - prefs.js: network.proxy.ftp - 10.102.103.16
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 10.102.103.16
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 10.102.103.16
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 10.102.103.16
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
AddRemove-KB921896_DTS9 - c:\windows\DTS9_KB921896_ENU\Hotfix.exe
AddRemove-KB921896_NS9 - c:\windows\NS9_KB921896_ENU\Hotfix.exe
AddRemove-KB921896_OLAP9 - c:\windows\OLAP9_KB921896_ENU\Hotfix.exe
AddRemove-KB921896_RS9 - c:\windows\RS9_KB921896_ENU\Hotfix.exe
AddRemove-KB921896_SQL9 - c:\windows\SQL9_KB921896_ENU\Hotfix.exe
AddRemove-KB921896_SQLTools9 - c:\windows\SQLTools9_KB921896_ENU\Hotfix.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1540)
c:\windows\system32\bmnet.dll
.
Completion time: 2011-03-31 02:26:32
ComboFix-quarantined-files.txt 2011-03-31 07:26
.
Pre-Run: 279,232,360,448 bytes free
Post-Run: 279,719,661,568 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3CFB1127C74243A459B6623931C5654D
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #5 ·
Things are running a bit slow, especially on startup. Did the Combofix log look ok?

I downloaded AVG and did a scan. It found a lingering Trojan Horse Downloader.Generic10.OZB and deleted it. Are there any other tests to run that could shed some light to the sluggishness that I am experiencing?

Thank you again for your help,
Michelle
 

·
Registered
Joined
·
1,383 Posts
Well since comboFix ran in reduced funtion mode, I can't tell. You will need to uninstall AVG and run combofix again. I suggest you delete your current copy of ComboFix, download a fresh one. Uninstall AVG and then disconnect from the internet and run ComboFix. That way your computer is not vulnerable to attack. In your next reply, please include the ComboFix log.
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #7 ·
ok, I've done everything that you suggested in your last post. Things seem to be running smoother. here is the cobofix log:

ComboFix 11-04-02.03 - usredmic 04/02/2011 22:28:46.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3318.2658 [GMT -5:00]
Running from: c:\documents and settings\usredmic\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
.
----- BITS: Possible infected sites -----
.
hxxp://ussjsexht02.int.elekta.com
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 )))))))))))))))))))))))))))))))
.
.
2011-04-02 08:19 . 2011-04-02 08:24 -------- d-----w- c:\documents and settings\usredmic\Application Data\Systweak
2011-04-02 08:19 . 2011-01-27 22:47 17280 ----a-w- c:\windows\system32\roboot.exe
2011-04-02 08:19 . 2011-04-02 08:24 -------- d-----w- c:\program files\RegClean Pro
2011-04-02 06:31 . 2011-04-02 06:31 -------- d-----w- c:\program files\WINDOWS MEDIA CONNECT 2
2011-04-02 06:30 . 2009-01-31 01:33 276992 ------w- c:\windows\system32\audiodev.dll
2011-04-02 06:23 . 2011-04-02 06:23 -------- d-----w- c:\documents and settings\usredmic\Local Settings\Application Data\Starz_Entertainment,_LLC
2011-04-02 06:13 . 2011-04-02 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\StarzEntertainment
2011-04-01 16:37 . 2011-04-01 16:37 -------- d-----w- c:\windows\WIFI
2011-04-01 14:32 . 2011-04-02 06:30 -------- d-----w- c:\windows\system32\drivers\umdf
2011-04-01 14:28 . 2011-04-01 14:28 -------- d-----w- c:\documents and settings\usredmic\Application Data\AVG10
2011-04-01 14:26 . 2011-04-01 14:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-04-01 14:25 . 2011-04-03 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-04-01 14:24 . 2011-04-01 14:24 -------- d-----w- c:\program files\AVG
2011-04-01 14:21 . 2011-04-01 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-31 23:26 . 2011-03-31 22:28 -------- d-----w- c:\documents and settings\usredmic\Application Data\TechWizard
2011-03-31 22:55 . 2011-03-31 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-03-31 22:55 . 2011-04-01 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-03-31 22:55 . 2011-03-31 22:55 -------- d-----w- c:\documents and settings\usredmic\Application Data\Yahoo!
2011-03-31 22:55 . 2001-10-11 16:26 65536 ----a-w- c:\windows\system32\YCRWin32.dll
2011-03-31 22:55 . 2002-01-05 11:18 84992 ----a-w- c:\windows\system32\ATL70.DLL
2011-03-31 22:51 . 2011-03-31 22:51 -------- d-----w- c:\program files\Verizon Games (A La Carte)
2011-03-31 22:48 . 2011-03-31 22:55 -------- d-----w- c:\program files\Yahoo!
2011-03-31 22:48 . 2011-04-01 14:34 -------- d-----w- c:\documents and settings\usredmic\Application Data\Verizon
2011-03-31 22:48 . 2011-03-31 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
2011-03-31 22:48 . 2011-04-01 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon
2011-03-31 22:48 . 2011-03-31 22:48 -------- d-----w- c:\documents and settings\usredmic\Local Settings\Application Data\Downloaded Installations
2011-03-31 22:48 . 2011-04-02 06:13 -------- d-----w- c:\program files\StarzPlay
2011-03-31 22:48 . 2011-03-31 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Games Player
2011-03-31 22:48 . 2011-03-31 22:48 -------- d-----w- C:\Remote Programs
2011-03-31 22:48 . 2011-04-02 00:52 -------- d-----w- c:\program files\Verizon Games Player
2011-03-31 22:34 . 2011-03-31 22:35 -------- d-----w- c:\documents and settings\usredmic\Local Settings\Application Data\SupportSoft
2011-03-31 22:34 . 2011-03-31 22:34 -------- d-----w- c:\program files\VERIZONDM
2011-03-31 22:34 . 2011-03-31 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2011-03-31 22:34 . 2011-02-02 00:45 9811968 ----a-w- c:\windows\VerizonDM.msi
2011-03-31 22:34 . 2011-03-31 22:34 -------- d-----w- c:\program files\Common Files\SupportSoft
2011-03-31 22:34 . 2011-03-31 22:34 -------- d-----w- c:\windows\FIOS
2011-03-31 22:30 . 2011-03-31 22:30 -------- d-----w- c:\documents and settings\usredmic\Application Data\Motive
2011-03-31 22:29 . 2011-03-31 22:30 -------- d-----w- c:\program files\Common Files\Motive
2011-03-31 22:29 . 2011-03-31 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2011-03-31 22:28 . 2011-04-01 16:37 -------- d-----w- c:\program files\Verizon
2011-03-30 21:13 . 2011-03-30 21:13 -------- d-----w- c:\documents and settings\usredmic\Local Settings\Application Data\Mozilla
2011-03-30 03:12 . 2011-04-03 02:10 -------- d-----w- c:\documents and settings\usredmic\Application Data\HPAppData
2011-03-26 12:59 . 2011-03-26 12:59 7168 ----a-w- c:\windows\system32\drivers\utiymzq1.sys
2011-03-26 09:30 . 2011-03-30 23:25 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-03-26 09:20 . 2011-03-30 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-26 07:02 . 2011-03-26 07:02 -------- d-----w- c:\documents and settings\usredmic\Application Data\Malwarebytes
2011-03-26 07:02 . 2011-03-26 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-26 04:39 . 2011-03-26 04:39 61952 ----a-w- c:\windows\blasinst.dll
2011-03-26 04:39 . 2011-03-26 04:39 61952 ----a-w- c:\windows\system32\blasinst.dll
2011-03-11 04:13 . 2010-11-29 23:28 4199768 ----a-w- c:\windows\system32\cdintf400.dll
2011-03-11 04:12 . 2011-03-21 20:02 -------- d-----w- c:\program files\Quicken
2011-03-05 03:58 . 2011-03-05 03:58 -------- d-----w- c:\documents and settings\usredmic\.FamilySearchIndexing
2011-03-05 03:57 . 2011-03-05 03:57 -------- d-----w- c:\program files\FamilySearch Indexing
2011-03-05 00:53 . 2008-01-30 21:36 90112 ----a-w- c:\windows\unvise32.exe
2011-03-05 00:53 . 2011-03-05 00:53 -------- d-----w- c:\program files\Quicken WillMaker Plus 2011
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 17:53 . 2011-03-30 21:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_07.25.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-04-03 03:26 . 2011-04-03 03:26 16384 c:\windows\Temp\Perflib_Perfdata_7f8.dat
+ 2011-04-03 03:26 . 2011-04-03 03:26 16384 c:\windows\Temp\Perflib_Perfdata_6e4.dat
+ 2011-04-03 03:26 . 2011-04-03 03:26 16384 c:\windows\Temp\Perflib_Perfdata_338.dat
+ 2006-09-28 23:56 . 2006-09-28 23:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-29 01:13 . 2006-09-29 01:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2006-04-19 06:01 . 2006-04-19 06:01 13312 c:\windows\system32\wpdtrace.dll
+ 2009-01-31 01:35 . 2009-01-31 01:35 38400 c:\windows\system32\wpdshextres.dll
+ 2009-01-30 22:21 . 2009-01-30 22:21 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2006-04-19 06:01 . 2009-01-31 01:35 63488 c:\windows\system32\wpdmtpus.dll
+ 2006-04-19 06:01 . 2009-01-31 01:35 35840 c:\windows\system32\wpdconns.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 99840 c:\windows\system32\wmpshell.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 37376 c:\windows\system32\wmdmps.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 33792 c:\windows\system32\wmdmlog.dll
+ 2011-04-02 06:32 . 2006-09-25 22:58 14640 c:\windows\system32\spmsg.dll
+ 2010-05-19 16:36 . 2010-05-19 16:36 88904 c:\windows\system32\msxml4r.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 27136 c:\windows\system32\mspmsnsv.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 11264 c:\windows\system32\LAPRXY.dll
+ 2006-04-19 05:59 . 2006-04-19 05:59 11264 c:\windows\system32\ehETW.dll
+ 2006-09-29 00:00 . 2006-09-29 00:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 23:55 . 2006-09-28 23:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2006-04-19 06:01 . 2009-01-30 22:20 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2004-08-04 12:00 . 2009-01-31 01:34 99840 c:\windows\system32\dllcache\wmpshell.dll
+ 2009-01-23 22:52 . 2009-01-31 01:30 64512 c:\windows\system32\dllcache\wmplayer.exe
+ 2009-01-23 22:52 . 2009-01-31 01:34 96256 c:\windows\system32\dllcache\wmpband.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 33792 c:\windows\system32\dllcache\wmdmlog.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 27136 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 11264 c:\windows\system32\dllcache\LAPRXY.dll
+ 2011-04-01 18:40 . 2011-04-01 18:40 65536 c:\windows\Installer\{A0524B49-9798-4EFB-A392-06C18BEC7432}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
+ 2011-04-01 18:40 . 2011-04-01 18:40 65536 c:\windows\Installer\{A0524B49-9798-4EFB-A392-06C18BEC7432}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
+ 2011-04-01 18:40 . 2011-04-01 18:40 65536 c:\windows\Installer\{A0524B49-9798-4EFB-A392-06C18BEC7432}\ARPPRODUCTICON.exe
+ 2011-04-01 14:30 . 2011-04-01 14:30 53248 c:\windows\Installer\{0F052922-4BCE-4763-A540-00857554336D}\ARPPRODUCTICON.exe
+ 2011-04-02 06:32 . 2006-10-04 14:05 39424 c:\windows\AppPatch\acadproc.dll
+ 2004-08-04 12:00 . 2009-01-31 01:35 4096 c:\windows\system32\wmvdmoe2.dll
+ 2004-08-04 12:00 . 2009-01-31 01:35 4096 c:\windows\system32\wmvdmod.dll
+ 2006-04-19 07:29 . 2009-01-31 01:34 4096 c:\windows\system32\WMVADVE.DLL
+ 2006-04-19 07:29 . 2009-01-31 01:34 4096 c:\windows\system32\WMVADVD.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 4096 c:\windows\system32\wmsdmoe2.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 4096 c:\windows\system32\wmsdmod.dll
+ 2006-04-20 21:29 . 2009-02-03 01:01 8704 c:\windows\system32\wdfmgr.exe
+ 2006-04-19 07:29 . 2009-01-31 01:34 4096 c:\windows\system32\wdfapi.dll
+ 2006-04-20 21:29 . 2009-02-03 01:01 8704 c:\windows\system32\uwdf.exe
+ 2004-08-04 12:00 . 2009-01-31 01:33 4096 c:\windows\system32\MPG4DMOD.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 4096 c:\windows\system32\MP4SDMOD.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 4096 c:\windows\system32\MP43DMOD.dll
+ 2004-08-04 12:00 . 2009-01-31 01:35 4096 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2004-08-04 12:00 . 2009-01-31 01:35 4096 c:\windows\system32\dllcache\wmvdmod.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 4096 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 4096 c:\windows\system32\dllcache\wmsdmod.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 4096 c:\windows\system32\dllcache\MPG4DMOD.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 4096 c:\windows\system32\dllcache\MP4SDMOD.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 4096 c:\windows\system32\dllcache\MP43DMOD.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 7168 c:\windows\system32\dllcache\asferror.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 7168 c:\windows\system32\asferror.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-04-01 16:37 . 2011-04-01 16:37 721694 c:\windows\WIFI\unins000.exe
+ 2011-04-01 16:37 . 2011-04-01 16:37 134748 c:\windows\WIFI\unins000.dat
+ 2006-09-28 23:56 . 2006-09-28 23:56 316416 c:\windows\system32\WUDFx.dll
+ 2006-09-28 23:56 . 2006-09-28 23:56 165376 c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 23:56 . 2006-09-28 23:56 146432 c:\windows\system32\WudfHost.exe
+ 2006-04-19 06:01 . 2009-01-31 01:35 356352 c:\windows\system32\wpdsp.dll
+ 2009-01-31 01:35 . 2009-01-31 01:35 133632 c:\windows\system32\WPDShServiceObj.dll
+ 2006-04-19 06:01 . 2009-01-31 01:35 154624 c:\windows\system32\wpdmtp.dll
+ 2006-04-19 06:01 . 2009-01-31 01:35 629760 c:\windows\system32\wpd_ci.dll
+ 2006-04-19 06:03 . 2009-01-31 01:35 656896 c:\windows\system32\WMVXENCD.dll
+ 2006-04-19 06:03 . 2009-01-31 01:35 767488 c:\windows\system32\WMVSENCD.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 604160 c:\windows\system32\WMSPDMOD.dll
+ 2009-01-31 01:34 . 2009-01-31 01:34 204288 c:\windows\system32\wmpsrcwp.dll
+ 2009-01-31 01:34 . 2009-01-31 01:34 130048 c:\windows\system32\wmpps.dll
+ 2009-01-31 01:34 . 2009-01-31 01:34 613376 c:\windows\system32\wmpmde.dll
+ 2009-01-31 01:34 . 2009-01-31 01:34 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 283648 c:\windows\system32\wmpdxm.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 211456 c:\windows\system32\wmpasf.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 938496 c:\windows\system32\WMNetMgr.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 157184 c:\windows\system32\wmidx.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 227328 c:\windows\system32\wmerror.dll
+ 2006-04-19 06:02 . 2009-01-31 01:34 535040 c:\windows\system32\wmdrmsdk.dll
+ 2006-04-19 07:29 . 2009-01-31 01:34 348672 c:\windows\system32\wmdrmnet.dll
+ 2006-04-19 07:29 . 2009-01-31 01:34 429056 c:\windows\system32\wmdrmdev.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 222208 c:\windows\system32\WMASF.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 757248 c:\windows\system32\WMADMOD.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 211456 c:\windows\system32\qasf.dll
+ 2006-04-19 06:01 . 2009-01-31 01:34 199168 c:\windows\system32\PortableDeviceWMDRM.dll
+ 2006-04-19 06:01 . 2009-01-31 01:34 132096 c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-04-19 06:01 . 2009-01-31 01:34 166912 c:\windows\system32\PortableDeviceTypes.dll
+ 2006-04-19 06:01 . 2009-01-31 01:34 101888 c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-04-19 06:01 . 2009-01-31 01:34 254976 c:\windows\system32\PortableDeviceApi.dll
+ 2004-08-04 12:00 . 2011-03-31 07:48 614754 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-03-31 07:48 134956 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-01-31 01:33 321536 c:\windows\system32\mswmdm.dll
+ 2009-06-02 16:40 . 2003-03-19 02:14 499712 c:\windows\system32\msvcp71.dll
- 2009-06-02 16:40 . 2008-04-14 19:10 499712 c:\windows\system32\msvcp71.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 414720 c:\windows\system32\msscp.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 175616 c:\windows\system32\mspmsp.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 179712 c:\windows\system32\msnetobj.dll
+ 2006-10-02 20:28 . 2006-10-02 20:28 312128 c:\windows\system32\msdelta.dll
+ 2006-04-19 06:03 . 2009-01-31 01:33 259072 c:\windows\system32\MPG4DECD.dll
+ 2006-04-19 06:03 . 2009-01-31 01:33 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-04-19 06:03 . 2009-01-31 01:33 259072 c:\windows\system32\MP43DECD.dll
+ 2006-04-19 06:02 . 2009-01-31 01:33 212992 c:\windows\system32\MFPLAT.dll
+ 2002-01-05 09:36 . 2002-01-05 09:36 964608 c:\windows\system32\mfc70u.dll
+ 2002-01-05 09:48 . 2002-01-05 09:48 974848 c:\windows\system32\mfc70.dll
+ 2004-08-04 12:00 . 2009-01-30 22:37 100864 c:\windows\system32\logagent.exe
+ 2010-06-11 18:23 . 2011-04-03 03:30 232635 c:\windows\system32\inetsrv\MetaBase.bin
- 2010-06-11 18:23 . 2011-03-31 04:26 232635 c:\windows\system32\inetsrv\MetaBase.bin
+ 2004-08-04 12:00 . 2009-01-31 01:33 991744 c:\windows\system32\drmv2clt.dll
+ 2006-04-19 06:02 . 2009-01-30 22:23 249856 c:\windows\system32\drmupgds.exe
+ 2006-04-19 06:01 . 2009-01-31 01:35 671232 c:\windows\system32\drivers\umdf\wpdmtpdr.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 604160 c:\windows\system32\dllcache\WMSPDMOD.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 283648 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 211456 c:\windows\system32\dllcache\wmpasf.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 938496 c:\windows\system32\dllcache\WMNetMgr.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 157184 c:\windows\system32\dllcache\wmidx.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 227328 c:\windows\system32\dllcache\wmerror.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 222208 c:\windows\system32\dllcache\WMASF.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 757248 c:\windows\system32\dllcache\WMADMOD.dll
+ 2004-08-04 12:00 . 2009-01-30 22:40 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2004-08-04 12:00 . 2009-01-31 01:34 211456 c:\windows\system32\dllcache\qasf.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 321536 c:\windows\system32\dllcache\mswmdm.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 414720 c:\windows\system32\dllcache\msscp.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 175616 c:\windows\system32\dllcache\mspmsp.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 179712 c:\windows\system32\dllcache\msnetobj.dll
+ 2009-01-23 22:52 . 2009-01-31 01:33 243712 c:\windows\system32\dllcache\mpvis.dll
+ 2004-08-04 12:00 . 2009-01-30 22:37 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 12:00 . 2009-01-31 01:33 991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 229376 c:\windows\system32\cewmdm.dll
+ 2004-08-04 12:00 . 2009-01-31 01:33 542720 c:\windows\system32\blackbox.dll
+ 2011-04-01 14:30 . 2011-04-01 14:30 503808 c:\windows\Installer\5ff78.msi
+ 2011-04-01 14:24 . 2011-04-01 14:24 219648 c:\windows\Installer\5ff69.msi
+ 2011-03-31 22:34 . 2011-03-31 22:34 634880 c:\windows\Installer\16e9ebe.msi
+ 2011-03-31 22:28 . 2011-03-31 22:28 396800 c:\windows\Installer\16e9eb5.msi
+ 2011-04-02 06:13 . 2011-04-02 06:13 221807 c:\windows\Installer\{0D04A86B-2B25-41AB-99AF-F071B420D8D1}\NewShortcut5_0D04A86B2B2541AB99AFF071B420D8D1.exe
+ 2011-04-02 06:13 . 2011-04-02 06:13 221807 c:\windows\Installer\{0D04A86B-2B25-41AB-99AF-F071B420D8D1}\NewShortcut4_0D04A86B2B2541AB99AFF071B420D8D1.exe
+ 2011-04-02 06:13 . 2011-04-02 06:13 221807 c:\windows\Installer\{0D04A86B-2B25-41AB-99AF-F071B420D8D1}\NewShortcut1_0D04A86B2B2541AB99AFF071B420D8D1.exe
+ 2004-08-04 12:00 . 2009-01-30 22:40 317440 c:\windows\inf\unregmp2.exe
+ 2011-03-31 22:34 . 2011-03-31 22:34 714526 c:\windows\FIOS\unins000.exe
+ 2011-03-31 22:34 . 2011-03-31 22:34 120235 c:\windows\FIOS\unins000.dat
- 2011-01-04 20:41 . 2011-03-14 16:58 542208 c:\windows\Downloaded Program Files\WebEx\1024\wseclient.dll
+ 2011-01-04 20:41 . 2011-04-01 19:00 542208 c:\windows\Downloaded Program Files\WebEx\1024\wseclient.dll
+ 2011-01-04 20:41 . 2011-04-01 19:00 410624 c:\windows\Downloaded Program Files\WebEx\1024\mcsnew.dll
+ 2011-01-04 20:41 . 2011-04-01 19:00 150528 c:\windows\Downloaded Program Files\WebEx\1024\atdl2006.dll
- 2011-01-04 20:41 . 2011-01-06 19:25 150528 c:\windows\Downloaded Program Files\WebEx\1024\atdl2006.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-01-31 01:35 . 2009-01-31 01:35 2603008 c:\windows\system32\WpdShext.dll
+ 2006-04-19 06:03 . 2009-01-31 01:35 1382912 c:\windows\system32\WMVSDECD.dll
+ 2006-04-19 06:03 . 2009-01-31 01:35 1575424 c:\windows\system32\WMVENCOD.dll
+ 2006-04-19 06:03 . 2009-01-31 01:35 1543680 c:\windows\system32\WMVDECOD.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 2458112 c:\windows\system32\wmvcore.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 1329152 c:\windows\system32\WMSPDMOE.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 8231936 c:\windows\system32\wmploc.dll
+ 2009-01-31 01:34 . 2009-01-31 01:34 1661952 c:\windows\system32\wmpencen.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 1117696 c:\windows\system32\WMADMOE.dll
+ 2010-05-19 16:36 . 2010-05-19 16:36 1328968 c:\windows\system32\msxml4.dll
+ 2008-03-21 02:06 . 2009-06-25 18:20 1485176 c:\windows\system32\LegitCheckControl.DLL
+ 2004-08-04 12:00 . 2009-01-31 01:34 2458112 c:\windows\system32\dllcache\wmvcore.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 1329152 c:\windows\system32\dllcache\WMSPDMOE.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 8231936 c:\windows\system32\dllcache\wmploc.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 1117696 c:\windows\system32\dllcache\WMADMOE.dll
+ 2009-01-23 22:52 . 2009-01-30 22:40 1669632 c:\windows\system32\dllcache\setup_wm.exe
+ 2011-04-01 18:40 . 2011-04-01 18:40 2928128 c:\windows\Installer\ade4b4.msi
+ 2011-04-01 14:26 . 2011-04-01 14:26 3272704 c:\windows\Installer\5ff71.msi
+ 2011-04-01 14:25 . 2011-04-01 14:25 1611776 c:\windows\Installer\5ff6d.msi
+ 2011-04-02 06:13 . 2011-04-02 06:13 3741696 c:\windows\Installer\1d85df.msi
+ 2011-01-04 20:41 . 2011-04-01 19:00 3995960 c:\windows\Downloaded Program Files\WebEx\1024\webexmgr.dll
- 2011-01-04 20:41 . 2011-01-04 20:41 7468032 c:\windows\Downloaded Program Files\WebEx\1024\pfwres.dll
+ 2011-01-04 20:41 . 2011-04-01 19:00 7468032 c:\windows\Downloaded Program Files\WebEx\1024\pfwres.dll
+ 2011-01-04 20:41 . 2011-04-01 19:00 2682880 c:\windows\Downloaded Program Files\WebEx\1024\atpdmod.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 10838528 c:\windows\system32\wmp.dll
+ 2004-08-04 12:00 . 2009-01-31 01:34 10838528 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2011-04-01 336184]
"Exetender_135"="c:\program files\Verizon Games Player\GPlayer.exe" [2010-12-05 4892672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2010-04-17 1657448]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-09-21 1392640]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1206544]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-13 288112]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2010-02-26 152872]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2010-07-27 883272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-17 13803520]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"StarzTray"="c:\program files\StarzPlay\StarzPlayTray.exe" [2009-01-23 509208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender_135"="c:\program files\Verizon Games Player\GPlayer.exe" [2010-12-05 4892672]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-2-25 636256]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Quicken\\qw.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\StarzPlay\\StarzPlay.exe"=
"c:\\Program Files\\StarzPlay\\StarzPlayTray.exe"=
"c:\\Program Files\\StarzPlay\\StarzPlayPlayer.exe"=
"c:\\Program Files\\StarzPlay\\StarzUpdater.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [6/3/2010 6:50 PM 17072]
R2 ApImageService;ApImageService;c:\program files\ScanScope\ImageServer\ApService.exe [11/5/2010 4:27 PM 274432]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [12/17/2009 12:45 PM 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [12/17/2009 12:45 PM 27040]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 98304]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2/10/2007 7:23 AM 206192]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2/10/2007 7:23 AM 17264]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [6/3/2010 6:11 PM 59904]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [3/31/2011 5:48 PM 689392]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640]
R2 X4HSEx_Pr135;X4HSEx_Pr135;c:\program files\Verizon Games Player\X4HSEx.sys [3/31/2011 5:48 PM 56424]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [6/3/2010 6:50 PM 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/3/2010 4:54 PM 113664]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [6/3/2010 6:09 PM 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [6/3/2010 5:47 PM 167080]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [6/3/2010 6:51 PM 125696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [6/3/2010 5:11 PM 58600]
S2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [6/3/2010 6:50 PM 60928]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [7/27/2010 5:19 PM 121416]
S3 bpenum;bpenum;c:\windows\system32\drivers\bpenum.sys [9/15/2009 11:46 PM 189568]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y5132.sys --> c:\windows\system32\DRIVERS\e1y5132.sys [?]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys --> c:\windows\system32\drivers\IntcHdmi.sys [?]
S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [1/23/2009 7:01 PM 148056]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [1/23/2009 7:01 PM 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [1/23/2009 7:01 PM 277440]
S3 utiymzq1;AVZ Kernel Driver;c:\windows\system32\drivers\utiymzq1.sys [3/26/2011 7:59 AM 7168]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 9:01 AM 2799808]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://verizon.my.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.impac.com/
uInternet Settings,ProxyServer = 10.102.103.16:8080
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: bmnet.dll
Trusted Zone: livemeeting.com
DPF: {36F17E17-AC00-42BC-A6D9-294AD4E7DCD6} - hxxp://sto-atrs-01.int.elekta.com/Altiris/NS/NSCap/Bin/Win32/x86/AeXClientBootstrap.cab
DPF: {379FDCF7-A37D-420E-9564-34F4A3F38D83} - hxxp://edoc.impac.com/edoccompliance/framework/common/activex/q_ComplianceViewer.cab
DPF: {63427B88-346B-4348-969D-FBA42B83633C} - hxxp://edoc.impac.com/edoccompliance/framework/common/activex/qmcontrols.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {DBDFAE3F-9973-44B5-A202-FC6404434419} - hxxp://edoc.impac.com/doccompliance/framework/common/activex/qmcontrols.cab
DPF: {F77BA8AB-5ECF-4068-A393-8861AE213C85} - hxxp://edoc.impac.com/doccompliance/framework/common/activex/q_ComplianceViewer.cab
FF - ProfilePath - c:\documents and settings\usredmic\Application Data\Mozilla\Firefox\Profiles\9a58iya8.default\
FF - prefs.js: browser.startup.homepage - hxxp://verizon.my.yahoo.com/?fr=fp-ver
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ver&type=&p=
FF - prefs.js: network.proxy.ftp - 10.102.103.16
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 10.102.103.16
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 10.102.103.16
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 10.102.103.16
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1536)
c:\windows\system32\bmnet.dll
.
Completion time: 2011-04-02 22:37:00
ComboFix-quarantined-files.txt 2011-04-03 03:36
ComboFix2.txt 2011-03-31 07:26
.
Pre-Run: 274,577,068,032 bytes free
Post-Run: 275,139,985,408 bytes free
.
- - End Of File - - C627902BEC88B7F4BDA0F2EFF468FD5C
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #9 ·
These things are persistent, aren't they?! MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6252

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/2/2011 11:26:53 PM
mbam-log-2011-04-02 (23-26-53).txt

Scan type: Quick scan
Objects scanned: 199219
Time elapsed: 1 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\blasinst.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\blasinst.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
 

·
Registered
Joined
·
1,383 Posts
Yep. Those files were missed by ComboFix. Can you update mbam again and run another quick scan. In your next reply, please post the log.
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #11 ·
Here you go:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6267

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/4/2011 12:58:38 PM
mbam-log-2011-04-04 (12-58-38).txt

Scan type: Quick scan
Objects scanned: 200182
Time elapsed: 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
1 - 14 of 14 Posts
Status
Not open for further replies.
Top