CaughtOffGuard
Posts: 19 +0
I have reviewed some of the malware removal threads for other forum members. The technical volunteers in this forum are great! I hope one of you can help solve the problems with my laptop. The principal symptom I have observed is that all of my Google searches get redirected when I click on the hyperlink for a search result. I can avoid the redirect if I go to a cached version of the search result, but it is clear that some sort of malware has control of iexplorer.
I followed your 5-Step Preliminary Removal Instructions, and my logs follow"
-------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.10.18.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin_sertman :: MAH-SERTMAN [administrator]
10/18/2012 11:00:26 AM
mbam-log-2012-10-18 (11-00-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 355096
Time elapsed: 11 minute(s), 12 second(s)
Memory Processes Detected: 1
C:\Documents and Settings\All Users\Application Data\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> 2644 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro1 (Trojan.Dropper) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\All Users\Application Data\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> Delete on reboot.
(end)
-------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-10-18 11:26:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01
Running: bph3uchs.exe; Driver: C:\DOCUME~1\ADMIN_~1\LOCALS~1\Temp\kxdoikog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip QipTdi.sys (QIPTDI Application/Websense, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp QipTdi.sys (QIPTDI Application/Websense, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp QipTdi.sys (QIPTDI Application/Websense, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp QipTdi.sys (QIPTDI Application/Websense, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
-------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by admin_sertman at 11:29:56 on 2012-10-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2940.2091 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
C:\WINDOWS\system32\btservice.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Progra~1\Abacus\BillingPopup\AbacusBillingPopupService.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\CM Remote Client\CSIRemoteCSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\ProPatches\Scheduler\STSchedEx.exe
C:\Program Files\LANDesk\LDCLient\softmon.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Websense\Websense Endpoint\wepsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\USBStorage\USBDetector.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Abacus\BillingPopup\AbacusBillingClient.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Program Files\HDR\HDR Interactive Call Expensor\ICE.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Wiley\Webster's New World\HKML_SRV.exe
C:\Program Files\Websense\Websense Endpoint\RFUI.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.hdrinc.com
uWindow Title = Windows Internet Explorer provided by HDR, Inc. v1.4
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://home.hdrinc.com
BHO: PowerBroker Desktops Browser Helper: {0A9CDB52-EBDF-4210-9C6A-B90C2FD410AB} - c:\windows\system32\pmbho.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_265_ActiveX.exe -update activex
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [LANDeskCustomData] "c:\program files\landesk\ldclient\ldcstm32.exe" /s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [USBDetector] c:\usbstorage\USBDetector.exe
mRun: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
dRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\abacus~1.lnk - c:\program files\abacus\billingpopup\AbacusBillingClient.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hdrint~1.lnk - c:\program files\hdr\hdr interactive call expensor\ICE.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wnwtra~1.lnk - c:\program files\wiley\webster's new world\HKML_SRV.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: RunLogonScriptSync = dword:0
mPolicies-System: HideStartupScripts = dword:1
mPolicies-System: HideShutdownScripts = dword:1
mPolicies-System: MaxGPOScriptWait = dword:60
mPolicies-Windows\System: GpNetworkStartTimeoutPolicyValue = dword:60
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: eform.ae
Trusted Zone: eforms.ae
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343983260375
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343983182187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www3.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://asascience.webex.com/client/T27LB/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://ice.hydroqual.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ice.hydroqual.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 10.73.134.246 10.4.0.91 10.4.0.139
TCP: Interfaces\{231FF0A2-8CAD-4FDC-B83A-4BB87C7AB06F} : DHCPNameServer = 10.73.134.246 10.4.0.91 10.4.0.139
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 192.168.1.2 HP0017A42A1C10
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin_sertman\application data\mozilla\firefox\profiles\93b1epg2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.alnaddy.com/?afltid=wbpk
FF - prefs.js: keyword.URL - hxxp://www.alnaddy.com/search/?q=
FF - prefs.js: browser.search.selectedEngine - Alnaddy
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.alnaddyToolbar.autoRvrt - false
FF - user.js: extensions.alnaddyToolbar_i.hmpg - true
FF - user.js: extensions.alnaddyToolbar.hmpgUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.dfltSrch - true
FF - user.js: extensions.alnaddyToolbar.srchPrvdr - Alnaddy
FF - user.js: extensions.alnaddyToolbar.keyWordUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar_i.dnsErr - true
FF - user.js: extensions.alnaddyToolbar_i.newTab - true
FF - user.js: extensions.alnaddyToolbar.newTabUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.tlbrSrchUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar.id - d0ebde4c00000000000000fff3acc37f
FF - user.js: extensions.alnaddyToolbar.instlDay - 15581
FF - user.js: extensions.alnaddyToolbar.vrsn - 1.6.4.0
FF - user.js: extensions.alnaddyToolbar.vrsni - 1.6.4.0
FF - user.js: extensions.alnaddyToolbar_i.vrsnTs - 1.6.4.012:24:06
FF - user.js: extensions.alnaddyToolbar.prtnrId - alnaddy
FF - user.js: extensions.alnaddyToolbar.prdct - alnaddyToolbar
FF - user.js: extensions.alnaddyToolbar.aflt - wbpk
FF - user.js: extensions.alnaddyToolbar_i.smplGrp - none
FF - user.js: extensions.alnaddyToolbar.tlbrId - alnaddy1
FF - user.js: extensions.alnaddyToolbar.instlRef -
FF - user.js: extensions.alnaddyToolbar.dfltLng -
FF - user.js: extensions.alnaddyToolbar.excTlbr - false
FF - user.js: extensions.alnaddyToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R1 privman;privman;c:\windows\system32\drivers\privman.sys [2011-2-12 30416]
R1 QIP;QIP;c:\windows\system32\drivers\Qip.sys [2011-8-1 56640]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-10-26 21240]
R2 AbacusBillingPopupService;AbacusBillingPopupService;c:\progra~1\abacus\billingpopup\AbacusBillingPopupService.exe [2011-7-21 299008]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-9-20 1236368]
R2 BTService;PowerBroker Desktop Service;c:\windows\system32\btservice.exe [2010-9-23 420680]
R2 CBA8;LANDesk(R) Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2011-8-1 147456]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-8-4 108456]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-8-4 108456]
R2 CSIRemoteC;CM Remote Client;c:\program files\cm remote client\CSIRemoteCSvc.exe [2009-12-5 102400]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-3-9 13592]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2012-1-28 207872]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\landesk\ldclient\tmcsvc.exe [2012-1-28 179200]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-7-23 10448]
R2 QipTdi;WEP QipTdi Driver;c:\windows\system32\drivers\QIPTDI.sys [2011-8-1 46656]
R2 RNetCore;RF RNetCore Driver;c:\windows\system32\drivers\RNetCore.sys [2011-8-1 28544]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-10-26 77816]
R2 Shavlik Scheduler;Shavlik Remote Scheduler Service;c:\windows\propatches\scheduler\STSchedEx.exe [2010-11-5 822112]
R2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2012-1-28 403632]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-8-4 1839888]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\tiremote\TIRemoteService.exe [2009-8-31 210944]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2008-12-10 1590216]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2009-6-26 102400]
R2 WSRF;Websense Desktop Client ;c:\program files\websense\websense endpoint\wepsvc.exe [2011-10-19 60928]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-12-21 618896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-11 5888]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2012-1-25 14848]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2012-1-25 5120]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 10384]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2012-1-25 6656]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2011-2-8 10688]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20121017.019\NAVENG.SYS [2012-10-17 92704]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20121017.019\NAVEX15.SYS [2012-10-17 1601184]
R3 NtiEnc;NtiEnc;c:\windows\system32\drivers\NtiEnc.sys [2010-2-11 156928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-3-9 197224]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-11 135664]
S2 ProcTrigger;LANDesk(R) Process Trigger Service;c:\program files\landesk\ldclient\ProcTriggerSvc.exe [2012-1-28 143872]
S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 tracksvc;LANDesk(R) Power Management Track Service;c:\program files\landesk\ldclient\tracksvc.exe [2012-1-28 66560]
S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2012-3-9 1414528]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-7-2 23888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 cpuz130;cpuz130;\??\c:\docume~1\sertman\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\sertman\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\emp_udau.sys --> c:\windows\system32\drivers\EMP_UDAU.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-11 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2008-12-10 34248]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-22 114144]
S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2011-1-5 6913920]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys --> c:\windows\system32\drivers\ngfilter.sys [?]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys --> c:\windows\system32\drivers\nglog.sys [?]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys --> c:\windows\system32\drivers\ngvpn.sys [?]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys --> c:\windows\system32\drivers\ngwfp.sys [?]
S3 NinjaService;NinjaService;c:\program files\newtech infosystems\nti shadow 4\NinjaService.exe [2009-12-3 243968]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-9-4 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-9-11 14336]
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2012-10-18 14:59:01 -------- d-----w- c:\documents and settings\admin_sertman\application data\Malwarebytes
2012-10-18 14:58:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-18 14:58:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-18 14:58:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-17 21:31:22 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-10-17 14:52:24 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus
2012-10-17 14:44:56 -------- d-----w- c:\documents and settings\admin_sertman\application data\LavasoftStatistics
2012-10-17 14:39:30 -------- d-----w- c:\windows\system32\drivers\VDD
2012-10-17 14:39:30 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-10-17 14:38:32 -------- d-----w- c:\documents and settings\admin_sertman\local settings\application data\Downloaded Installations
2012-10-17 14:37:53 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-10-17 14:37:53 -------- d-----w- c:\documents and settings\admin_sertman\local settings\application data\adawarebp
2012-10-17 14:37:51 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-10-17 14:37:47 -------- d-----w- c:\program files\adawaretb
2012-10-17 14:37:47 -------- d-----w- c:\documents and settings\admin_sertman\application data\adawaretb
2012-10-17 14:37:46 -------- d-----w- c:\program files\Toolbar Cleaner
2012-10-17 14:36:33 -------- d-----w- c:\documents and settings\admin_sertman\application data\Ad-Aware Antivirus
2012-10-17 14:22:53 -------- d-----w- c:\documents and settings\admin_sertman\local settings\application data\Threat Expert
2012-10-17 13:32:48 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-10-17 13:32:48 -------- d-----w- c:\program files\common files\PC Tools
2012-10-17 13:32:25 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-10-17 13:32:23 -------- d-----w- c:\documents and settings\admin_sertman\application data\TestApp
2012-10-04 15:51:45 -------- d-----w- C:\Program Files (x86)
2012-10-04 15:34:53 -------- d-----w- c:\documents and settings\admin_sertman\local settings\application data\{F634D983-4380-4DAE-8533-9D1A163A3FC1}
2012-10-04 13:50:57 -------- d-----w- c:\program files\Admiralty_Digital_Catalogue
2012-10-04 13:50:57 -------- d-----w- c:\documents and settings\all users\application data\Admiralty_Digital_Catalogue
2012-10-03 17:18:15 -------- d-----w- c:\program files\common files\EPSON Projector
2012-10-03 14:27:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-03 13:19:58 -------- d-----w- c:\program files\UPHClean
2012-10-03 13:09:34 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-10-03 13:09:31 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-10-03 13:09:31 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-10-03 13:09:28 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-10-03 13:09:25 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-10-03 13:09:12 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-10-03 13:09:09 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-10-03 13:09:09 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-10-03 13:09:06 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-10-03 13:09:06 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-10-03 13:07:58 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2012-10-03 13:06:57 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2012-10-03 13:05:57 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-10-03 13:04:57 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2012-10-03 13:03:59 404990 -c--a-w- c:\windows\system32\dllcache\slntamr.sys
2012-10-03 13:02:59 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2012-10-03 13:01:59 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-10-03 13:00:58 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-10-03 12:59:58 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-10-03 12:58:58 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2012-10-03 12:57:59 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2012-10-03 12:56:59 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-10-03 12:55:59 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2012-10-03 12:54:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2012-10-03 12:53:59 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2012-10-03 12:52:59 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2012-10-03 12:51:59 3072 -c--a-w- c:\windows\system32\dllcache\cwbase.sys
2012-10-03 12:50:59 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2012-10-03 12:49:57 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
.
==================== Find3M ====================
.
2012-08-29 09:31:21 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-29 09:31:20 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 11:31:27.81 ===============
I followed your 5-Step Preliminary Removal Instructions, and my logs follow"
-------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.10.18.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin_sertman :: MAH-SERTMAN [administrator]
10/18/2012 11:00:26 AM
mbam-log-2012-10-18 (11-00-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 355096
Time elapsed: 11 minute(s), 12 second(s)
Memory Processes Detected: 1
C:\Documents and Settings\All Users\Application Data\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> 2644 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro1 (Trojan.Dropper) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\All Users\Application Data\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> Delete on reboot.
(end)
-------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-10-18 11:26:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01
Running: bph3uchs.exe; Driver: C:\DOCUME~1\ADMIN_~1\LOCALS~1\Temp\kxdoikog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip QipTdi.sys (QIPTDI Application/Websense, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp QipTdi.sys (QIPTDI Application/Websense, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp QipTdi.sys (QIPTDI Application/Websense, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp QipTdi.sys (QIPTDI Application/Websense, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
-------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by admin_sertman at 11:29:56 on 2012-10-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2940.2091 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
C:\WINDOWS\system32\btservice.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Progra~1\Abacus\BillingPopup\AbacusBillingPopupService.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\CM Remote Client\CSIRemoteCSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\ProPatches\Scheduler\STSchedEx.exe
C:\Program Files\LANDesk\LDCLient\softmon.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Websense\Websense Endpoint\wepsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\USBStorage\USBDetector.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Abacus\BillingPopup\AbacusBillingClient.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Program Files\HDR\HDR Interactive Call Expensor\ICE.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Wiley\Webster's New World\HKML_SRV.exe
C:\Program Files\Websense\Websense Endpoint\RFUI.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.hdrinc.com
uWindow Title = Windows Internet Explorer provided by HDR, Inc. v1.4
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://home.hdrinc.com
BHO: PowerBroker Desktops Browser Helper: {0A9CDB52-EBDF-4210-9C6A-B90C2FD410AB} - c:\windows\system32\pmbho.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_265_ActiveX.exe -update activex
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [LANDeskCustomData] "c:\program files\landesk\ldclient\ldcstm32.exe" /s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [USBDetector] c:\usbstorage\USBDetector.exe
mRun: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
dRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\abacus~1.lnk - c:\program files\abacus\billingpopup\AbacusBillingClient.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hdrint~1.lnk - c:\program files\hdr\hdr interactive call expensor\ICE.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wnwtra~1.lnk - c:\program files\wiley\webster's new world\HKML_SRV.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: RunLogonScriptSync = dword:0
mPolicies-System: HideStartupScripts = dword:1
mPolicies-System: HideShutdownScripts = dword:1
mPolicies-System: MaxGPOScriptWait = dword:60
mPolicies-Windows\System: GpNetworkStartTimeoutPolicyValue = dword:60
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: eform.ae
Trusted Zone: eforms.ae
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343983260375
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343983182187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www3.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://asascience.webex.com/client/T27LB/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://ice.hydroqual.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ice.hydroqual.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 10.73.134.246 10.4.0.91 10.4.0.139
TCP: Interfaces\{231FF0A2-8CAD-4FDC-B83A-4BB87C7AB06F} : DHCPNameServer = 10.73.134.246 10.4.0.91 10.4.0.139
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 192.168.1.2 HP0017A42A1C10
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin_sertman\application data\mozilla\firefox\profiles\93b1epg2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.alnaddy.com/?afltid=wbpk
FF - prefs.js: keyword.URL - hxxp://www.alnaddy.com/search/?q=
FF - prefs.js: browser.search.selectedEngine - Alnaddy
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.alnaddyToolbar.autoRvrt - false
FF - user.js: extensions.alnaddyToolbar_i.hmpg - true
FF - user.js: extensions.alnaddyToolbar.hmpgUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.dfltSrch - true
FF - user.js: extensions.alnaddyToolbar.srchPrvdr - Alnaddy
FF - user.js: extensions.alnaddyToolbar.keyWordUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar_i.dnsErr - true
FF - user.js: extensions.alnaddyToolbar_i.newTab - true
FF - user.js: extensions.alnaddyToolbar.newTabUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.tlbrSrchUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar.id - d0ebde4c00000000000000fff3acc37f
FF - user.js: extensions.alnaddyToolbar.instlDay - 15581
FF - user.js: extensions.alnaddyToolbar.vrsn - 1.6.4.0
FF - user.js: extensions.alnaddyToolbar.vrsni - 1.6.4.0
FF - user.js: extensions.alnaddyToolbar_i.vrsnTs - 1.6.4.012:24:06
FF - user.js: extensions.alnaddyToolbar.prtnrId - alnaddy
FF - user.js: extensions.alnaddyToolbar.prdct - alnaddyToolbar
FF - user.js: extensions.alnaddyToolbar.aflt - wbpk
FF - user.js: extensions.alnaddyToolbar_i.smplGrp - none
FF - user.js: extensions.alnaddyToolbar.tlbrId - alnaddy1
FF - user.js: extensions.alnaddyToolbar.instlRef -
FF - user.js: extensions.alnaddyToolbar.dfltLng -
FF - user.js: extensions.alnaddyToolbar.excTlbr - false
FF - user.js: extensions.alnaddyToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R1 privman;privman;c:\windows\system32\drivers\privman.sys [2011-2-12 30416]
R1 QIP;QIP;c:\windows\system32\drivers\Qip.sys [2011-8-1 56640]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-10-26 21240]
R2 AbacusBillingPopupService;AbacusBillingPopupService;c:\progra~1\abacus\billingpopup\AbacusBillingPopupService.exe [2011-7-21 299008]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-9-20 1236368]
R2 BTService;PowerBroker Desktop Service;c:\windows\system32\btservice.exe [2010-9-23 420680]
R2 CBA8;LANDesk(R) Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2011-8-1 147456]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-8-4 108456]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-8-4 108456]
R2 CSIRemoteC;CM Remote Client;c:\program files\cm remote client\CSIRemoteCSvc.exe [2009-12-5 102400]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-3-9 13592]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2012-1-28 207872]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\landesk\ldclient\tmcsvc.exe [2012-1-28 179200]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-7-23 10448]
R2 QipTdi;WEP QipTdi Driver;c:\windows\system32\drivers\QIPTDI.sys [2011-8-1 46656]
R2 RNetCore;RF RNetCore Driver;c:\windows\system32\drivers\RNetCore.sys [2011-8-1 28544]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-10-26 77816]
R2 Shavlik Scheduler;Shavlik Remote Scheduler Service;c:\windows\propatches\scheduler\STSchedEx.exe [2010-11-5 822112]
R2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2012-1-28 403632]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-8-4 1839888]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\tiremote\TIRemoteService.exe [2009-8-31 210944]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2008-12-10 1590216]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2009-6-26 102400]
R2 WSRF;Websense Desktop Client ;c:\program files\websense\websense endpoint\wepsvc.exe [2011-10-19 60928]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-12-21 618896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-11 5888]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2012-1-25 14848]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2012-1-25 5120]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 10384]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2012-1-25 6656]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2011-2-8 10688]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20121017.019\NAVENG.SYS [2012-10-17 92704]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20121017.019\NAVEX15.SYS [2012-10-17 1601184]
R3 NtiEnc;NtiEnc;c:\windows\system32\drivers\NtiEnc.sys [2010-2-11 156928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-3-9 197224]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-11 135664]
S2 ProcTrigger;LANDesk(R) Process Trigger Service;c:\program files\landesk\ldclient\ProcTriggerSvc.exe [2012-1-28 143872]
S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 tracksvc;LANDesk(R) Power Management Track Service;c:\program files\landesk\ldclient\tracksvc.exe [2012-1-28 66560]
S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2012-3-9 1414528]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-7-2 23888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 cpuz130;cpuz130;\??\c:\docume~1\sertman\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\sertman\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\emp_udau.sys --> c:\windows\system32\drivers\EMP_UDAU.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-11 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2008-12-10 34248]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-22 114144]
S3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2011-1-5 6913920]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys --> c:\windows\system32\drivers\ngfilter.sys [?]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys --> c:\windows\system32\drivers\nglog.sys [?]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys --> c:\windows\system32\drivers\ngvpn.sys [?]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys --> c:\windows\system32\drivers\ngwfp.sys [?]
S3 NinjaService;NinjaService;c:\program files\newtech infosystems\nti shadow 4\NinjaService.exe [2009-12-3 243968]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-9-4 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-9-11 14336]
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2012-10-18 14:59:01 -------- d-----w- c:\documents and settings\admin_sertman\application data\Malwarebytes
2012-10-18 14:58:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-18 14:58:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-18 14:58:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-17 21:31:22 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-10-17 14:52:24 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus
2012-10-17 14:44:56 -------- d-----w- c:\documents and settings\admin_sertman\application data\LavasoftStatistics
2012-10-17 14:39:30 -------- d-----w- c:\windows\system32\drivers\VDD
2012-10-17 14:39:30 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-10-17 14:38:32 -------- d-----w- c:\documents and settings\admin_sertman\local settings\application data\Downloaded Installations
2012-10-17 14:37:53 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-10-17 14:37:53 -------- d-----w- c:\documents and settings\admin_sertman\local settings\application data\adawarebp
2012-10-17 14:37:51 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-10-17 14:37:47 -------- d-----w- c:\program files\adawaretb
2012-10-17 14:37:47 -------- d-----w- c:\documents and settings\admin_sertman\application data\adawaretb
2012-10-17 14:37:46 -------- d-----w- c:\program files\Toolbar Cleaner
2012-10-17 14:36:33 -------- d-----w- c:\documents and settings\admin_sertman\application data\Ad-Aware Antivirus
2012-10-17 14:22:53 -------- d-----w- c:\documents and settings\admin_sertman\local settings\application data\Threat Expert
2012-10-17 13:32:48 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-10-17 13:32:48 -------- d-----w- c:\program files\common files\PC Tools
2012-10-17 13:32:25 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-10-17 13:32:23 -------- d-----w- c:\documents and settings\admin_sertman\application data\TestApp
2012-10-04 15:51:45 -------- d-----w- C:\Program Files (x86)
2012-10-04 15:34:53 -------- d-----w- c:\documents and settings\admin_sertman\local settings\application data\{F634D983-4380-4DAE-8533-9D1A163A3FC1}
2012-10-04 13:50:57 -------- d-----w- c:\program files\Admiralty_Digital_Catalogue
2012-10-04 13:50:57 -------- d-----w- c:\documents and settings\all users\application data\Admiralty_Digital_Catalogue
2012-10-03 17:18:15 -------- d-----w- c:\program files\common files\EPSON Projector
2012-10-03 14:27:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-03 13:19:58 -------- d-----w- c:\program files\UPHClean
2012-10-03 13:09:34 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-10-03 13:09:31 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-10-03 13:09:31 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-10-03 13:09:28 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-10-03 13:09:25 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-10-03 13:09:12 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-10-03 13:09:09 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-10-03 13:09:09 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-10-03 13:09:06 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-10-03 13:09:06 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-10-03 13:07:58 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2012-10-03 13:06:57 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2012-10-03 13:05:57 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-10-03 13:04:57 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2012-10-03 13:03:59 404990 -c--a-w- c:\windows\system32\dllcache\slntamr.sys
2012-10-03 13:02:59 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2012-10-03 13:01:59 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-10-03 13:00:58 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-10-03 12:59:58 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-10-03 12:58:58 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2012-10-03 12:57:59 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2012-10-03 12:56:59 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-10-03 12:55:59 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2012-10-03 12:54:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2012-10-03 12:53:59 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2012-10-03 12:52:59 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2012-10-03 12:51:59 3072 -c--a-w- c:\windows\system32\dllcache\cwbase.sys
2012-10-03 12:50:59 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2012-10-03 12:49:57 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
.
==================== Find3M ====================
.
2012-08-29 09:31:21 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-29 09:31:20 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 11:31:27.81 ===============