Solved Malwarebytes blocking websites, computer stalling and can't do system restore

[dblads]

Have symantec antivirus protection - updated. Have tried Malwarebytes software and SuperSpyware software...both have found trojans. On reboot, laptop stalls. Have tried unsuccessfully to do system restore from safe boot prior to finding this site. Can usually do one task in normal mode before computer locks up. Any help would be greatly appreciated. Logs to follow.

 

[dblads]

MBAM Quickscan log

Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.27.10
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
DBLeblan :: RFSHRL202 [administrator]
Protection: Enabled
9/27/2012 10:18:06 PM
mbam-log-2012-09-27 (22-18-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 307492
Time elapsed: 23 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[dblads]

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-27 22:51:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.8909
Running: i9f8kc5h.exe; Driver: C:\DOCUME~1\dbleblan\LOCALS~1\Temp\kwdyipob.sys

---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----

 

[dblads]

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by DBLeblan at 22:57:09 on 2012-09-27
.
============== Running Processes ===============
.
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHQA.EXE
C:\Documents and Settings\dbleblan\Desktop\dds.com
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RCHotKey] "c:\program files\ringcentral\ringcentral call controller\RCHotKey.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Artisan 730(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihqa.exe /fu "c:\docume~1\dbleblan\locals~1\temp\E_S30E.tmp" /EF "HKCU"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoThemesTab = 1 (0x1)
uPolicies-system: NoVisualStyleChoice = 1 (0x1)
uPolicies-system: NoSizeChoice = 1 (0x1)
uPolicies-system: NoColorChoice = 1 (0x1)
uPolicies-system: Wallpaper = \\rfslafs1\users\rfsbackground.bmp
uPolicies-system: WallpaperStyle = 0
uPolicies-system: SetVisualStyle = \\rfslafs1\users\rfsbackground.bmp
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: bmnet.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://klmenuweb/MenugisticsTCH/Reserved.ReportViewerWebControl.axd?ReportSession=wz3dfa45lyjp1w552mv21tjg&ControlID=20a8ba774d6042cd8280e9b8a4e339de&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://rfsvpn1.rfsdelivers.com/auth/taweb.cab
DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} - hxxps://www.mydlink.com/8D/activeX//TunnelX.ocx
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342995031359
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342995024609
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9B57C630-AA6E-440D-8D44-D34542E5531A} - hxxps://www150.livemeeting.com/etc/static/TRIrapid2/2011-07-14-21-08-21/MailObjects.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://itradenetwork.webex.com/client/T27LB/webex/ieatgpc.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
TCP: DhcpNameServer = 205.152.132.23 205.152.37.23 192.168.1.1
TCP: Interfaces\{9771BF21-EBAC-481A-81AD-8DE1D4326245} : DhcpNameServer = 205.152.132.23 205.152.37.23 192.168.1.1
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R? ATSwpWDF;AuthenTec TruePrint USB WDF Driver
R? ATTRcAppSvc;AT&T RcAppSvc
R? BTCFilterService;USB Networking Driver Filter Service
R? COH_Mon;COH_Mon
R? Com4QLBEx;Com4QLBEx
R? HTCAND32;HTC Device Driver
R? MBAMProtector;MBAMProtector
R? MBAMService;MBAMService
R? motccgp;Motorola USB Composite Device Driver
R? motccgpfl;MotCcgpFlService
R? Motousbnet;Motorola USB Networking Driver Service
R? motusbdevice;Motorola USB Dev Driver
R? PulseUsb;Livescribe Smartpen USB Driver
R? vsdatant;vsdatant
R? WsAudio_DeviceS(1);WsAudio_DeviceS(1)
S? !SASCORE;SAS Core Service
S? accoca;ActivClient Middleware Service
S? ccEvtMgr;Symantec Event Manager
S? ccSetMgr;Symantec Settings Manager
S? DeviceMonitorService;DeviceMonitorService
S? EpsonCustomerParticipation;EpsonCustomerParticipation
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? FreeAgentGoNext Service;Seagate Service
S? IFXTPM;IFXTPM
S? MBAMScheduler;MBAMScheduler
S? Motorola Device Manager;Motorola Device Manager Service
S? NACAgent;Cisco NAC Agent
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? pcCMService;pcCMService
S? PenCommService;Livescribe Pulse Smartpen Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SFAUDIO;Sonic Focus DSP Driver
S? Symantec AntiVirus;Symantec Endpoint Protection
S? TomTomHOMEService;TomTomHOMEService
S? tvnserver;TightVNC Server
.
=============== Created Last 30 ================
.
2012-09-28 02:16:50 5658 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-09-28 01:09:00 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-09-27 17:28:02 -------- d-----w- c:\documents and settings\dbleblan\application data\SUPERAntiSpyware.com
2012-09-27 17:27:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-27 17:27:29 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-09-26 22:02:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 21:34:12 451072 ----a-w- c:\documents and settings\dbleblan\application data\psevc.dll
2012-09-26 21:33:17 -------- d-----w- c:\documents and settings\all users\application data\F139BF267F3771D00029F139955EE3A0
2012-09-18 21:45:40 -------- d-----w- c:\documents and settings\dbleblan\local settings\application data\TechSmith
2012-09-18 18:59:56 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-09-18 18:59:56 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-17 21:53:08 -------- d-----w- c:\documents and settings\dbleblan\application data\Malwarebytes
2012-09-17 21:53:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-17 21:53:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-17 21:40:02 -------- d-----w- c:\documents and settings\dbleblan\application data\Remote
2012-09-17 19:56:52 -------- d-----w- c:\program files\Enigma Software Group
2012-09-14 21:28:07 -------- d-----w- c:\documents and settings\all users\application data\Cisco Systems
2012-09-14 13:59:47 -------- d-----w- c:\program files\ATT
2012-09-13 18:47:45 -------- d-----w- c:\program files\Yahoo!
2012-09-13 18:46:48 -------- d-----w- c:\program files\ATT-HSI
2012-09-13 18:46:37 -------- d-----w- c:\program files\common files\Motive
2012-08-30 03:27:22 -------- d-----w- c:\program files\common files\Cisco
.
==================== Find3M ====================
.
2012-09-11 17:26:44 60304 ----a-w- c:\documents and settings\dbleblan\g2mdlhlpx.exe
2012-09-08 10:10:26 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-08-03 17:22:55 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 23:02:52.95 ===============

 

[dblads]

DDS Attach Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Installed Programs ======================
.
2007 Microsoft Office system
32 Bit HP CIO Components Installer
8000A809
8000A809_eDocs
8000A809_Help
Activation Assistant for the 2007 Microsoft Office suites
ActivClient 6.1 x86
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
AiO_Scan_CDA
Amazon Kindle
Amazon MP3 Downloader 1.0.15
Amazon MP3 Uploader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Communication Manager
AT&T Connect Participant
AudibleManager
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.0.1
BlackBerry Desktop Software 6.1
Bonjour
BPDSoftware
BPDSoftware_Ini
BufferChm
Calendar Printing Assistant for Microsoft Office Outlook 2007
Camtasia Studio 7
CCleaner
Cisco Connect
Cisco NAC Agent
Cisco Systems VPN Client 5.0.05.0290
Cisco WebEx Meetings
Cognos 8 BI Analysis for Microsoft Excel
Cognos 8 Go! Office
Content Transfer
CutePDF Writer 2.7
DeviceDiscovery
Driver Installer
EC Software TNT Screen Capture 2.1
EPSON Artisan 730 Series Printer Uninstall
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson Print CD
EPSON Scan
EpsonNet Print
Evernote v. 4.5.6
Gold Medal - Make More With Less
GoToMeeting 5.2.0.952
GPBaseService2
GPL Ghostscript 8.54
GPL Ghostscript Fonts
Help & Manual 5
Help & Manual 6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP 3D DriveGuard
HP BatteryCheck 1.00 A7
HP Customer Participation Program 12.0
HP Doc Viewer
HP Help and Support
HP Imaging Device Functions 12.0
HP Officejet Pro 8000 A809 Series
HP Photosmart, Officejet and Deskjet 7.0.A
HP Quick Launch Buttons 6.40 D3
HP QuickLook 2
HP Smart Web Printing
HP Software Setup 5.00.A.5
HP Solution Center 12.0
HP Update
HP User Guide Bluetooth Addendum 0062
HP User Guides 0097
HP Wireless Assistant
HPProductAssistant
HPSSupply
HTC BMP USB Driver
ICE.TCP Pro
InstallMgr
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
ISO Recorder
Java(TM) 6 Update 13
Lexmark Software Uninstall
Livescribe Connect
Livescribe Desktop
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.65.0.1400
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft IntelliPoint 7.1
Microsoft IntelliType Pro 7.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MotoCast
MotoHelper MergeModules
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.9.0
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6 Service Pack 2 (KB973686)
myPrintMileage (Officejet Pro 8000 A809)
Network
NowPDF
NWZ-S540 WALKMAN Guide
pdfsam 0.7sr1
ProductContext
QFolder
QuickTime
RingCentral Call Controller
Scan
Seagate Manager Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Status
SUPERAntiSpyware
Symantec Endpoint Protection
The Markon Fresh Produce Wizard
TightVNC 2.0.2
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinZip
XEROX DocuMate 510
.
==== End Of File ===========================

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.​

​

​

Please see here for the board rules and other FAQ.​

​

Please feel free to introduce yourself, after you follow the steps below to get started.​

​

Information​

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

​

Also, include this scan:​

​

Download AdwCleaner by Xplode onto your Desktop.​

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

[dblads]

Here is the R1 txt file...Also will post the S1 file that opened after it rebooted the computer.

# AdwCleaner v2.003 - Logfile created 09/28/2012 at 11:17:00
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : DBLeblan - RFSHRL202
# Boot Mode : Normal
# Running from : C:\Documents and Settings\dbleblan\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [712 octets] - [28/09/2012 11:17:00]
########## EOF - C:\AdwCleaner[R1].txt - [771 octets] ##########

 

[dblads]

# AdwCleaner v2.003 - Logfile created 09/28/2012 at 11:18:34
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : DBLeblan - RFSHRL202
# Boot Mode : Normal
# Running from : C:\Documents and Settings\dbleblan\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
*************************
AdwCleaner[R1].txt - [839 octets] - [28/09/2012 11:17:00]
AdwCleaner[S1].txt - [1194 octets] - [28/09/2012 11:18:34]
########## EOF - C:\AdwCleaner[S1].txt - [1254 octets] ##########

 

[Jay Pfoutz]

Good job! (y)

Scan for malware

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Copy and paste the entire report in your next reply.

 

[dblads]

TDSSKiller file attached.

MBAM log below:
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.28.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
DBLeblan :: RFSHRL202 [administrator]
Protection: Enabled
9/28/2012 2:48:49 PM
mbam-log-2012-09-28 (14-48-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 311212
Time elapsed: 24 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[Jay Pfoutz]

That killed the biggest underlying problem, good job!

avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
• Double click aswMBR.exe to run it
• Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

• Once the scan finishes click Save log to save the log to your Desktop
  
  
• Copy and paste the contents of aswMBR.txt back here for review
• Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well.

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
• It is important to rename ComboFix before the download.
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[dblads]

Please find the logs from aswMBR. As for ComboFix, I am not able to disable Symantec Endpoint Protection...one of the only things my employer blocks. I tried going to safe boot (w/ networking is my only option) and Symantec is still partly enabled. I did not want to proceed with running ComboFix without your advise first.

aswMBR.txt
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-29 12:12:46
-----------------------------
12:12:46.890 OS Version: Windows 5.1.2600 Service Pack 3
12:12:46.890 Number of processors: 2 586 0x1706
12:12:46.890 ComputerName: RFSHRL202 UserName: DBLeblan
12:12:47.140 Initialze error 0
12:12:49.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:12:49.843 Disk 0 Vendor: FUJITSU_ 8909 Size: 152627MB BusType: 3
12:12:49.875 Disk 0 MBR read successfully
12:12:49.890 Disk 0 MBR scan
12:12:49.906 Disk 0 unknown MBR code
12:12:49.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 151589 MB offset 63
12:12:49.953 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 1027 MB offset 310472190
12:12:49.968 Disk 0 scanning sectors +312576705
12:12:50.046 Disk 0 scanning C:\WINDOWS\system32\drivers
12:12:50.062 Service scanning
12:12:51.390 Modules scanning
12:12:52.734 Disk 0 trace - called modules:
12:12:52.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
12:12:52.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0b2030]
12:12:52.781 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> [0x8b0648b8]
12:12:52.796 5 hpdskflt.sys[f771833d] -> nt!IofCallDriver -> \Device\000000e7[0x8b0b4670]
12:12:52.812 7 ACPI.sys[f7330620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8b0b3030]
12:12:52.812 Scan finished successfully
12:12:56.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\dbleblan\Desktop\logs\MBR.dat"
12:12:56.734 The log file has been saved successfully to "C:\Documents and Settings\dbleblan\Desktop\logs\aswMBR.txt"

MBR.dat changed to MBR.txt
ú3ÀŽÐ¼ |‹ôPPûü¿ ¹
ò¥ê ¾¾³€<€t€< uƒÆþËuïÍ‹‹L‹îƒÆþËt€< tô¾‹¬< tV» ´Í^ëðëþ¿ » |¸
WÍ_s 3ÀÍOuí¾£ëӾ¿þ}=UªuÇ‹õê | Invalid partition table Error loading operating system Missing operating system ª•ª• €

þÿÿ? þ. Áÿ þÿÿþmÃ Uª

 

[Jay Pfoutz]

Go ahead and run ComboFix anyway. I'll be back in the morning (ET).

Also, run the following scan, please:

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

 

[dblads]

ComboFix

ComboFix 12-09-27.03 - DBLeblan 09/29/2012 13:10:44.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3001.2259 [GMT -5:00]
Running from: c:\documents and settings\dbleblan\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\dbleblan\Application Data\psevc.dll
c:\documents and settings\dbleblan\Application Data\Remote
c:\documents and settings\dbleblan\Application Data\Remote\kkjt
c:\documents and settings\dbleblan\g2mdlhlpx.exe
c:\documents and settings\dleblan\g2mdlhlpx.exe
c:\documents and settings\dleblan\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-29 )))))))))))))))))))))))))))))))
.
.
2012-09-28 19:41 . 2012-09-28 19:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-28 01:09 . 2012-09-28 01:09 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-09-27 17:28 . 2012-09-27 17:28 -------- d-----w- c:\documents and settings\dbleblan\Application Data\SUPERAntiSpyware.com
2012-09-27 17:27 . 2012-09-28 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-27 17:27 . 2012-09-27 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-09-26 22:02 . 2012-09-07 22:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 21:33 . 2012-09-26 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\F139BF267F3771D00029F139955EE3A0
2012-09-18 21:45 . 2012-09-18 21:45 -------- d-----w- c:\documents and settings\dbleblan\Local Settings\Application Data\TechSmith
2012-09-18 18:59 . 2012-09-18 18:59 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-17 21:53 . 2012-09-17 21:53 -------- d-----w- c:\documents and settings\dbleblan\Application Data\Malwarebytes
2012-09-17 21:53 . 2012-09-17 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-17 21:53 . 2012-09-28 01:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-17 19:56 . 2012-09-17 19:56 -------- d-----w- c:\program files\Enigma Software Group
2012-09-14 21:28 . 2012-09-14 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco Systems
2012-09-14 14:01 . 2012-09-14 14:01 -------- d-----w- c:\documents and settings\dbleblan\Application Data\Motive
2012-09-14 13:59 . 2012-09-14 13:59 -------- d-----w- c:\program files\ATT
2012-09-13 18:47 . 2012-09-14 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-09-13 18:47 . 2012-09-13 18:47 -------- d-----w- c:\documents and settings\dbleblan\Application Data\Yahoo!
2012-09-13 18:47 . 2012-09-14 15:05 -------- d-----w- c:\program files\Yahoo!
2012-09-13 18:46 . 2012-09-13 18:46 -------- d-----w- c:\program files\ATT-HSI
2012-09-13 18:46 . 2012-09-14 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2012-09-13 18:46 . 2012-09-14 15:47 -------- d-----w- c:\program files\Common Files\Motive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 10:10 . 2011-05-19 20:53 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-08-03 17:22 . 2012-06-15 16:55 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-07-06 13:58 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-04 08:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 08:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2010-09-22 38144]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-27 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2010-07-08 815704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-24 115560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-01-27 483552]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Firewall Client Connectivity Monitor.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Firewall Client Connectivity Monitor.LNK
backup=c:\windows\pss\Firewall Client Connectivity Monitor.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dbleblan^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\documents and settings\dbleblan\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-07-30 20:02 640480 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-07-31 09:19 41944 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 17:00 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2010-03-10 23:10 883272 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2009-11-20 00:15 583016 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-11-05 20:35 1468256 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2009-11-05 20:45 1505144 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-09-26 05:31 185640 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-02-03 18:05 233304 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotoCast]
2012-08-03 17:24 1704 ----a-w- c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rim.DesktopHelper.exe]
2011-06-07 13:06 744280 ----a-w- c:\program files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 00:12 143360 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
2004-06-21 01:45 630854 ----a-w- c:\program files\UltraVNC\winvnc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 5:14 AM 24064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 6:38 PM 116608]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 6:08 PM 182576]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [6/5/2012 11:48 AM 87400]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\EpsonCustomerParticipation\EPCP.exe [6/9/2011 1:01 PM 521600]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/26/2012 5:02 PM 399432]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [7/17/2012 3:31 PM 116632]
R2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [1/26/2011 10:09 PM 827616]
R2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [9/14/2012 8:59 AM 361472]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [10/27/2011 6:56 PM 470528]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [7/8/2010 8:28 AM 815704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 6:30 AM 106656]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/4/2007 2:16 PM 41216]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/26/2012 5:02 PM 676936]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/13/2008 10:30 AM 475520]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [3/10/2010 6:12 PM 121416]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [8/3/2012 12:22 PM 6016]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [3/24/2011 4:54 PM 23888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/8/2008 7:18 AM 193840]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/26/2012 5:02 PM 22856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/3/2012 12:22 PM 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/3/2012 12:22 PM 8448]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [8/3/2012 12:22 PM 23808]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [8/3/2012 12:22 PM 11008]
S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [12/25/2011 11:25 PM 20480]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [9/28/2010 9:38 AM 16640]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2010-09-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 20:35]
.
2010-09-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-05 20:45]
.
2012-09-24 c:\windows\Tasks\MotoCast Update.job
- c:\program files\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-05-26 14:35]
.
2012-09-24 c:\windows\Tasks\Motorola Device Manager Engine.job
- c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17 20:31]
.
2012-09-02 c:\windows\Tasks\Motorola Device Manager Update.job
- c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17 20:31]
.
2012-09-29 c:\windows\Tasks\User_Feed_Synchronization-{9359E281-F91B-4048-96B0-B033EEF225AA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 205.152.132.23 205.152.37.23 192.168.1.1
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://klmenuweb/MenugisticsTCH/Reserved.ReportViewerWebControl.axd?ReportSession=wz3dfa45lyjp1w552mv21tjg&ControlID=20a8ba774d6042cd8280e9b8a4e339de&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://rfsvpn1.rfsdelivers.com/auth/taweb.cab
DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} - hxxps://www.mydlink.com/8D/activeX//TunnelX.ocx
DPF: {9B57C630-AA6E-440D-8D44-D34542E5531A} - hxxps://www150.livemeeting.com/etc/static/TRIrapid2/2011-07-14-21-08-21/MailObjects.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
SafeBoot-64328469.sys
SafeBoot-Symantec Antvirus
MSConfigStartUp-HTC Sync Loader - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-29 13:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
.
- - - - - - - > 'lsass.exe'(1148)
c:\windows\system32\bmnet.dll
.
Completion time: 2012-09-29 13:23:57
ComboFix-quarantined-files.txt 2012-09-29 18:23
.
Pre-Run: 87,075,966,976 bytes free
Post-Run: 88,241,623,040 bytes free
.
- - End Of File - - AFB02E53C4FDE2D7054209CB6F514C43

ESET Online Scan
C:\Qoobox\Quarantine\C\Documents and Settings\dbleblan\Application Data\psevc.dll.vir a variant of Win32/Medfos.DY trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1170\A0154063.exe Win32/Simda.P trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1178\A0155619.dll a variant of Win32/Kryptik.ALZT trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1185\A0156469.dll a variant of Win32/Medfos.DX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1190\A0181418.dll a variant of Win32/Medfos.DY trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.09.2012_14.38.38\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Rootkit.Kryptik.NP trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.09.2012_14.38.38\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.09.2012_14.38.38\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

 

[Jay Pfoutz]

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

 

[dblads]

Computer appears to be running much faster and I haven't received any error messages since yesterday morning.

 

[Jay Pfoutz]

Okay, let's finish up.

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[dblads]

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Symantec Endpoint Protection
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java(TM) 6 Update 13
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

 

[Jay Pfoutz]

Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems




Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

 

[dblads]

Will do...Thanks so much for your help!

 

[Jay Pfoutz]

Great! And you're welcome.