|
-
June 22nd, 2012, 12:11 AM
#11
combo fix log
heres the log what do I do next
ComboFix 12-06-21.02 - Mary Forgione 06/21/2012 21:39:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.376 [GMT -4:00]
Running from: c:\documents and settings\Mary Forgione\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Guest\Application Data\PriceGong
c:\documents and settings\Guest\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Mary Forgione\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\Mary Forgione\Application Data\PriceGong
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\z.xml
c:\program files\Freeze.com\My.Freeze.com NetAssistant\NeTAssistant.dll
c:\program files\Protector by IB\ExTEnsion32.dll
c:\program files\Shop to Win 2\ShOPpingbho.dll
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\@
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\00000004.@
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\1afb2d56
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\201d3dde
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\U\00000004.@
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7d3dafd103a8533f.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\download
c:\windows\system32\download\ispinfo.csv
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 02:09 . 2012-06-22 02:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2012-06-21 01:48 . 2012-06-21 01:48 -------- d-----w- c:\documents and settings\Mary Forgione\Local Settings\Application Data\VS Revo Group
2012-06-21 01:48 . 2012-06-21 01:52 -------- d-----w- c:\windows\LastGood.Tmp
2012-06-21 01:48 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-06-21 01:48 . 2012-06-21 01:48 -------- d-----w- c:\program files\VS Revo Group
2012-06-20 14:15 . 2012-05-08 13:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\mpengine.dll
2012-06-18 03:29 . 2012-05-08 13:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 03:15 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 21:53 . 2012-06-12 21:53 -------- d-----w- C:\found.000
2012-06-10 04:29 . 2012-06-10 04:32 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-10 04:18 . 2012-06-10 04:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-10 03:27 . 2012-05-11 15:08 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-06-10 03:27 . 2012-05-11 15:13 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-06-10 03:27 . 2012-05-11 15:14 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-06-10 03:25 . 2012-02-28 15:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-06-10 03:25 . 2012-02-28 15:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-06-10 03:25 . 2012-04-23 16:36 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-06-10 03:25 . 2012-04-23 16:36 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-06-10 03:09 . 2012-06-10 03:09 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\DriverCure
2012-06-10 03:09 . 2012-06-10 03:09 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\SpeedMaxPc
2012-06-10 03:08 . 2012-06-10 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-06-10 02:30 . 2012-06-10 02:30 -------- d-----w- c:\documents and settings\Mary Forgione\Local Settings\Application Data\Threat Expert
2012-06-10 01:57 . 2012-05-08 22:21 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-06-10 01:57 . 2012-05-08 22:21 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-06-10 01:57 . 2012-05-08 22:21 2267064 ----a-w- c:\windows\PCTBDCore.dll
2012-06-10 01:57 . 2012-05-08 22:21 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-06-10 01:57 . 2012-05-08 22:21 767928 ----a-w- c:\windows\BDTSupport.dll
2012-06-10 01:56 . 2012-06-10 03:27 -------- d-----w- c:\program files\PC Tools
2012-06-10 01:18 . 2012-06-10 05:07 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-10 01:18 . 2012-05-11 15:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-10 01:18 . 2012-06-10 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-06-10 01:18 . 2012-06-10 01:18 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\TestApp
2012-05-26 04:13 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-05-26 04:13 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-05-25 15:01 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-10 17:51 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2012-05-08 21:47 . 2012-06-10 01:57 3488 ----a-w- c:\windows\UDB.zip
2012-05-08 21:47 . 2012-06-10 01:57 131 ----a-w- c:\windows\IDB.zip
2012-05-04 13:12 . 2004-08-10 17:51 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 03:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 19:56 . 2010-12-25 18:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-13 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1196384047\ee\AOLSoftware.exe" [2010-03-08 41800]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-04-06 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-06-14 01:41 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-10-31 17:46 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-07-30 09:40 16384 ----a-w- c:\dell\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 12:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-08-30 18:11 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1196384047\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-06-14 00:21 162584 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-06-14 00:21 142104 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW.exe]
2007-05-03 18:12 2061816 ----a-w- c:\program files\AT&T\Internet Security Wizard\ISW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-06-14 00:21 138008 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-06-14 01:41 16132608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2009-12-29 14:08 1653248 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/9/2012 11:25 PM 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/9/2012 11:25 PM 342168]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [6/9/2012 9:18 PM 203088]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [6/9/2012 9:57 PM 575416]
R2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe [4/25/2012 8:00 PM 185856]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [6/9/2012 11:27 PM 402336]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [6/9/2012 9:57 PM 70736]
S1 axijmkwc;axijmkwc;\??\c:\windows\system32\drivers\axijmkwc.sys --> c:\windows\system32\drivers\axijmkwc.sys [?]
S1 frahugpl;frahugpl;\??\c:\windows\system32\drivers\frahugpl.sys --> c:\windows\system32\drivers\frahugpl.sys [?]
S1 gghcyyvs;gghcyyvs;\??\c:\windows\system32\drivers\gghcyyvs.sys --> c:\windows\system32\drivers\gghcyyvs.sys [?]
S1 MpKslecf76eb8;MpKslecf76eb8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AA78B0A-723E-483F-A426-0F3F94D7B364}\MpKslecf76eb8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AA78B0A-723E-483F-A426-0F3F94D7B364}\MpKslecf76eb8.sys [?]
S1 msgxxslg;msgxxslg;\??\c:\windows\system32\drivers\msgxxslg.sys --> c:\windows\system32\drivers\msgxxslg.sys [?]
S1 ooertbom;ooertbom;\??\c:\windows\system32\drivers\ooertbom.sys --> c:\windows\system32\drivers\ooertbom.sys [?]
S1 tbdjgeud;tbdjgeud;\??\c:\windows\system32\drivers\tbdjgeud.sys --> c:\windows\system32\drivers\tbdjgeud.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2012 8:58 PM 136176]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/25/2007 6:32 PM 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2012 8:58 PM 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/20/2012 9:48 PM 27064]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 00:57]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 00:57]
.
2012-06-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
2012-06-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
.
2012-06-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
.
2012-06-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-05-04 19:43]
.
2012-06-22 c:\windows\Tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: motive.com\patttbc.att
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-21 22:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(828)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3768)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\PC Tools\PC Tools Security\pctsSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-21 22:53:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 02:53
.
Pre-Run: 32,680,919,040 bytes free
Post-Run: 33,734,696,960 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 812B65A5C586EF2A5E7A6CC13F4E423B
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
