Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack.WindowsUpdates


  • This topic is locked This topic is locked

#1
ehowdy

ehowdy

    New Member

  • Member
  • Pip
  • 3 posts
This infection started out as a Trojan:DOS/Alureon.A
Also coming along with it were Trojandownloaders, Rogue:Win32/FakeRean, Exploit:JS/Blacole.A and a few others.
I have been using Microsoft Security Essentials as my security, and Spybot Search and Destroy.
These were Identified on MSE, but not able to be removed.
Through some internet searches, I was recommended to run TDSSKiller and Malware Bytes Anti-Malware
I ran them both a few times, and TDSSKiller came up clean, and MBAM was able to remove almost everything after 2 full scans.
However, now there are 2 items that continue to show up - Hijack.WindowsUpdates (see MBAM excerpt just below)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Delete on reboot.

MBAM says it needs to reboot to remove them, but each scan I do after rebooting has the same issues.

Please Help ;-(




OTL logfile created on: 8/24/2011 3:53:12 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\SKA\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.04 Mb Total Physical Memory | 346.46 Mb Available Physical Memory | 34.17% Memory free
2.38 Gb Paging File | 1.71 Gb Available in Paging File | 71.72% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 6.00 Gb Free Space | 8.05% Space Free | Partition Type: NTFS
Drive E: | 1.94 Gb Total Space | 1.92 Gb Free Space | 99.23% Space Free | Partition Type: FAT

Computer Name: SKA-B6FFCB9CB43 | User Name: SKA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/24 15:21:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SKA\Desktop\OTL.exe
PRC - [2011/07/29 22:05:42 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/07/27 02:15:50 | 001,573,888 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/01/18 09:19:32 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2010/01/07 13:01:26 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxebcoms.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/10 16:56:48 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/02/21 08:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/21 08:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/02/19 13:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2004/08/04 02:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/01/18 09:19:32 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
MOD - [2009/12/16 09:07:29 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark\Pro200-S500 Series\lxebdrs.dll
MOD - [2009/12/16 09:07:29 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebdrs.dll
MOD - [2009/12/16 09:04:21 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebscw.dll
MOD - [2009/12/16 03:42:12 | 000,167,936 | ---- | M] () -- C:\Program Files\Lexmark\Pro200-S500 Series\lxebmicro.dll
MOD - [2009/11/04 05:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxebdrpp.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/05/27 04:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebdatr.dll
MOD - [2009/03/09 21:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark\Pro200-S500 Series\lxebcaps.dll
MOD - [2009/03/09 21:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebcaps.dll
MOD - [2009/02/20 00:48:43 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\LXEBsmr.dll
MOD - [2009/02/20 00:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXEBsm.dll
MOD - [2008/07/19 16:02:52 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32.dll
MOD - [2008/05/21 18:28:17 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Printable Web\resource.dll
MOD - [2008/05/21 18:28:12 | 000,180,224 | ---- | M] () -- C:\Program Files\Lexmark Printable Web\bho.dll
MOD - [2007/02/21 08:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/07 13:01:26 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxebcoms.exe -- (lxeb_device)
SRV - [2010/01/07 13:01:21 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/19 09:46:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/02/21 08:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/02/19 13:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2011/08/24 10:40:13 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14FF4FEC-1EF4-4476-B640-89EB0D484534}\MpKslbfcbb551.sys -- (MpKslbfcbb551)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/27 01:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 01:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/11/15 12:30:48 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2007/02/25 05:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/02/23 14:47:34 | 000,056,576 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/02/21 10:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/19 13:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/16 14:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/11/02 11:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60446
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60446

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...w=%s&tbid=60446
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\SKA\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\SKA\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\SKA\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\SKA\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FF3C66E8-C7FD-4CDA-83B9-5FD015E5F6CE}: C:\Documents and Settings\SKA\Local Settings\Application Data\{FF3C66E8-C7FD-4CDA-83B9-5FD015E5F6CE} [2009/09/12 09:39:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\SKA\Application Data\Move Networks [2009/11/03 13:02:57 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1269644914234 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1269644904968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attwm.webex....bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...etInstaller.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\SKA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SKA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 14:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{08d31616-764d-11dd-aacb-00188bda1d29}\Shell - "" = AutoRun
O33 - MountPoints2\{08d31616-764d-11dd-aacb-00188bda1d29}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{08d31616-764d-11dd-aacb-00188bda1d29}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{61e962de-7b72-11dd-88e9-00188bda1d29}\Shell - "" = AutoRun
O33 - MountPoints2\{61e962de-7b72-11dd-88e9-00188bda1d29}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61e962de-7b72-11dd-88e9-00188bda1d29}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/24 15:53:05 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SKA\Desktop\OTL.exe
[2011/08/24 15:42:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/24 15:42:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/24 15:42:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/24 15:42:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/24 15:42:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/24 15:42:19 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/24 15:39:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/24 15:38:35 | 004,182,373 | R--- | C] (Swearware) -- C:\Documents and Settings\SKA\Desktop\ComboFix.exe
[2011/08/24 10:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SKA\Application Data\Sammsoft
[2011/08/24 10:43:16 | 000,000,000 | ---D | C] -- C:\Firefox
[2011/08/24 10:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/08/24 10:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SKA\Local Settings\Application Data\AskToolbar
[2011/08/23 18:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SKA\Application Data\Malwarebytes
[2011/08/23 18:24:20 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/23 18:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/23 18:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/08/23 18:24:10 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/23 18:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/23 18:09:04 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\SKA\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/23 18:08:49 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\SKA\Desktop\tdsskiller.exe
[2011/07/29 15:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Axa
[2011/04/07 18:11:50 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoin.dll
[2011/04/07 18:08:19 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll
[2011/04/07 18:08:19 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEBhcp.dll
[2011/04/07 18:08:19 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll
[2011/04/07 18:08:18 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll
[2011/04/07 18:08:18 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll
[2011/04/07 18:08:17 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll
[2011/04/07 18:08:16 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll
[2011/04/07 18:08:15 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll
[2011/04/07 18:08:15 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebih.exe
[2011/04/07 18:08:13 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoms.exe
[2011/04/07 18:08:13 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll
[2011/04/07 18:08:12 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll
[2011/04/07 18:08:12 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcfg.exe
[36 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1038 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\SKA\*.tmp files -> C:\Documents and Settings\SKA\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/24 15:50:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/24 15:26:34 | 004,182,373 | R--- | M] (Swearware) -- C:\Documents and Settings\SKA\Desktop\ComboFix.exe
[2011/08/24 15:21:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SKA\Desktop\OTL.exe
[2011/08/24 15:17:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/24 14:49:14 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1343024091-839522115-1003UA.job
[2011/08/24 14:44:05 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/08/24 14:21:53 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\SKA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/24 13:17:01 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/24 10:45:14 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/24 10:44:42 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/24 10:44:42 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/24 10:40:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/23 18:24:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 17:38:06 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\SKA\Desktop\tdsskiller.exe
[2011/08/23 17:35:40 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\SKA\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/23 15:57:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/23 15:20:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/23 15:07:48 | 000,000,476 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/08/21 03:49:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1343024091-839522115-1003Core.job
[2011/08/19 13:52:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/09 23:52:37 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\SKA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/09 23:52:36 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\SKA\Desktop\Google Chrome.lnk
[2011/08/01 16:23:27 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\SKA\Desktop\ONFS Illustrations.lnk
[2011/07/29 15:53:29 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AXA Equitable Aegis 6.10.lnk
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1038 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\SKA\*.tmp files -> C:\Documents and Settings\SKA\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/24 15:42:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/24 15:42:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/24 15:42:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/24 15:42:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/24 15:42:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/24 10:44:13 | 000,000,230 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/08/23 18:24:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/29 15:53:29 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AXA Equitable Aegis 6.10.lnk
[2011/07/13 13:22:37 | 000,014,256 | -HS- | C] () -- C:\Documents and Settings\SKA\Local Settings\Application Data\54t5al35c0w5i1o476j
[2011/07/13 13:22:37 | 000,014,256 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\54t5al35c0w5i1o476j
[2011/06/03 19:00:52 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2011/04/07 18:11:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxebvs.dll
[2011/04/07 18:11:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxebgcfg.dll
[2011/04/07 18:11:34 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxebcui.dll
[2011/04/07 18:11:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebcuir.dll
[2011/04/07 18:08:34 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxebrwrd.ini
[2011/04/07 18:08:20 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll
[2011/04/07 18:08:16 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll
[2011/04/07 18:08:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll
[2011/04/07 18:08:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll
[2011/04/07 18:08:15 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll
[2011/04/07 18:08:14 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll
[2011/04/07 18:08:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll
[2011/04/07 18:08:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll
[2011/04/07 18:08:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll
[2011/04/07 18:07:02 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEBsm.dll
[2011/04/07 18:07:02 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEBsmr.dll
[2011/01/04 10:36:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2010/09/22 14:25:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/22 08:06:29 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2010/08/10 09:33:54 | 000,000,109 | ---- | C] () -- C:\WINDOWS\InsShows.ini
[2010/07/02 09:37:19 | 000,000,068 | ---- | C] () -- C:\WINDOWS\pmlfo.ini
[2010/05/29 20:53:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.SKA.ini
[2010/03/16 21:01:54 | 000,002,714 | ---- | C] () -- C:\WINDOWS\axipupiy.dll
[2010/02/11 15:29:02 | 000,003,422 | ---- | C] () -- C:\WINDOWS\adaxogapoga.dll
[2010/02/04 03:11:01 | 000,003,422 | ---- | C] () -- C:\WINDOWS\ixucovot.dll
[2010/01/30 21:02:06 | 000,002,714 | ---- | C] () -- C:\WINDOWS\amonaduqiruhakuc.dll
[2010/01/05 15:08:52 | 000,002,079 | ---- | C] () -- C:\WINDOWS\InsMark.INI
[2009/12/13 14:21:28 | 000,003,422 | ---- | C] () -- C:\WINDOWS\atemiteduzubo.dll
[2009/12/13 03:11:31 | 000,003,422 | ---- | C] () -- C:\WINDOWS\iyesoyaq.dll
[2009/11/25 21:01:25 | 000,003,422 | ---- | C] () -- C:\WINDOWS\ogecoxicakihev.dll
[2009/11/25 19:03:17 | 000,003,422 | ---- | C] () -- C:\WINDOWS\idimonobapuyuqiy.dll
[2009/10/28 18:46:36 | 000,003,422 | ---- | C] () -- C:\WINDOWS\apaqojoqokaqo.dll
[2009/10/16 21:29:38 | 000,054,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/28 08:11:01 | 000,003,417 | ---- | C] () -- C:\WINDOWS\avugomukedom.dll
[2009/09/12 09:39:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xnegucoruwuyana.bin
[2009/09/12 09:39:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Sgasiyovuzika.dat
[2009/09/08 14:00:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\AGLCUser.ini
[2009/06/09 10:41:09 | 000,038,473 | ---- | C] () -- C:\Documents and Settings\SKA\Application Data\Microsoft Excel.ADR
[2009/02/25 10:04:58 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/01/27 13:28:40 | 000,000,485 | ---- | C] () -- C:\WINDOWS\SPIA.ini
[2009/01/27 12:13:25 | 000,000,762 | ---- | C] () -- C:\WINDOWS\Annw.ini
[2009/01/27 12:13:19 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2009/01/27 12:13:19 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2009/01/27 12:13:18 | 000,370,688 | ---- | C] () -- C:\WINDOWS\System32\T6dll32.dll
[2009/01/27 12:13:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PrinterDll32.dll
[2009/01/27 12:13:18 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2008/12/25 12:56:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Digital Basic
[2008/12/25 12:56:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\SKA\Application Data\Developer Tools
[2008/12/25 12:56:52 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT
[2008/10/13 10:23:03 | 000,000,731 | ---- | C] () -- C:\WINDOWS\AIGAGinstalllog.ini
[2008/10/07 14:20:01 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\SKA\Local Settings\Application Data\fusioncache.dat
[2008/10/07 14:18:33 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\Transware.ini
[2008/09/15 11:51:27 | 000,000,045 | ---- | C] () -- C:\WINDOWS\Flexinet.ini
[2008/09/15 11:51:27 | 000,000,043 | ---- | C] () -- C:\WINDOWS\InstallCode.ini
[2008/09/15 11:51:23 | 000,000,796 | ---- | C] () -- C:\WINDOWS\IPG.ini
[2008/09/15 11:49:40 | 000,002,803 | ---- | C] () -- C:\WINDOWS\AIGAGUtility.ini
[2008/09/15 11:49:26 | 000,000,112 | ---- | C] () -- C:\WINDOWS\Utdsysap.ini
[2008/09/15 11:49:26 | 000,000,101 | ---- | C] () -- C:\WINDOWS\applink.ini
[2008/09/15 11:49:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tmp.ini
[2008/09/15 11:46:57 | 000,001,345 | ---- | C] () -- C:\WINDOWS\AIG.ini
[2008/09/04 21:06:40 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\SKA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 14:11:38 | 000,000,075 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/09/02 22:49:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\SKA\Application Data\$_hpcst$.hpc
[2008/09/02 10:16:10 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2008/08/29 15:58:26 | 000,000,476 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/29 13:53:39 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/08/29 13:53:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4796.dll
[2008/08/29 13:45:38 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2008/08/29 13:23:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/29 13:14:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/29 06:05:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/29 06:04:18 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/27 15:11:11 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2006/04/22 15:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/03/21 15:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 15:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 02:00:00 | 000,444,156 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 02:00:00 | 000,072,248 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 02:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/12/25 12:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AccountTypes
[2010/08/31 09:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Applications
[2009/01/09 14:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ashampoo
[2011/06/27 17:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATTYToolbar
[2008/12/25 12:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EnterNHelp
[2011/05/09 09:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lexmark Pro200-S500 Series
[2008/12/25 12:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nikon
[2010/07/01 14:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Penn Mutual Life
[2008/10/07 14:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Transamerica
[2008/12/25 12:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ultima_T15
[2010/05/07 09:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 17:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/12 15:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/30 15:00:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{930369CD-643A-4982-AE28-4212D3985068}
[2011/02/08 10:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BB5D6047-6E79-4245-A552-E8BEC4AF8ECF}
[2009/01/09 14:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SKA\Application Data\Ashampoo
[2011/08/21 23:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SKA\Application Data\BitComet
[2008/12/25 13:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SKA\Application Data\Nikon
[2011/08/24 15:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SKA\Application Data\Sammsoft
[2008/11/06 15:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SKA\Application Data\Snapfish
[2009/10/28 09:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SKA\Application Data\webex
[2011/08/23 15:57:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/08/24 10:45:14 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/08/24 14:44:05 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60446
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60446
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...w=%s&tbid=60446
    IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FF3C66E8-C7FD-4CDA-83B9-5FD015E5F6CE}: C:\Documents and Settings\SKA\Local Settings\Application Data\{FF3C66E8-C7FD-4CDA-83B9-5FD015E5F6CE} [2009/09/12 09:39:27 | 000,000,000 | ---D | M]
    O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
    O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
    O33 - MountPoints2\{08d31616-764d-11dd-aacb-00188bda1d29}\Shell - "" = AutoRun
    O33 - MountPoints2\{08d31616-764d-11dd-aacb-00188bda1d29}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{08d31616-764d-11dd-aacb-00188bda1d29}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{61e962de-7b72-11dd-88e9-00188bda1d29}\Shell - "" = AutoRun
    O33 - MountPoints2\{61e962de-7b72-11dd-88e9-00188bda1d29}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{61e962de-7b72-11dd-88e9-00188bda1d29}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O35 - HKCU\..exefile [open] -- "%1" %*
    [2011/08/24 10:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SKA\Application Data\Sammsoft
    [2011/07/13 13:22:37 | 000,014,256 | -HS- | C] () -- C:\Documents and Settings\SKA\Local Settings\Application Data\54t5al35c0w5i1o476j
    [2011/07/13 13:22:37 | 000,014,256 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\54t5al35c0w5i1o476j
    [36 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
    [17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1038 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\SKA\*.tmp files -> C:\Documents and Settings\SKA\*.tmp -> ]
    [2010/08/10 09:33:54 | 000,000,109 | ---- | C] () -- C:\WINDOWS\InsShows.ini
    [2010/07/02 09:37:19 | 000,000,068 | ---- | C] () -- C:\WINDOWS\pmlfo.ini
    [2010/05/29 20:53:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.SKA.ini
    [2010/03/16 21:01:54 | 000,002,714 | ---- | C] () -- C:\WINDOWS\axipupiy.dll
    [2010/02/11 15:29:02 | 000,003,422 | ---- | C] () -- C:\WINDOWS\adaxogapoga.dll
    [2010/02/04 03:11:01 | 000,003,422 | ---- | C] () -- C:\WINDOWS\ixucovot.dll
    [2010/01/30 21:02:06 | 000,002,714 | ---- | C] () -- C:\WINDOWS\amonaduqiruhakuc.dll
    [2009/12/13 14:21:28 | 000,003,422 | ---- | C] () -- C:\WINDOWS\atemiteduzubo.dll
    [2009/12/13 03:11:31 | 000,003,422 | ---- | C] () -- C:\WINDOWS\iyesoyaq.dll
    [2009/11/25 21:01:25 | 000,003,422 | ---- | C] () -- C:\WINDOWS\ogecoxicakihev.dll
    [2009/11/25 19:03:17 | 000,003,422 | ---- | C] () -- C:\WINDOWS\idimonobapuyuqiy.dll
    [2009/10/28 18:46:36 | 000,003,422 | ---- | C] () -- C:\WINDOWS\apaqojoqokaqo.dll
    [2009/09/28 08:11:01 | 000,003,417 | ---- | C] () -- C:\WINDOWS\avugomukedom.dll
    [2009/09/12 09:39:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xnegucoruwuyana.bin
    [2009/09/12 09:39:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Sgasiyovuzika.dat
    [2009/11/30 15:00:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{930369CD-643A-4982-AE28-4212D3985068}
    [2011/02/08 10:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BB5D6047-6E79-4245-A552-E8BEC4AF8ECF}
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files\Crawler
    C:\Documents and Settings\SKA\Local Settings\Application Data\{FF3C66E8-C7FD-4CDA-83B9-5FD015E5F6CE}
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#3
ehowdy

ehowdy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I did the OTL scan, then the combofix.
After reboot, I did a quick scan w MBAM and it did not detect the HijackWindowsupdates !
I also did a quick scan w MSE
I am doing a full scan w MBAM now.
I will update again w the results, but it's looking pretty good.

ComboFix 11-08-25.01 - SKA 08/25/2011 16:37:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.449 [GMT -8:00]
Running from: c:\documents and settings\SKA\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\SKA\g2mdlhlpx.exe
c:\documents and settings\SKA\WINDOWS
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\explorer(10).exe
c:\windows\explorer(11).exe
c:\windows\explorer(12).exe
c:\windows\explorer(13).exe
c:\windows\explorer(2).exe
c:\windows\explorer(3).exe
c:\windows\explorer(4).exe
c:\windows\explorer(5).exe
c:\windows\explorer(6).exe
c:\windows\explorer(7).exe
c:\windows\explorer(8).exe
c:\windows\explorer(9).exe
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\ctfmon(3).exe
c:\windows\system32\ctfmon(4).exe
c:\windows\system32\ctfmon(5).exe
c:\windows\system32\linkinfo(10).dll
c:\windows\system32\linkinfo(11).dll
c:\windows\system32\linkinfo(12).dll
c:\windows\system32\linkinfo(13).dll
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\linkinfo(3).dll
c:\windows\system32\linkinfo(4).dll
c:\windows\system32\linkinfo(5).dll
c:\windows\system32\linkinfo(6).dll
c:\windows\system32\linkinfo(7).dll
c:\windows\system32\linkinfo(8).dll
c:\windows\system32\linkinfo(9).dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2011-08-26 00:54 . 2004-08-04 10:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2011-08-26 00:54 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe
2011-08-25 23:48 . 2011-08-25 23:48 -------- d-----w- C:\_OTL
2011-08-25 00:38 . 2011-08-16 16:48 7152464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E6D8579-8DD6-498F-B18A-0F5F8C7C82EC}\mpengine.dll
2011-08-24 18:43 . 2011-08-24 18:43 -------- d-----w- C:\Firefox
2011-08-24 18:43 . 2011-08-24 18:44 -------- d-----w- c:\program files\Ask.com
2011-08-24 18:43 . 2011-08-26 00:16 -------- d-----w- c:\documents and settings\SKA\Local Settings\Application Data\AskToolbar
2011-08-24 02:24 . 2011-08-24 02:24 -------- d-----w- c:\documents and settings\SKA\Application Data\Malwarebytes
2011-08-24 02:24 . 2011-07-07 03:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 02:24 . 2011-08-24 02:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-08-24 02:24 . 2011-08-24 02:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-24 02:24 . 2011-07-07 03:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-23 00:28 . 2011-08-23 00:28 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-22 19:26 . 2011-08-23 00:23 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-08-02 00:23 . 2011-08-02 00:23 40960 ----a-r- c:\documents and settings\SKA\Application Data\Microsoft\Installer\{AD950C0F-0575-45D7-8F2A-01742D6ABEAB}\NewShortcut11_AD950C0F057545D78F2A01742D6ABEAB.exe
2011-08-02 00:23 . 2011-08-02 00:23 40960 ----a-r- c:\documents and settings\SKA\Application Data\Microsoft\Installer\{AD950C0F-0575-45D7-8F2A-01742D6ABEAB}\NewShortcut1_AD950C0F057545D78F2A01742D6ABEAB.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-10 07:33 . 2011-06-18 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 03:39 . 2010-03-25 17:31 6881616 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-30 06:05 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-30 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-30 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-14 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-14 138008]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"lxebmon.exe"="c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files\Lexmark Pro200-S500 Series\ezprint.exe" [2010-01-18 139944]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-30 887976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-4-10 479232]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrobat.exe"=
"c:\\Program Files\\Ohio National\\Illustrations\\Onliprop.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\WINDOWS\\system32\\lxebcoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9521:TCP"= 9521:TCP:BitComet 9521 TCP
"9521:UDP"= 9521:UDP:BitComet 9521 UDP
.
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/23/2011 6:24 PM 366640]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/23/2011 6:24 PM 22712]
S1 MpKsl3ec25d30;MpKsl3ec25d30;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F9DCC5A-6C25-4AEB-95E9-856B9817D5BB}\MpKsl3ec25d30.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F9DCC5A-6C25-4AEB-95E9-856B9817D5BB}\MpKsl3ec25d30.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2011 4:29 PM 136176]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [4/7/2011 6:11 PM 98984]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2011 4:29 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:57]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-07 00:29]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-07 00:29]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1343024091-839522115-1003Core.job
- c:\documents and settings\SKA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-07 22:07]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1343024091-839522115-1003UA.job
- c:\documents and settings\SKA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-07 22:07]
.
2011-08-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 02:02]
.
2011-08-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-07-30 06:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-CToolbar_UNINSTALL - c:\progra~1\Crawler\CToolbar.exe
AddRemove-Loan-Based Deferred Compensation System - c:\lb-dcd~1\UNWISE.EXE
AddRemove-Navigator 10.8 - c:\documents and settings\All Users.WINDOWS\Application Data\{930369CD-643A-4982-AE28-4212D3985068}\Setup.exe
AddRemove-{8DEC309F-B124-4DDB-829A-97537F929304} - c:\documents and settings\All Users.WINDOWS\Application Data\{930369CD-643A-4982-AE28-4212D3985068}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 16:57
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\wuaueng.dll.mui 17632 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.147156.bak 1134592 bytes executable
c:\windows\system32\wucltui.dll.mui 21728 bytes executable
c:\windows\system32\wups2.dll 44768 bytes executable
c:\windows\system32\wuapi.dll.mui 15064 bytes executable
c:\windows\system32\wuapi.dll.wusetup.142937.bak 430592 bytes executable
c:\windows\system32\wuauclt.exe.wusetup.145328.bak 111104 bytes executable
c:\windows\system32\wuaucpl.cpl.mui 15072 bytes executable
c:\windows\system32\wuaucpl.cpl.wusetup.146546.bak 162304 bytes executable
.
scan completed successfully
hidden files: 9
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4020)
c:\program files\Common Files\Motive\McciContextHook_DSR.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxebcoms.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-08-25 17:04:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-26 01:04
.
Pre-Run: 7,204,741,120 bytes free
Post-Run: 6,825,324,544 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 132B526F6E7DE81FC9AA7C060C947F28
  • 0

#4
ehowdy

ehowdy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Gammo - You are awesome!
Just finished the full scan w MBAM, and no infections found.
Web browsin is a bit slow, but I'm alright w that.
Thank you very much!
  • 0

#5
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hi,

I'd like you to run two more scans to confirm your PC is clean if that's OK with you.

Run Malwarebytes' Anti-Malware
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP