Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP SP3 Hangs, Freezes [Solved]

Started by dc4580 , Feb 13 2012 09:53 PM

  • This topic is locked This topic is locked

#61
Render
Posted 08 March 2012 - 12:39 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
If you don't longer use VMware Player please uninstall it. Then delete your copy of Combofix and do the following:

Posted Image Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  • CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  • If you are using personal certificates I recommend you to export them before running ComboFix and save them to external media.
Please carefully follow all steps below:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofix. Use copy/paste.

Also please describe how your computer behaves at the moment.
  • 0

Advertisements

#62
dc4580
Posted 08 March 2012 - 12:59 PM

dc4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Ok. Will do this tonight after I get home. Thanks.
  • 0

#63
Render
Posted 08 March 2012 - 01:09 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.
  • 0

#64
dc4580
Posted 08 March 2012 - 10:45 PM

dc4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Removed VMWare using IOBit.Uninstaller. I also deleted the VMWare folder from Program Files/Common Files. I see several references to VM in the Combofix report below.

PC is running well tonight. Response is good. No freezes.


ComboFix 12-03-08.04 - david cox 03/08/2012 22:15:15.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1156 [GMT -6:00]
Running from: c:\documents and settings\david cox\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-03-09 03:55 . 2012-03-09 03:55 -------- d-----w- c:\documents and settings\david cox\Application Data\IObit
2012-03-04 16:59 . 2008-04-14 11:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-03-04 16:59 . 2008-04-14 11:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-03-04 16:59 . 2008-04-14 06:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-03-04 16:59 . 2008-04-14 06:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-03-04 16:59 . 2001-08-17 19:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-03-04 16:59 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-03-04 16:59 . 2008-04-14 06:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-03-04 16:59 . 2008-04-14 06:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-04 16:59 . 2008-04-14 06:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-03-04 16:59 . 2008-04-14 06:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-02-28 02:37 . 2012-02-28 02:38 -------- d-----w- c:\program files\Speccy
2012-02-27 10:43 . 2011-12-17 19:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-27 10:43 . 2011-12-17 19:46 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-27 10:43 . 2011-12-17 19:46 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-27 10:43 . 2011-12-17 19:46 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-27 10:43 . 2011-12-17 19:46 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-27 10:43 . 2011-12-18 20:46 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-02-27 10:43 . 2011-12-17 19:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-27 10:18 . 2012-02-27 13:14 -------- d-----w- c:\program files\Microsoft Silverlight
2012-02-27 09:31 . 2011-12-19 08:53 81920 -c----w- c:\windows\system32\dllcache\ieencode.dll
2012-02-27 09:31 . 2011-12-19 08:53 81920 ------w- c:\windows\system32\ieencode.dll
2012-02-27 09:31 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-27 09:31 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-27 09:27 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-27 09:27 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-27 09:27 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-27 09:27 . 2011-04-30 03:01 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
2012-02-27 09:26 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-02-27 09:26 . 2011-03-11 14:10 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-02-27 09:23 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-27 09:23 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-02-27 09:23 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-27 09:23 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-02-27 09:23 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-27 09:23 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-02-27 09:22 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-02-27 09:21 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-27 09:19 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-02-27 09:19 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-02-27 09:18 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-02-27 09:17 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-02-27 09:15 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-02-27 09:15 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-02-27 09:15 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-02-27 09:15 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-02-27 09:15 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-02-27 09:15 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-02-27 09:15 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2012-02-27 09:15 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-02-27 09:15 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-02-27 09:15 . 2011-10-25 13:37 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-02-27 09:15 . 2011-10-25 13:33 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-02-27 09:15 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-02-27 09:14 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-02-27 09:14 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-02-27 09:14 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-02-27 09:13 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-02-26 02:13 . 2012-02-26 02:35 -------- d-----w- c:\windows\system32\wbem\Repository.002
2012-02-26 02:12 . 2009-07-31 16:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2012-02-26 02:12 . 2008-04-14 04:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2012-02-26 02:12 . 2008-04-14 11:42 380416 ------w- c:\windows\system32\irprops.cpl
2012-02-26 02:11 . 2009-08-07 01:24 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-02-26 02:00 . 2006-12-29 06:31 19569 ----a-w- c:\windows\003478_.tmp
2012-02-26 00:50 . 2002-08-29 12:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2012-02-26 00:49 . 2002-08-29 12:00 7168 -c--a-w- c:\windows\system32\dllcache\isapips.dll
2012-02-26 00:48 . 2002-08-29 12:00 49664 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2012-02-26 00:48 . 2001-08-18 04:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2012-02-26 00:48 . 2002-08-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2012-02-26 00:48 . 2002-08-29 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2012-02-26 00:48 . 2001-08-18 04:36 175104 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpadm.dll
2012-02-26 00:48 . 2002-08-29 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2012-02-26 00:48 . 2002-08-29 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2012-02-26 00:48 . 2002-08-29 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2012-02-26 00:48 . 2002-08-29 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2012-02-26 00:48 . 2002-08-29 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2012-02-26 00:48 . 2002-08-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2012-02-26 00:45 . 2008-06-12 14:23 161792 ----a-w- c:\windows\system32\msdtcuiu.dll
2012-02-26 00:44 . 2008-04-14 11:42 59392 ----a-w- c:\windows\system32\stclient.dll
2012-02-26 00:42 . 2008-04-14 06:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2012-02-26 00:42 . 2008-04-14 06:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2012-02-26 00:41 . 2008-04-14 06:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-26 00:41 . 2008-04-14 11:41 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-02-26 00:41 . 2008-04-14 11:42 129536 ----a-w- c:\windows\system32\ksproxy.ax
2012-02-26 00:40 . 2008-04-14 11:43 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2012-02-26 00:40 . 2008-04-14 06:02 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2012-02-26 00:39 . 2008-04-14 11:42 741376 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapi.dll
2012-02-26 00:39 . 2002-08-29 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-02-26 00:39 . 2002-08-29 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-02-26 00:39 . 2008-04-14 11:42 146432 ----a-w- c:\windows\system\winspool.drv
2012-02-26 00:39 . 2008-04-14 06:24 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2012-02-26 00:39 . 2002-08-29 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-02-26 00:39 . 2002-08-29 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-02-26 00:39 . 2008-04-14 11:42 74752 ----a-w- c:\windows\system32\storprop.dll
2012-02-26 00:39 . 2002-08-29 12:00 13608 ----a-r- c:\windows\SET11A.tmp
2012-02-26 00:39 . 2002-08-29 12:00 1086182 ----a-r- c:\windows\SET105.tmp
2012-02-25 13:27 . 2012-02-25 18:58 -------- d-----w- c:\windows\system32\wbem\Repository.001
2012-02-25 13:02 . 2006-12-29 06:31 19569 ----a-w- c:\windows\003456_.tmp
2012-02-25 11:37 . 2002-08-29 12:00 40960 -c--a-w- c:\windows\system32\dllcache\tscupgrd.exe
2012-02-25 11:37 . 2002-08-29 12:00 40960 ----a-w- c:\windows\system32\tscupgrd.exe
2012-02-25 11:06 . 2002-08-29 12:00 13608 ----a-r- c:\windows\SET216.tmp
2012-02-25 11:06 . 2002-08-29 12:00 1086182 ----a-r- c:\windows\SET201.tmp
2012-02-25 04:41 . 2012-02-25 18:26 -------- d-----w- c:\windows\twain_32
2012-02-20 10:16 . 2012-02-21 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2012-02-17 13:15 . 2012-02-17 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-02-17 13:14 . 2012-02-17 13:15 -------- d-----w- c:\program files\Security Task Manager
2012-02-16 07:04 . 2012-02-16 07:04 -------- d-----w- c:\documents and settings\david cox\Local Settings\Application Data\Secunia PSI
2012-02-16 07:01 . 2012-02-16 07:01 -------- d-----w- c:\program files\Secunia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:02 . 2011-07-13 10:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-07 06:36 . 2012-02-07 06:36 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-01-31 09:02 . 2012-01-31 09:02 6664768 ----a-w- c:\documents and settings\Administrator\Application Data\wruninstall.exe
2012-01-24 03:50 . 2012-01-24 03:51 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-01-24 03:50 . 2008-02-25 17:54 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2012-01-20 13:26 . 2012-01-20 13:26 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-01-20 13:26 . 2012-01-20 13:26 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-15 00:39 . 2011-01-11 02:35 128000 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-15 00:39 . 2010-05-09 12:30 544656 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:53 . 2002-08-29 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2002-08-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2002-08-29 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-12-14 00:27 . 2008-04-24 05:28 7069288 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-12-13 17:01 . 2008-04-24 05:27 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-12-10 21:24 . 2012-01-26 06:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-05_00.37.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-08 05:05 . 2012-03-08 05:05 16384 c:\windows\Temp\Perflib_Perfdata_4f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-08-29 40960]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\documents and settings\Administrator\Application Data\wruninstall.exe [2012-1-31 6664768]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-05 00:38 307200 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2009-09-13 05:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-08-14 08:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn]
2007-10-26 15:55 681256 ----a-w- c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 03:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-12-12 23:06 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-24 20:52 240112 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-12-05 21:49 20065384 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"VMUSBArbService"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"Secunia Update Agent"=2 (0x2)
"Secunia PSI Agent"=2 (0x2)
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)
"RoxLiveShare10"=3 (0x3)
"Roxio Upnp Server 10"=2 (0x2)
"Roxio UPnP Renderer 10"=3 (0x3)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"nmservice"=2 (0x2)
"N360"=2 (0x2)
"LinksysUpdater"=2 (0x2)
"LightScribeService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [1/30/2012 8:45 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [1/30/2012 8:45 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [3/2/2012 12:58 PM 820856]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [6/3/2008 11:44 PM 15784]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [1/30/2012 8:45 PM 136312]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [2/22/2007 11:28 AM 30864]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [6/3/2008 11:44 PM 162344]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.0.13\ccsvchst.exe [1/30/2012 8:45 PM 130008]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11/11/2010 1:32 PM 70768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/22/2012 11:34 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120308.001\IDSXpx86.sys [3/8/2012 7:54 PM 356280]
S1 MpKsl581cef45;MpKsl581cef45; [x]
S1 MpKsld1ab8ec4;MpKsld1ab8ec4; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2/7/2012 12:36 AM 24064]
S3 PROCEXP150;PROCEXP150; [x]
S3 PROCEXP151;PROCEXP151; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
S3 SysProtDrv.sys;SysProtDrv.sys; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/29/2002 6:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/21/2010 12:52 AM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/21/2010 12:52 AM 136176]
S4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 1:43 PM 204800]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/18/2011 10:16 PM 86016]
S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992]
S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744]
S4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384]
S4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 12:01 AM 994360]
S4 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 12:01 AM 399416]
S4 SessionLauncher;SessionLauncher; [x]
S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11/11/2010 12:31 PM 539248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-05-23 18:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 06:51]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 06:51]
.
2012-03-09 c:\windows\Tasks\User_Feed_Synchronization-{18A67AB4-86CC-47A1-B51A-C739DECF0A30}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {037790A6-1576-11D6-903D-00105AABADD3} - hxxps://myportal.ussco.com/bluezone/controls/,DanaInfo=intranet.ussco.com+sglw2hcm.ocx
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-08 22:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,98,35,2b,66,3f,83,4f,a8,fa,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,98,35,2b,66,3f,83,4f,a8,fa,40,\
.
[HKEY_USERS\S-1-5-21-484763869-1060284298-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2508)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-03-08 22:28:53
ComboFix-quarantined-files.txt 2012-03-09 04:28
.
Pre-Run: 88,436,572,160 bytes free
Post-Run: 88,646,250,496 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 7F07668E55D601B7A5BC5120E6DD040E
  • 0

#65
dc4580
Posted 09 March 2012 - 06:40 AM

dc4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Try this one. It should be a little better. Fewer VMWare remnants:

ComboFix 12-03-09.05 - david cox 03/09/2012 6:22.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1141 [GMT -6:00]
Running from: c:\documents and settings\david cox\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-03-09 03:55 . 2012-03-09 03:55 -------- d-----w- c:\documents and settings\david cox\Application Data\IObit
2012-03-04 16:59 . 2008-04-14 11:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-03-04 16:59 . 2008-04-14 11:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-03-04 16:59 . 2008-04-14 06:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-03-04 16:59 . 2008-04-14 06:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-03-04 16:59 . 2001-08-17 19:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-03-04 16:59 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-03-04 16:59 . 2008-04-14 06:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-03-04 16:59 . 2008-04-14 06:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-04 16:59 . 2008-04-14 06:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-03-04 16:59 . 2008-04-14 06:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-02-28 02:37 . 2012-02-28 02:38 -------- d-----w- c:\program files\Speccy
2012-02-27 10:43 . 2011-12-17 19:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-27 10:43 . 2011-12-17 19:46 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-27 10:43 . 2011-12-17 19:46 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-27 10:43 . 2011-12-17 19:46 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-27 10:43 . 2011-12-17 19:46 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-27 10:43 . 2011-12-18 20:46 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-02-27 10:43 . 2011-12-17 19:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-27 10:18 . 2012-02-27 13:14 -------- d-----w- c:\program files\Microsoft Silverlight
2012-02-27 09:31 . 2011-12-19 08:53 81920 -c----w- c:\windows\system32\dllcache\ieencode.dll
2012-02-27 09:31 . 2011-12-19 08:53 81920 ------w- c:\windows\system32\ieencode.dll
2012-02-27 09:31 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-27 09:31 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-27 09:27 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-27 09:27 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-27 09:27 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-27 09:27 . 2011-04-30 03:01 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
2012-02-27 09:26 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-02-27 09:26 . 2011-03-11 14:10 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-02-27 09:23 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-27 09:23 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-02-27 09:23 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-27 09:23 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-02-27 09:23 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-27 09:23 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-02-27 09:22 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-02-27 09:21 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-27 09:19 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-02-27 09:19 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-02-27 09:18 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-02-27 09:17 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-02-27 09:15 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-02-27 09:15 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-02-27 09:15 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-02-27 09:15 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-02-27 09:15 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-02-27 09:15 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-02-27 09:15 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2012-02-27 09:15 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-02-27 09:15 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-02-27 09:15 . 2011-10-25 13:37 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-02-27 09:15 . 2011-10-25 13:33 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-02-27 09:15 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-02-27 09:14 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-02-27 09:14 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-02-27 09:14 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-02-27 09:13 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-02-26 02:13 . 2012-02-26 02:35 -------- d-----w- c:\windows\system32\wbem\Repository.002
2012-02-26 02:12 . 2009-07-31 16:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2012-02-26 02:12 . 2008-04-14 04:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2012-02-26 02:12 . 2008-04-14 11:42 380416 ------w- c:\windows\system32\irprops.cpl
2012-02-26 02:11 . 2009-08-07 01:24 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-02-26 02:00 . 2006-12-29 06:31 19569 ----a-w- c:\windows\003478_.tmp
2012-02-26 00:50 . 2002-08-29 12:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2012-02-26 00:49 . 2002-08-29 12:00 7168 -c--a-w- c:\windows\system32\dllcache\isapips.dll
2012-02-26 00:48 . 2002-08-29 12:00 49664 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2012-02-26 00:48 . 2001-08-18 04:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2012-02-26 00:48 . 2002-08-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2012-02-26 00:48 . 2002-08-29 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2012-02-26 00:48 . 2001-08-18 04:36 175104 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpadm.dll
2012-02-26 00:48 . 2002-08-29 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2012-02-26 00:48 . 2002-08-29 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2012-02-26 00:48 . 2002-08-29 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2012-02-26 00:48 . 2002-08-29 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2012-02-26 00:48 . 2002-08-29 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2012-02-26 00:48 . 2002-08-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2012-02-26 00:45 . 2008-06-12 14:23 161792 ----a-w- c:\windows\system32\msdtcuiu.dll
2012-02-26 00:44 . 2008-04-14 11:42 59392 ----a-w- c:\windows\system32\stclient.dll
2012-02-26 00:42 . 2008-04-14 06:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2012-02-26 00:42 . 2008-04-14 06:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2012-02-26 00:41 . 2008-04-14 06:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-26 00:41 . 2008-04-14 11:41 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-02-26 00:41 . 2008-04-14 11:42 129536 ----a-w- c:\windows\system32\ksproxy.ax
2012-02-26 00:40 . 2008-04-14 11:43 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2012-02-26 00:40 . 2008-04-14 06:02 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2012-02-26 00:39 . 2008-04-14 11:42 741376 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapi.dll
2012-02-26 00:39 . 2002-08-29 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-02-26 00:39 . 2002-08-29 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-02-26 00:39 . 2008-04-14 11:42 146432 ----a-w- c:\windows\system\winspool.drv
2012-02-26 00:39 . 2008-04-14 06:24 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2012-02-26 00:39 . 2002-08-29 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-02-26 00:39 . 2002-08-29 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-02-26 00:39 . 2008-04-14 11:42 74752 ----a-w- c:\windows\system32\storprop.dll
2012-02-26 00:39 . 2002-08-29 12:00 13608 ----a-r- c:\windows\SET11A.tmp
2012-02-26 00:39 . 2002-08-29 12:00 1086182 ----a-r- c:\windows\SET105.tmp
2012-02-25 13:27 . 2012-02-25 18:58 -------- d-----w- c:\windows\system32\wbem\Repository.001
2012-02-25 13:02 . 2006-12-29 06:31 19569 ----a-w- c:\windows\003456_.tmp
2012-02-25 11:37 . 2002-08-29 12:00 40960 -c--a-w- c:\windows\system32\dllcache\tscupgrd.exe
2012-02-25 11:37 . 2002-08-29 12:00 40960 ----a-w- c:\windows\system32\tscupgrd.exe
2012-02-25 11:06 . 2002-08-29 12:00 13608 ----a-r- c:\windows\SET216.tmp
2012-02-25 11:06 . 2002-08-29 12:00 1086182 ----a-r- c:\windows\SET201.tmp
2012-02-25 04:41 . 2012-02-25 18:26 -------- d-----w- c:\windows\twain_32
2012-02-20 10:16 . 2012-02-21 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2012-02-17 13:15 . 2012-02-17 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-02-17 13:14 . 2012-02-17 13:15 -------- d-----w- c:\program files\Security Task Manager
2012-02-16 07:04 . 2012-02-16 07:04 -------- d-----w- c:\documents and settings\david cox\Local Settings\Application Data\Secunia PSI
2012-02-16 07:01 . 2012-02-16 07:01 -------- d-----w- c:\program files\Secunia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:02 . 2011-07-13 10:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-07 06:36 . 2012-02-07 06:36 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-01-31 09:02 . 2012-01-31 09:02 6664768 ----a-w- c:\documents and settings\Administrator\Application Data\wruninstall.exe
2012-01-24 03:50 . 2012-01-24 03:51 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-01-24 03:50 . 2008-02-25 17:54 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2012-01-20 13:26 . 2012-01-20 13:26 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-01-20 13:26 . 2012-01-20 13:26 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-15 00:39 . 2011-01-11 02:35 128000 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-15 00:39 . 2010-05-09 12:30 544656 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:53 . 2002-08-29 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2002-08-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2002-08-29 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-12-14 00:27 . 2008-04-24 05:28 7069288 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-12-13 17:01 . 2008-04-24 05:27 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-12-10 21:24 . 2012-01-26 06:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-05_00.37.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-08 05:05 . 2012-03-08 05:05 16384 c:\windows\Temp\Perflib_Perfdata_4f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-08-29 40960]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\documents and settings\Administrator\Application Data\wruninstall.exe [2012-1-31 6664768]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-05 00:38 307200 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2009-09-13 05:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-08-14 08:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn]
2007-10-26 15:55 681256 ----a-w- c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 03:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-12-12 23:06 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-24 20:52 240112 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-12-05 21:49 20065384 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"VMUSBArbService"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"Secunia Update Agent"=2 (0x2)
"Secunia PSI Agent"=2 (0x2)
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)
"RoxLiveShare10"=3 (0x3)
"Roxio Upnp Server 10"=2 (0x2)
"Roxio UPnP Renderer 10"=3 (0x3)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"nmservice"=2 (0x2)
"N360"=2 (0x2)
"LinksysUpdater"=2 (0x2)
"LightScribeService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [1/30/2012 8:45 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [1/30/2012 8:45 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [3/2/2012 12:58 PM 820856]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [6/3/2008 11:44 PM 15784]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [1/30/2012 8:45 PM 136312]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [2/22/2007 11:28 AM 30864]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [6/3/2008 11:44 PM 162344]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.0.13\ccsvchst.exe [1/30/2012 8:45 PM 130008]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11/11/2010 1:32 PM 70768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/22/2012 11:34 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120308.001\IDSXpx86.sys [3/8/2012 7:54 PM 356280]
S1 MpKsl581cef45;MpKsl581cef45; [x]
S1 MpKsld1ab8ec4;MpKsld1ab8ec4; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2/7/2012 12:36 AM 24064]
S3 PROCEXP150;PROCEXP150; [x]
S3 PROCEXP151;PROCEXP151; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
S3 SysProtDrv.sys;SysProtDrv.sys; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/29/2002 6:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/21/2010 12:52 AM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/21/2010 12:52 AM 136176]
S4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 1:43 PM 204800]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/18/2011 10:16 PM 86016]
S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992]
S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744]
S4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384]
S4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 12:01 AM 994360]
S4 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 12:01 AM 399416]
S4 SessionLauncher;SessionLauncher; [x]
S4 VMUSBArbService;VMware USB Arbitration Service;"c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe" --> c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-05-23 18:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 06:51]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 06:51]
.
2012-03-09 c:\windows\Tasks\User_Feed_Synchronization-{18A67AB4-86CC-47A1-B51A-C739DECF0A30}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {037790A6-1576-11D6-903D-00105AABADD3} - hxxps://myportal.ussco.com/bluezone/controls/,DanaInfo=intranet.ussco.com+sglw2hcm.ocx
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-09 06:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,98,35,2b,66,3f,83,4f,a8,fa,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,98,35,2b,66,3f,83,4f,a8,fa,40,\
.
[HKEY_USERS\S-1-5-21-484763869-1060284298-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(968)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-03-09 06:33:50
ComboFix-quarantined-files.txt 2012-03-09 12:33
ComboFix2.txt 2012-03-09 04:28
.
Pre-Run: 88,966,569,984 bytes free
Post-Run: 89,118,228,480 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 989EE643FA3FE9CA3C828A0608CEEC42
  • 0

#66
Render
Posted 10 March 2012 - 05:53 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Log looks good. I want you to run your PC as normal and if you encounter any problems come back to me.
  • 0

#67
dc4580
Posted 10 March 2012 - 06:00 AM

dc4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Sounds good to me. PC running well now. Thanks for all your help. I appreciate it.
  • 0

#68
Render
Posted 18 June 2012 - 02:23 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP